计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (11A): 230300142-8.doi: 10.11896/jsjkx.230300142

• 信息安全 • 上一篇    下一篇

基于TCN-BiLSTM的入侵检测算法研究

白万荣1, 魏峰1, 郑广远2, 王宝会2   

  1. 1 国网甘肃省电力公司电力科学研究院 兰州 730070
    2 北京航空航天大学软件学院 北京 100191
  • 发布日期:2023-11-09
  • 通讯作者: 郑广远(zhengguangyuan@buaa.edu.cn)
  • 作者简介:(baiwanrong@yeah.net)
  • 基金资助:
    基于后防护的全流程多源网络威胁溯源技术研究项目(52272222001B)

Study on Intrusion Detection Algorithm Based on TCN-BiLSTM

BAI Wanrong1, WEI Feng1, ZHENG Guangyuan2, WANG Baohui2   

  1. 1 State Grid Gansu Electric Power Research Institute,Lanzhou 730070,China
    2 School of Software,Beihang University,Beijing 100191,China
  • Published:2023-11-09
  • About author:BAI Wanrong,born in 1985,postgra-duate,senior engineer,is a member of China Computer Federation.His main research interests include network security and machine learning.
    ZHENG Guangyuan,born in 1996,M.S.His main research interests include artificial intelligence and network security.
  • Supported by:
    Research Project of Multi-source Network Threat Tracing Technology Based on Post-protection(52272222001B).

PDF (PC)

574

摘要: 网络安全直接关系到国家安全,如何准确高效地检测到电网中的网络威胁至关重要。针对传统CNN感受野较小以及未考虑数据时序特征的问题,结合网络流量数据的空间特征和时间特征,提出了一种基于时间卷积网络(TCN)和双向长短期记忆网络(BiLSTM)的注意力入侵检测算法。首先将网络流量特征进行特征编码,再使用森林优化特征筛选算法,减少数据的冗余性;然后进行重采样,解决数据不平衡问题;最后将数据输入到深度神经网络中,处理后的数据经过TCN和BiLSTM网络进行特征学习,通过自注意力机制进行权重分配,最终进行分类,实现入侵检测。在NSL-KDD数据集上进行对比实验,相比CNN-BiLSTM注意力模型,所提方法的准确率提升4.3%,F1值提升1.8%,实验结果表明,该算法能有效地对网络入侵检测进行识别。

关键词: 入侵检测, 时间卷积网络, 双向长短期记忆网络

Abstract: Network security is directly related to national security.How to accurately and efficiently detect network threats in the power grid is very important.Aiming at the problems of small receptive field and no consideration of data timing characteristics of traditional CNN,combined with spatial and temporal characteristics of network traffic data,an attention intrusion detection algorithm based on time convolution network(TCN) and BiLSTM is proposed.First,feature coding is performed on network traffic characteristics.Then the forest optimization feature screening algorithm is used to reduce the redundancy of the data,and then resampling is carried out to solve the problem of data imbalance.Finally,the data is input into the deep neural network,and the processed data is extracted by the TCN and BiLSTM networks for feature learning.The self-attention mechanism is used for weight allocation,and finally the classification is carried out to realize the intrusion detection.The data set adopts NSL-KDD,and the experimental results show that the algorithm can identify network intrusion detection effectively.

Key words: Intrusion detection, Temporal convolutional network, Bi-directional long short-term memory

中图分类号: 

  • TN915.08
[1]NIKOLOVA E,JECHEVA V.Some similarity coefficients andapplication of data mining techniques to the anomalybased IDS[J].Telecommunication Systems,2012,50(2):127-135.
[2]ALAZAB A,ABAWAJY J,HOBBS M,et al.Crime toolkits:the productisation of cybercrime[C]// IEEE.IEEE,2013:1626-1632.
[3]XIAO L,CHEN Y,CHANG C K.Bayesian Model Averaging of Bayesian Network Classifiers for Intrusion Detection[C]//Computer Software & Applications Conference Workshops.IEEE,2014.
[4]JING X Y,BI Y,DENG H.An innovative two-stage fuzzykNN-DST classifier for unknown intrusion detection[J].International Arab Journal of Information Technology,2016,13(4):359-366.
[5]OHKI T,GUPTA V,NISHIGAKI M.Efficient Spoofing Attack Detection against Unknown Sample using End-to-End Anomaly Detection[C]//Asia-Pacific Signal and Information Processing Association Annual Summit and Conference(APSIPA ASC).2019.
[6]ALSAADI H I,ALMUTTAIRIR M,BAYAT O,et al.Computational Intelligence Algorithms to Handle Dimensionality Reduction for Enhancing Intrusion Detection System [J].Journal of Information Science andEngineering 2020,36:293-308.
[7]TANG C F,BULI N,AI Z.Research on networkintrusion detection based on LightGBM[J].Computer Applications and Software,2022,39(8):298-311.
[8]YU Y,LIU G,YAN H,et al.Attention-based BiLSTM modelfor anoma- lous HTTP traffic detection[C]//15th International Conference on Service Systems and Service Management.2018:1-6.
[9]TAN M,IACOVAZZI A,CHEUNG N M M,et al.A neural attention model for real-time network intrusion detection[C]//2019 IEEE 44th Conference on Local Computer Networks.2019:291-299.
[10]AHSAN M,NYGARD K E.Convolutional neural networkswith LSTM for intrusion detection[C]// Proceeding of 35th International Conference on Computers and Their Applications.2020:69-79.
[11]GURUNG S,GHOSE M K,SUBEDI A.Deep learning approach on network intrusion detection system using NSL-KDD dataset[J].International Journal of Computer Network and Information Security,2019,11(3):8-14.
[12]HSU C M,HSIEH H Y,PRAKOSA S W,et al.Using longshort term memory based convolutional neural networks for network intrusion detection[C]//International Wireless Internet Conference.2018:86-94.
[13]GHAEMI M,FEIZI-DERAKHSHI M R.Forest optimization algorithm[J].Expert Systems with Applications,2014,41(15):6676-6687.
[14]CHU B,LI Z S,ZHANG M L,et al.Research onImprovements ofFeature Selection Using Forest Optimization Algorithm[J].Journal of Software,2018,29(9):2545-2558.
[15]BAI S,KOLTER J Z,KOLTUN V.An empirical evaluation of generic convolutionalandrecurrent networks for sequence mode-ling[J].arXiv:1803.01271,2018.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发