计算机工程与应用 ›› 2023, Vol. 59 ›› Issue (14): 242-250.DOI: 10.3778/j.issn.1002-8331.2209-0405

• 网络、通信与安全 • 上一篇    下一篇

面向CNN和RNN改进的物联网入侵检测模型

李晓佳,赵国生,汪洋,宁可   

  1. 哈尔滨师范大学 计算机科学与信息工程学院,哈尔滨 150025
  • 出版日期:2023-07-15 发布日期:2023-07-15

Improved Internet of Things Intrusion Detection Model for CNN and RNN

LI Xiaojia, ZHAO Guosheng, WANG Yang, NING Ke   

  1. School of Computer Science and Information Engineering, Harbin Normal University, Harbin 150025, China
  • Online:2023-07-15 Published:2023-07-15

摘要: 针对卷积神经网络的原始池化层存在信息丢失的问题和循环神经网络在处理长序列数据时存在梯度消失的问题,提出了基于卷积和循环神经网络改进的物联网入侵检测模型。通过格拉姆角场图像化方式对时间序列数据图像化,为数据作为入侵检测模型的输入做好准备,由SoftPool池化层代替原始的池化层;将多头自注意力机制中的多头结构应用于循环神经网络中,循环神经网络选择参数较少的双向门控循环单元。以TON-IoT物联网数据集作为基准数据集进行试验,试验部分主要包括图像化方式的选择、池化层组合的选择和多头双向门控循环单元层头数的选择,仿真试验结果显示选择格拉姆角和场、SoftPool+SoftPool的池化层组合和三头结构的模型在多分类上在准确率、精确率、检测率、F1得分和假阳性率上的性能最优,并且精确率、检测率、F1得分和假阳性率优于现有模型至少0.14、0.09、0.13和0.08。

关键词: 物联网, 入侵检测, 格拉姆角场, 多头结构, SoftPool池化层

Abstract: For the following problems:information loss in the original pool layer of CNN and the gradient disappearance in the processing of long sequence data by RNN, an intrusion detection system for the Internet of things based on improved CNN and RNN is proposed. Firstly, the time series is imaged by Gram angle field imaging method as the input of the intrusion detection model, and then SoftPool layer replaces the original pooling layer. Finally, the multi-head structure from multi-head self-attention mechanism is applied to RNN, and Bi-GRU which is one kind of RNN is chosen because of its fewer parameters. The TON-IoT data set from the Internet of things is used as the benchmark data set for the simulation. The simulation part includes the selection of imaging modes, the pooling layer combinations and the number of heads of multi-head Bi-GRU. The results show the model with Gram angle summation field, the pooling layer combination of SoftPool+SoftPool and the three-head structure has finer accuracy, precision, F1-score and false-positive rate, and precision, detection rate, F1-score and false-positive rate are at least 0.14、0.09、0.13 and 0.08 better than the existing models.

Key words: Internet of things, intrusion detection, Gram angle field, multi-head structure, SoftPool layer