计算机工程与应用 ›› 2022, Vol. 58 ›› Issue (10): 116-124.DOI: 10.3778/j.issn.1002-8331.2102-0062

• 网络、通信与安全 • 上一篇    下一篇

基于CNN_BiLSTM网络的入侵检测方法

马明艳,陈伟,吴礼发   

  1. 南京邮电大学 计算机学院、软件学院、网络空间安全学院,南京 210023
  • 出版日期:2022-05-15 发布日期:2022-05-15

CNN_BiLSTM Network Based Intrusion Detection Method

MA Mingyan, CHEN Wei, WU Lifa   

  1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
  • Online:2022-05-15 Published:2022-05-15

摘要: 网络攻击事件频发,正确高效地检测攻击行为对网络安全至关重要。该方法基于一维卷积神经网络和双向长短期记忆网络引入自注意力机制来检测恶意行为。首先借助随机森林来选择重要的特征作为模型输入以减少输入数据的冗余问题,之后利用一维卷积神经网络和双向长短期记忆网络分别提取空间特征和时间特征,将二者提取的特征“并联”得到融合特征,为了让有用的输入信息得到更好表达,引入了自注意力机制给融合后的特征分配不同的权重,用门控循环单元模型训练,最后利用softmax函数进行分类。为了验证模型的有效性,在UNSW_NB15数据集上进行了评估,实验表明该模型比单一的模型有着明显的性能提升。该方法将特征选择和深度学习模型相融合,能够有效去除噪声冗余,加快模型训练速度,具有较好的应用前景。

关键词: 特征选择, 一维卷积, 双向长短期记忆网络, 自注意力机制, 入侵检测

Abstract: As network attacks frequently occur, correct and efficient detection against attack behavior is essential to network security. To detect malicious behavior, this paper proposes a self-attention mechanism using one-dimensional convolutional neural network(1D CNN) and bidirectional long short-term memory network(BiLSTM). Firstly, random forest is used to select important features as model inputs to reduce the redundancy of input data. Then 1D CNN and BiLSTM are applied to extract spatial and temporal features respectively. The features extracted by the two parallel are merged to obtain the fused features. In order to express useful input information better, the proposed method introduces self-attention mechanism to assign different weights for the fused features, trains them with a gated recurrent unit(GRU) model, and finally uses the softmax function for classification. In order to verify the effectiveness of the model, an evaluation is conducted on the UNSW_NB15 dataset. Experiments show that the model has a significant performance improvement over a single model. This paper combines feature selection and deep learning model, which can effectively remove noise redundancy, speed up model training, and has a good application prospect.

Key words: feature selection, one-dimensional convolution, bidirectional long short-term memory network, self-attention mechanism, intrusion detection