融合改进堆叠编码器和多层BiLSTM的入侵检测模型

doi:10.3778/j.issn.1002-8331.2312-0017

摘要/Abstract

摘要： 针对基于机器学习入侵检测模型需要大量特征工程，且对不平衡数据处理欠佳，导致检测率低、误报率高等问题。构建了一种SE-MBL的入侵检测模型。采用自适应合成采样（ADASYN）方法对少数类样本进行样本扩展，解决数据不平衡问题，形成相对对称的数据集。采用改进的堆叠自编码器进行数据降维，消除特征冗余，并引入Dropout机制来增强信息融合，提升模型的泛化能力。提出一种融合一维CNN和多层BiLSTM的模块，分别提取空间特征和时间特征，以提高模型的分类性能。在NSL-KDD和CICIDS2017数据集上的实验结果表明，该模型可以实现较高的正确率和召回率，优于传统机器学习和深度学习方法。

关键词: 网络安全, 入侵检测, 数据不平衡, 数据降维, 多层BiLSTM

Abstract: Aiming at the problems of machine learning-based intrusion detection model that requires a large amount of feature engineering and poorly handles unbalanced data, resulting in low detection rate and high false alarm rate. An intrusion detection model for SE-MBL is constructed. Firstly, the adaptive synthetic sampling (ADASYN) method is used to expand the samples of a few classes of samples to solve the data imbalance problem and form a relatively symmetric dataset. Secondly, an improved stacked self-encoder is used for data dimensionality reduction to eliminate feature redundancy, and a Dropout mechanism is introduced to enhance information fusion and improve the generalization ability of the model. Finally, a module that fuses one-dimensional CNN and multilayer BiLSTM is proposed to extract spatial and temporal features respectively to improve the classification performance of the model. Experimental results on NSL-KDD and CICIDS2017 datasets show that the model can achieve high correctness and recall, outperforming traditional machine learning and deep learning methods.

Key words: cybersecurity, intrusion detection, data imbalance, data dimensionality reduction, multilayer BiLSTM

陈虹, 姜朝议, 金海波, 武聪, 卢健波. 融合改进堆叠编码器和多层BiLSTM的入侵检测模型[J]. 计算机工程与应用, 2025, 61(3): 306-314.

CHEN Hong, JIANG Chaoyi, JIN Haibo, WU Cong, LU Jianbo. Fusion of Improved Stacked Encoder and Multi-Layer BiLSTM for Intrusion Detection Model[J]. Computer Engineering and Applications, 2025, 61(3): 306-314.

参考文献

[1] KHRAISAT A, GONDAL I, VAMPLEW P, et al. Survey of intrusion detection systems: techniques, datasets and challenges[J]. Cybersecurity, 2019, 2(1): 1-20.
[2] LI A D, LI X Q, QIAN W, et al. A multi-level intrusion detection method based on KNN outlier detectionand random forests[J]. Journal of Computer Research and Development, 2019, 56(3): 566-570.
[3] SHAPOORIFARD H, SHAMSINEJAD P. Intrusion detection using a novel hybrid method incorporating an improved KNN[J]. International Journal of Computer Applications, 2017, 173(1): 5-9.
[4] XIE X, JIANG X Y, WANG W R, et al. An intrusion detection method based on hierarchical feature learning and its application[C]//Proceedings of the 11th International Symposium on Cyberspace Safety and Security, Guangzhou, 2019: 13-20.
[5] 郭旭东, 李小敏, 敬如雪, 等. 基于改进的稀疏去噪自编码器的入侵检测[J]. 计算机应用, 2019, 39(3): 769-773.
GUO X D, LI X M, JING R X, et al. Intrusion detection based on improved sparse denoising autoencoder[J]. Journal of Computer Applications, 2019, 39(3): 769-773.
[6] XIAO Y H, XING C, ZHANG T N, et al. An intrusion detection model based on feature reduction and convolutional neural networks[J]. IEEE Access, 2019, 7: 42210-42219.
[7] NASEER S. Enhanced network intrusion detection using deep convolutional neural networks[J]. KSII Transactions on Internet & Information Systems, 2018, 12(10): 5159-5178.
[8] YAN B H, HAN G D. Combinatorial intrusion detection model based on deep recurrent neural network and improved SMOTE algorithm[J]. Chinese Journal of Network and Infor-mation Security, 2018, 4(7): 48-59.
[9] YAN B H, HAN G D. LA-GRU: building combined intrusion detection model based on imbalanced learning and gated recurrent unit neural network[J]. Security and Communication Networks, 2018: 6026878.
[10] QU F, ZHANG J, SHAO Z, et al. An intrusion detectionmodel based on deep belief network[C]//Proceedings of the 2017 VI International Conference on Network, Communication and Computing, 2017: 97-101.
[11] 高忠石, 苏旸, 柳玉东. 基于 PCA-LSTM 的入侵检测研究[J]. 计算机科学, 2019, 46(11A): 473-476.
GAO Z S, SU Y, LIU Y D. Research on intrusion detection based on PCA-LSTM[J]. Computer Science, 2019, 46(11A): 473-476
[12] TIAN Q, LI J M, LIU H B. A method for guaranteeing wireless communication based on a combination of deep and shallow learning[J]. IEEE Access, 2019, 7: 38688-38695.
[13] ZHANG J W, LING Y, FU X B, et al. Model of the intrusion detection system based on the integration of spatial-temporal features[J]. Computers & Security, 2020, 89: 101681.
[14] HE H B, BAI Y, GARCIA E A, et al. ADASYN: adaptive synthetic sampling approach for imbalanced learning[C]//Proceedings of the 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), Hong Kong, China, 2008: 1322-1328.
[15] MENG Q X, CATCHPOOLE D, SKILLICOM D, et al. Relational autoencoder for feature extraction[C]//Proceedings of the 2017 International Joint Conference on Neural Networks (IJCNN), Anchorage, AK, USA, 2017: 364-371.
[16] TAVALLAEE M, BAGHERI E, LU W. et al. A detailed analysis of the KDD CUP 99 data set[C]//Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, 2009: 1-6.
[17] SHARAFALDIN I, LASHKARI A H, GHORBANI A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]//Proceedings of the 4th International Conference on Information Systems Security and Privacy, 2018: 108-116.
[18] SU T T, SUN H Z, ZHU J Q, et al. BAT: deep learning methods on network intrusion detection using NSL-KDD dataset[J]. IEEE Access, 2020, 8: 29575-29585.
[19] IERACITANO C, ADEEL A, MORABITO F C, et al. A novel statistical analysis and autoencoder driven intelligent intrusion detection approach[J]. Neurocomputing, 2020, 387: 51-62.
[20] JIANG K Y, WANG W Y, WANG A L, et al. Network intrusion detection combined hybrid sampling with deep hierarchical network[J]. IEEE Access, 2020, 8: 32464-32476.
[21] YU Y W, BIAN N Z. An intrusion detection method using few-shot learning[J]. IEEE Access, 2020, 8: 49730-49740.
[22] BINBUSAYYIS A, VAIYAPURI T. Identifying and benchmarking key features for cyber intrusion detection: an ensemble approach[J]. IEEE Access, 2019, 7: 106495-106513.
[23] VINAYAKUMAR R, ALAZAB M, SOMAN K P, et al. Deep learning approach for intelligent intrusion detection system[J]. IEEE Access, 2019, 7: 41525-41550.
[24] CHIBA Z, ABGHOUR N, MOUSSAID K, et al. Intelligent approach to build a deep neural network based IDS for cloud environment using combination of machine learning algorithms[J]. Computers & Security, 2019, 86: 291-317.