结合Transformer的双向GRU入侵检测研究

doi:10.3778/j.issn.1002-8331.2405-0065

摘要/Abstract

摘要： 在网络入侵检测系统中，以往的系统在特征提取时容易受到噪声特征的干扰，面对不平衡数据时对少数类样本边界区分不明显，同时检测模型容易错过重要时间点的信息。这些问题影响了模型的训练效果，降低了模型的检测性能。为应对这些挑战，提出了一种结合鸽群优化算法和边界合成少数过采样技术的Transformer-双向门控循环单元（bidirectional gated recurrent unit，BiGRU）混合模型。通过鸽群优化算法自动进行特征选择，以提升模型处理复杂数据集的能力，并降低噪声特征的干扰。采用边界合成少数过采样技术对数据进行平衡处理，特别是针对少数类样本，提高其在平衡数据集中的代表性和质量。构建了一个集成Transformer和BiGRU的深度学习模型来进行入侵检测，利用Transformer捕捉全局依赖关系的特征提取能力，同时借助BiGRU的时间序列建模能力来更好地理解序列数据的双向上下文关系。在NSL-KDD数据集上的实验结果表明，该模型展现出了良好的检测性能，准确率达到83.64%，F1分数为78.41%，均超过了对比的传统机器学习模型和深度学习模型。

关键词: 鸽群优化算法, 边界过采样, 多头注意力, 双向循环门控单元, 入侵检测

Abstract: In network intrusion detection systems, previous systems often suffered from interference by noisy features during feature extraction, exhibited poor distinction at the boundaries of minority class samples when dealing with imbalanced data, and the detection models tended to miss important temporal information. Such issues compromised the training effectiveness and diminished the detection performance of the models. To overcome these challenges, this paper introduces a hybrid model that amalgamates the pigeon-inspired optimization (PIO) algorithm and the borderline synthetic minority over-sampling technique (SMOTE) with a Transformer-bidirectional gated recurrent unit (BiGRU). The pigeon-inspired optimization algorithm is utilized for automatic feature selection, enhancing the capability of the model to process complex datasets, and mitigating the impact of noise features. The borderline SMOTE is applied to balance the data, with a specific emphasis on minority class samples, thereby enhancing their representation and quality within the balanced dataset. A deep learning model that integrates Transformer and BiGRU is developed for intrusion detection. This integration exploits the Transformer’s ability to capture global dependencies and the BiGRU’s competence in temporal sequence modeling, enabling a more nuanced understanding of the bidirectional contextual relationships in sequence data. Experimental results derived from the NSL-KDD dataset indicate that the model demonstrates commendable detection performance, attaining an accuracy rate of 83.64% and an F1 score of 78.41%, which surpasses the benchmarks set by traditional machine learning models and other deep learning models used for comparison.

Key words: pigeon-inspired optimization algorithm, Borderline SMOTE, multi-head attention, bidirectional gated recurrent unit, intrusion detection

李道全, 刘旭寅, 刘嘉宇, 陈思慧. 结合Transformer的双向GRU入侵检测研究[J]. 计算机工程与应用, 2025, 61(10): 299-307.

LI Daoquan, LIU Xuyin, LIU Jiayu, CHEN Sihui. Intrusion Detection Research Combining Transformer and Bidirectional GRU[J]. Computer Engineering and Applications, 2025, 61(10): 299-307.

参考文献

[1] LIU Y, WU L J. Intrusion detection model based on improved transformer[J]. Applied Sciences-Basel, 2023, 13(10): 6251.
[2] DíAZ-VERDEJO J, MU?OZ-CALLE J, ALONSO A E, et al. On the detection capabilities of signature-based intrusion detection systems in the context of Web attacks[J]. Applied Sciences-Basel, 2022, 12(2): 852.
[3] KWON H Y, KIM T, LEE M K. Advanced intrusion detection combining signature-based and behavior-based detection methods[J]. Electronics, 2022, 11(6): 867.
[4] XIN Y, KONG L S, LIU Z, et al. Machine learning and deep learning methods for cybersecurity[J]. IEEE Access, 2018, 6: 35365-35381.
[5] ERFANI S M, RAJASEGARAR S, KARUNASEKERA S, et al. High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning[J]. Pattern Recognition, 2016, 58: 121-134.
[6] AL-YASEEN W L, IDREES A K, ALMASOUDY F H. Wrapper feature selection method based differential evolution and extreme learning machine for intrusion detection system[J]. Pattern Recognition, 2022, 132: 108912.
[7] 李道全, 祝圣凯, 翟豫阳, 等. 基于特征选择与改进的Tri-training的半监督网络流量分类[J]. 计算机工程与应用，2024, 60(23): 275-285.
LI D Q, ZHU S K, ZHAI Y Y, et al. Semi-supervised network traffic classification based on feature selection and improved tri-training[J]. Computer Engineering and Applications, 2024, 60(23): 275-285.
[8] DAMTEW Y G, CHEN H M, YUAN Z. Heterogeneous ensemble feature selection for network intrusion detection system[J]. International Journal of Computational Intelligence Systems, 2023, 16(1): 9.
[9] 杨彦荣, 宋荣杰, 周兆永. 基于GAN-PSO-ELM的网络入侵检测方法[J]. 计算机工程与应用, 2020, 56(12): 66-72.
YANG Y R, SONG R J, ZHOU Z Y. Network intrusion detection method based on GAN-PSO-ELM[J]. Computer Engineering and Applications, 2020, 56(12): 66-72.
[10] CHAPANERI R, SHAH S. Enhanced detection of imbalanced malicious network traffic with regularized generative adversarial networks[J]. Journal of Network and Computer Applications, 2022, 202: 103368.
[11] SAYEGH H R, DONG W, AL-MADANI A M. Enhanced intrusion detection with LSTM-based model, feature selection, and SMOTE for imbalanced data[J]. Applied Sciences-Basel, 2024, 14(2): 479.
[12] FU Z Y. Computer network intrusion anomaly detection with recurrent neural network[J]. Mobile Information Systems, 2022(1): 6576023.
[13] YAO R Z, WANG N, LIU Z H, et al. Intrusion detection system in the advanced metering infrastructure: a cross-layer feature-fusion CNN-LSTM-based approach[J]. Sensors, 2021, 21(2): 626.
[14] IMRANA Y, XIANG Y P, ALI L, et al. A bidirectional LSTM deep learning approach for intrusion detection[J]. Expert Systems with Applications, 2021, 185: 115524.
[15] XU C Y, SHEN J Z, DU X, et al. An intrusion detection system using a deep neural network with gated recurrent units[J]. IEEE Access, 2018, 6: 48697-48707.
[16] LI L, HU M, REN F J, et al. Temporal attention based TCN-BIGRU model for energy time series forecasting[C]//Proceedings of the 2021 IEEE International Conference on Computer Science, Artificial Intelligence and Electronic Engineering. Piscataway: IEEE, 2021: 187-193.
[17] TAVALLAEE M, BAGHERI E, LU W, et al. A detailed analysis of the KDD CUP 99 data set[C]//Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. Piscataway: IEEE, 2009: 1-6.
[18] 段海滨, 叶飞. 鸽群优化算法研究进展[J]. 北京工业大学学报, 2017, 43(1): 1-7.
DUAN H B, YE F. Progresses in pigeon-inspired optimization algorithms[J]. Journal of Beijing University of Technology, 2017, 43(1): 1-7.
[19] ALAZZAM H, SHARIEH A, SABRI K E. A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer[J]. Expert Systems with Applications, 2020, 148: 113249.
[20] SUN Y, QUE H K, CAI Q Q, et al. Borderline SMOTE algorithm and feature selection-based network anomalies detection strategy[J]. Energies, 2022, 15(13): 4751.
[21] WU Z H, ZHANG H, WANG P H, et al. RTIDS: a robust transformer-based approach for intrusion detection system[J]. IEEE Access, 2022, 10: 64375-64387.