基于深度学习的入侵检测模型综述

doi:10.3778/j.issn.1002-8331.2107-0084

摘要/Abstract

摘要： 随着深度学习技术的不断深入发展，基于深度学习的入侵检测模型已成为网络安全领域的研究热点。对网络入侵检测中常用的数据预处理操作进行了总结；重点对卷积神经网络、长短期记忆网络、自编码器和生成式对抗网络等当前流行的基于深度学习的入侵检测模型进行了分析和比较；并简单说明了基于深度学习的入侵检测模型研究中常用的数据集；指出了现有基于深度学习的入侵检测模型在数据集时效、实时性、普适性、模型训练时间等方面存在的问题和今后可能的研究重点。

关键词: 深度学习, 网络安全, 入侵检测模型

Abstract: With the continuous in-depth development of deep learning technology, intrusion detection model based on deep learning has become a research hotspot in the field of network security. This paper summarizes the commonly used data preprocessing operations in network intrusion detection. The popular intrusion detection models based on deep learning, such as convolutional neural network, long short-term memory network, auto-encode and generative adversarial networks, are analyzed and compared. The data sets commonly used in the research of intrusion detection model based on deep learning are introduced. It points out the problems of the existing intrusion detection models based on deep learning in data set timeliness, real-time, universality, model training time and other aspects, and the possible research focus in the future.

Key words: deep learning, network security, intrusion detection model

张昊, 张小雨, 张振友, 李伟. 基于深度学习的入侵检测模型综述[J]. 计算机工程与应用, 2022, 58(6): 17-28.

ZHANG Hao, ZHANG Xiaoyu, ZHANG Zhenyou, LI Wei. Summary of Intrusion Detection Models Based on Deep Learning[J]. Computer Engineering and Applications, 2022, 58(6): 17-28.

参考文献

[1] SERINELLI B M，COLLEN A，NIJDAM N A.Training guidance with KDD cup 1999 and NSL-KDD data sets of ANIDINR：anomaly-based network intrusion detection system[J].Procedia Computer Science，2020，175：560-565.
[2] HINDY H，ATKINSON R，TACHTATZIS C，et al.Utilising deep learning techniques for effective zero-day attack detection[J].Electronics，2020，9（10）：1684.
[3] 狄冲，李桐.网络未知攻击检测的深度学习方法[J].计算机工程与应用，2020，56（22）：109-116.
DI C，LI T.Network unknown attack detection with deep learning[J].Computer Engineering and Applications，2020，56（22）：109-116.
[4] FU J，XU M，HUANG Y，et al.A new network intrusion detection system based on block-chain[J].International Journal of Perform-Ability Engineering，2019，15（12）：3187-3195.
[5] 刘新倩，单纯，任家东，等.基于流量异常分析多维优化的入侵检测方法[J].信息安全学报，2019，4（1）：14-26.
LIU X Q，SHAN C，REN J D，et al.An intrusion detection method based on multi-dimensional optimization of traffic anomaly analysis[J].Journal of Cyber Security，2019，4（1）：14-26.
[6] CHAMOU D，TOUPAS P，KETZAKI E，et al.Intrusion detection system based on network traffic using deep neural networks[C]//2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks（CAMAD），2019：1-6.
[7] YAN Y，QI L，WANG J，et al.A network intrusion detection method based on stacked auto-encoder and LSTM[C]//2020 IEEE International Conference on Communications（ICC），2020：1-6.
[8] SHAHRIAR M H，HAQUE N I，RAHMAN M A，et al.G-ids：generative adversarial networks assisted intrusion detection system[C]//2020 IEEE 44th Annual Computers，Software，and Applications Conference（COMPSAC），2020：376-385.
[9] LIU C，LIU Y，YAN Y，et al.An intrusion detection model with hierarchical attention mechanism[J].IEEE Access，2020，8：67542-67554.
[10] HU Z，WANG L，QI L，et al.A novel wireless network intrusion detection method based on adaptive synthetic sampling and an improved convolutional neural network[J].IEEE Access，2020，8：195741-195751.
[11] XIAO Y，XING C，ZHANG T，et al.An intrusion detection model based on feature reduction and convolutional neural networks[J].IEEE Access，2019，7：42210-42219.
[12] MEBAWONDU J O，ALOWOLODU O D，MEBAWONDU J O，et al.Network intrusion detection system using supervised learning paradigm[J].Scientific African，2020，9：e00497.
[13] MOHAMMADI S，MIRVAZIRI H，GHAZIZADEH-AHSAEE M，et al.Cyber intrusion detection by combined feature selection algorithm[J].Journal of Information Security and Applications，2019，44：80-88.
[14] AHMAD T，AZIZ M N.Data preprocessing and feature selection for machine learning intrusion detection systems[J].ICIC Express Letter，2019，13（2）：93-101.
[15] AYO F E，FOLORUNSO S O，ABAYOMI-ALLI A A，et al.Network intrusion detection based on deep learning model optimized with rule-based hybrid feature selection[J].Information Security Journal：A Global Perspective，2020，29（6）：267-283.
[16] YANG L，LI J，YIN L，et al.Real-time intrusion detection in wireless network：a deep learning-based intelligent mechanism[J].IEEE Access，2020，8：170128-170139.
[17] SUN L，ZHOU Y，WANG Y，et al.The effective methods for intrusion detection with limited network attack data：multi-task learning and oversampling[J].IEEE Access，2020，8：185384-185398.
[18] 张勇东，陈思洋，彭雨荷，等.基于深度学习的网络入侵检测研究综述[J].广州大学学报（自然科学版），2019，18（3）：17-26.
ZHANG Y D，CHEN S Y，PENG Y H，et al.A survey of deep learning based network intrusion detection[J].Journal of Guangzhou University（Natural Science Edition），2019，18（3）：17-26.
[19] 张阳玉，吕光宏，李鹏飞.SDN网络入侵检测系统的深度学习方法综述[J].计算机应用，2019，39（S2）：147-151.
ZHANG Y Y，LU G H，LI P F.Survey on SDN based network intrusion detection system using deep learning approaches[J].Journal of Computer Applications，2019，39（S2）：147-151.
[20] 王振东，张林，李大海.基于机器学习的物联网入侵检测系统综述[J].计算机工程与应用，2021，57（4）：18-27.
WANG Z D，ZHANG L，LI D H.Survey of intrusion detection systems for internet of things based on machine learning[J].Computer Engineering and applications，2021，57（4）：18-27.
[21] KALIMUTHAN C，RENJIT J A.Review on intrusion detection using feature selection with machine learning techniques[J].Materials Today：Proceedings，2020，33：3794-3802.
[22] GAMAGE S，SAMARABANDU J.Deep learning methods in network intrusion detection：a survey and an objective comparison[J].Journal of Network and Computer Applications，2020，169：102767.
[23] 蹇诗婕，卢志刚，杜丹，等.网络入侵检测技术综述[J].信息安全学报，2020，5（4）：96-122.
JIAN S J，LU Z G，DU D，et al.Overview of network intrusion detection technology[J].Journal of Cyber Security，2020，5（4）：96-122.
[24] LIU P.An intrusion detection system based on convolutional neural network[C]//Proceedings of the 2019 11th International Conference on Computer and Automation Engineering，2019：62-67.
[25] 黎佳玥，赵波，李想，等.基于深度学习的网络流量异常预测方法[J].计算机工程与应用，2020，56（6）：39-50.
LI J Y，ZHAO B，LI X，et al.Network traffic anomaly prediction method based on deep learning[J].Computer Engineering and Applications，2020，56（6）：39-50.
[26] DUAN T，TIAN Y，ZHANG H，et al.Intelligent processing of intrusion detection data[J].IEEE Access，2020，8：78330-78342.
[27] KHAN R U，ZHANG X，ALAZAB M，et al.An improved convolutional neural network model for intrusion detection in networks[C]//2019 Cyber-Security and Cyber-Forensics Conference（CCC），2019：74-77.
[28] WU K，CHEN Z，LI W.A novel intrusion detection model for a massive network using convolutional neural networks[J].IEEE Access，2018，6：50850-50859.
[29] HO S，AL JUFOUT S，DAJANI K，et al.A novel intrusion detection model for detecting known and innovative cyber-attacks using convolutional neural network[J].IEEE Open Journal of the Computer Society，2021，2：14-25.
[30] ANDRESINI G，APPICE A，MALERBA D.Nearest cluster-based intrusion detection through convolutional neural networks[J].Knowledge-Based Systems，2021，216：106798.
[31] ANDRESINI G，APPICE A，DE ROSE L，et al.GAN augmentation to deal with imbalance in imaging-based intrusion detection[J].Future Generation Computer Systems，2021，123：108-127.
[32] HOCHREITER S，SCHMIDHUBER J.Long short-term memory[J].Neural Computation，1997，9（8）：1735-1780.
[33] LE T T H，KIM Y，KIM H.Network intrusion detection based on novel feature selection model and various recurrent neural networks[J].Applied Sciences，2019，9（7）：1392.
[34] ALMIANI M，ABUGHAZLEH A，AL-RAHAYFEH A，et al.Deep recurrent neural network for IoT intrusion detection system[J].Simulation Modelling Practice and Theory，2020，101：102031.
[35] GLOROT X，BENGIO Y.Understanding the difficulty of training deep feed-forward neural networks[C]//Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics，JMLR Workshop and Conference Proceedings，2010：249-256.
[36] LI X，WU X.Constructing long short-term memory based deep recurrent neural networks for large vocabulary speech recognition[C]//2015 IEEE International Conference on Acoustics，Speech and Signal Processing（ICASSP），2015：4520-4524.
[37] ALTHUBITI S A，JONES E M，ROY K.LSTM for anomaly-based network intrusion detection[C]//2018 28th International Telecommunication Networks and Applications Conference（ITNAC），2018：1-3.
[38] HASSAN M M，GUMAEI A，ALSANAD A，et al.A hybrid deep learning model for efficient intrusion detection in big data environment[J].Information Sciences，2020，513：386-396.
[39] YANG S，TAN M，XIA S，et al.A method of intrusion detection based on attention-LSTM neural network[C]//Proceedings of the 2020 5th International Conference on Machine Learning Technologies，2020：46-50.
[40] KIM J，KIM H.An effective intrusion detection classifier using long short-term memory with gradient descent optimization[C]//2017 International Conference on Platform Technology and Service（PlatCon），2017：1-6.
[41] JIANG K，WANG W，WANG A，et al.Network intrusion detection combined hybrid sampling with deep hierarchical network[J].IEEE Access，2020，8：32464-32476.
[42] IMRANA Y，XIANG Y，ALI L，et al.A bidirectional LSTM deep learning approach for intrusion detection[J].Expert Systems with Applications，2021：115524.
[43] KANNA P R，SANTHI P.Unified deep learning approach for efficient intrusion detection system using integrated spatial-temporal features[J].Knowledge-Based Systems，2021，226：107132.
[44] BALDI P.Autoencoders，unsupervised learning，and deep architectures[C]//Proceedings of ICML Workshop on Unsupervised and Transfer Learning，JMLR Workshop and Conference Proceedings，2012：37-49.
[45] 高妮，高岭，贺毅岳，等.基于自编码网络特征降维的轻量级入侵检测模型[J].电子学报，2017，45（3）：730-739.
GAO N，GAO L，HE Y Y，et al.A lightweight intrusion detection model based on audoencoder network with feature reduction[J].Acta Electronica Sinica，2017，45（3）：730-739.
[46] GURUNG S，GHOSE M K，SUBEDI A.Deep learning approach on network intrusion detection system using NSL-KDD dataset[J].International Journal of Computer Network and Information Security，2019，11（3）：8-14.
[47] FARAHNAKIAN F，HEIKKONEN J.A deep auto-encoder based approach for intrusion detection system[C]//2018 20th International Conference on Advanced Communication Technology（ICACT），2018：178-183.
[48] SHONE N，NGOC T N，PHAI V D，et al.A deep learning approach to network intrusion detection[J].IEEE Transactions on Emerging Topics in Computational Intelligence，2018，2（1）：41-50.
[49] ZAVRAK S，?SKEFIYELI M.Anomaly-based intrusion detection from network flow features using variational auto-encoder[J].IEEE Access，2020，8：108346-108358.
[50] WANG Z，LIU Y，HE D，et al.Intrusion detection methods based on integrated deep learning model[J].Computers & Security，2021，103：102177.
[51] KHAN M A，KIM Y.Deep learning-based hybrid intelligent intrusion detection system[J].Computers Materials & Continua，2021，68（1）：671-687.
[52] VAIYAPURI T，BINBUSAYYIS A.Enhanced deep autoencoder based feature representation learning for intelligent intrusion detection system[J].Computers Materials & Continua，2021，68（3）：3271-3288.
[53] LEE J H，PARK K H.GAN-based imbalanced data intrusion detection system[J].Personal and Ubiquitous Computing，2021，25（1）：121-128.
[54] FERDOWSI A，SAAD W.Generative adversarial networks for distributed intrusion detection in the internet of things[C]//2019 IEEE Global Communications Conference（GLOBECOM），2019：1-6.
[55] GOODFELLOW I，POUGET-ABADIE J，MIRZA M，et al.Generative adversarial nets[C]//Advances in Neural Information Processing Systems，2014：2672-2680.
[56] LIAO D，HUANG S，TAN Y，et al.Network intrusion detection method based on GAN model[C]//2020 International Conference on Computer Communication and Network Security（CCNS），2020：153-156.
[57] SINGLA A，BERTINO E，VERMA D.Preparing network intrusion detection deep learning models with minimal data using adversarial domain adaptation[C]//Proceedings of the 15th ACM Asia Conference on Computer and Communications Security，2020：127-140.
[58] LI D，KOTANI D，OKABE Y.Improving attack detection performance in NIDS using GAN[C]//2020 IEEE 44th Annual Computers，Software，and Applications Conference（COMPSAC），2020：817-825.
[59] LIU X，LI T，ZHANG R，et al.A GAN and feature selection-based oversampling technique for intrusion detection[J].Security and Communication Networks，2021（1）：1-15.
[60] WU P，GUO H.LUNET：a deep neural network for network intrusion detection[C]//2019 IEEE Symposium Series on Computational Intelligence（SSCI），2019：617-624.
[61] NGUYEN M T，KIM K.Genetic convolutional neural network for intrusion detection systems[J].Future Generation Computer Systems，2020，113：418-427.
[62] ZHANG Y，ZHANG Y，ZHANG N，et al.A network intrusion detection method based on deep learning with higher accuracy[J].Procedia Computer Science，2020，174：50-54.
[63] KHAN F A，GUMAEI A，DERHAB A，et al.A novel two-stage deep learning model for efficient network intrusion detection[J].IEEE Access，2019，7：30373-30385.
[64] JIA H，LIU J，ZHANG M，et al.Network intrusion detection based on IE-DBN model[J].Computer Communications，2021，178：131-140.
[65] YANG J，SHENG Y，WANG J.A GBDT-paralleled quadratic ensemble learning for intrusion detection system[J].IEEE Access，2020，8：175467-175482.
[66] SINGH N B，SINGH M M，SARKAR A，et al.A novel wide & deep transfer learning stacked GRU framework for network intrusion detection[J].Journal of Information Security and Applications，2021，61：102899.
[67] ZHANG L，YAN H，ZHU Q.An improved LSTM network intrusion detection method[C]//2020 IEEE 6th International Conference on Computer and Communications（ICCC），2020：1765-1769.
[68] HOU H，XU Y，CHEN M，et al.Hierarchical long short-term memory network for cyber-attack detection[J].IEEE Access，2020，8：90907-90913.
[69] ZHONG W，YU N，AI C.Applying big data based deep learning system to intrusion detection[J].Big Data Mining and Analytics，2020，3（3）：181-195.
[70] RING M，WUNDERLICH S，SCHEURING D，et al.A survey of network-based intrusion detection data sets[J].Computers & Security，2019，86：147-167.
[71] SABHNANI M，SERPEN G.Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set[J].Intelligent Data Analysis，2004，8（4）：403-415.