面向CNN和RNN改进的物联网入侵检测模型

doi:10.3778/j.issn.1002-8331.2209-0405

摘要/Abstract

摘要： 针对卷积神经网络的原始池化层存在信息丢失的问题和循环神经网络在处理长序列数据时存在梯度消失的问题，提出了基于卷积和循环神经网络改进的物联网入侵检测模型。通过格拉姆角场图像化方式对时间序列数据图像化，为数据作为入侵检测模型的输入做好准备，由SoftPool池化层代替原始的池化层；将多头自注意力机制中的多头结构应用于循环神经网络中，循环神经网络选择参数较少的双向门控循环单元。以TON-IoT物联网数据集作为基准数据集进行试验，试验部分主要包括图像化方式的选择、池化层组合的选择和多头双向门控循环单元层头数的选择，仿真试验结果显示选择格拉姆角和场、SoftPool+SoftPool的池化层组合和三头结构的模型在多分类上在准确率、精确率、检测率、F1得分和假阳性率上的性能最优，并且精确率、检测率、F1得分和假阳性率优于现有模型至少0.14、0.09、0.13和0.08。

关键词: 物联网, 入侵检测, 格拉姆角场, 多头结构, SoftPool池化层

Abstract: For the following problems：information loss in the original pool layer of CNN and the gradient disappearance in the processing of long sequence data by RNN, an intrusion detection system for the Internet of things based on improved CNN and RNN is proposed. Firstly, the time series is imaged by Gram angle field imaging method as the input of the intrusion detection model, and then SoftPool layer replaces the original pooling layer. Finally, the multi-head structure from multi-head self-attention mechanism is applied to RNN, and Bi-GRU which is one kind of RNN is chosen because of its fewer parameters. The TON-IoT data set from the Internet of things is used as the benchmark data set for the simulation. The simulation part includes the selection of imaging modes, the pooling layer combinations and the number of heads of multi-head Bi-GRU. The results show the model with Gram angle summation field, the pooling layer combination of SoftPool+SoftPool and the three-head structure has finer accuracy, precision, F1-score and false-positive rate, and precision, detection rate, F1-score and false-positive rate are at least 0.14、0.09、0.13 and 0.08 better than the existing models.

Key words: Internet of things, intrusion detection, Gram angle field, multi-head structure, SoftPool layer

李晓佳, 赵国生, 汪洋, 宁可. 面向CNN和RNN改进的物联网入侵检测模型[J]. 计算机工程与应用, 2023, 59(14): 242-250.

LI Xiaojia, ZHAO Guosheng, WANG Yang, NING Ke. Improved Internet of Things Intrusion Detection Model for CNN and RNN[J]. Computer Engineering and Applications, 2023, 59(14): 242-250.

参考文献

[1] MISGRA N，PANDYA S.Internet of things applications，security challenges，attacks，intrusion detection，and future visions：a systematic review[J].IEEE Access，2021，9（10）：59353-59377.
[2] ABIODUN O I，ABIODUN E O，ALAWIDA M，et al.A review on the security of the Internet of things：challenges and solutions[J].Wireless Personal Communications，2021，119（3）：2603-2637.
[3] KHRAISAT A，ALAZAB A.A critical review of intrusion detection systems in the Internet of things：techniques，deployment strategy，validation strategy，attacks，public datasets and challenges[J].Cybersecurity，2021，4（1）：1-27.
[4] ASHARF J，MOUSTAFA N，KHURSHID H，et al.A review of intrusion detection systems using machine and deep learning in Internet of things：challenges，solutions and future directions[J].Electronics，2020，9（7）：1177-1222.
[5] LEE S W，MOHAMMADI M，RASHIDI S，et al.Towards secure intrusion detection systems using deep learning techniques：comprehensive analysis and review[J].Journal of Network and Computer Applications，2021，187（10）：103111-103133.
[6] MOUSTAFA N.A new distributed architecture for evaluating AI-based security systems at the edge：network TON_IoT datasets[J].Sustainable Cities and Society，2021，72（10）：1-36.
[7] WANG W，SHENG Y，WANG J，et al.HAST-IDS：learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J].IEEE Access，2017，6（20）：1792-1806.
[8] WU P，GUO H.LuNET：a deep neural network for network intrusion detection[C]//2019 IEEE Symposium Series on Computational Intelligence（SSCI），2019：617-624.
[9] SINHA J，MANOLLAS M.Efficient deep CNN-BiLSTM model for network intrusion detection[C]//Proceedings of the 2020 3rd International Conference on Artificial Intelligence and Pattern Recognition，2020：223-231.
[10] HOSSAIN M D，INOUE H，OCHIAI H，et al.LSTM-based intrusion detection system for in-vehicle can bus communications[J].IEEE Access，2020，8（20）：185489-185502.
[11] LAGHRISSI F E，DOUZI S，DOUZI K，et al.Intrusion detection systems using long short-term memory （LSTM）[J].Journal of Big Data，2021，8（1）：1-16.
[12] ALKAHTANI H，ALDHYANI T H H.Botnet attack detection by using CNN-LSTM model for Internet of things applications[J].Security and Communication Networks，2021，2021（20）：1-23.
[13] FU X，ZHOU N，JIAO L，et al.The robust deep learning-based schemes for intrusion detection in Internet of things environments[J].Annals of Telecommunications，2021，76（5）：273-285.
[14] LIU C，LIU Y，YAN Y，et al.An intrusion detection model with hierarchical attention mechanism[J].IEEE Access，2020，8（15）：67542-67554.
[15] YOU C，WANG Q，SUN C.SBiLSAN：stacked bidirectional self-attention LSTM network for anomaly detection and diagnosis from system logs[C]//Proceedings of SAI Intelligent Systems Conference，2021：777-793.
[16] LO W W，LAYEGHY S，SARHAN M，et al.E-GraphSAGE：a graph neural network based intrusion detection system for IoT[C]//NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium，2022：1-9.
[17] KUMAR P，GUPTA G P，TRIPATHI R.An ensemble learning and fog-cloud architecture-driven cyber-attack detection framework for IoMT networks[J].Computer Communications，2021，166（20）：110-124.
[18] SARHAN M，LAYEGHY S，MOUSTAFA N，et al.Netflow datasets for machine learning-based network intrusion detection systems[M]//Big data technologies and applications.Cham：Springer，2020：117-135.
[19] WANG Z，OATES T.Imaging time-series to improve classification and imputation[C]//Twenty-Fourth International Joint Conference on Artificial Intelligence，2015：3939-3945.
[20] STERGIOU A，POPPE R，KALLIATAKIS G.Refining activation downsampling with SoftPool[C]//Proceedings of the IEEE/CVF International Conference on Computer Vision，2021：10357-10366.
[21] VASWANI A，SHAZEER N，PARMAR N，et al.Attention is all you need[C]//Advances in Neural Information Processing Systems，2017：1-11.