融合改进采样技术和SRFCNN-BiLSTM的入侵检测方法

doi:10.3778/j.issn.1002-8331.2404-0028

摘要/Abstract

摘要： 针对目前很多入侵检测方法中因数据不平衡和特征冗余导致检测率低等问题，提出融合改进采样技术和SRFCNN-BiLSTM的入侵检测方法。设计一种FBS-RE混合采样算法，即Borderline-SMOTE过采样和RENN欠采样同时对多数类和少数类样本进行处理，解决数据不平衡问题。利用堆叠降噪自动编码器（stacked denoising auto encoder， SDAE）进行数据降维，减少噪声对数据的影响，去除冗余特征。采用改进的卷积神经网络（split residual fuse convolutional neural network，SRFCNN）和双向长短期记忆网络（bi-directional long short-term memory，BiLSTM）更好地提取数据中的空间和时间特征，结合注意力机制对特征分配不同的权重，获得更好的分类能力，提高对少数攻击流量的检测率。最后，在UNSW-NB15数据集上对模型进行验证，准确率和F1分数为89.24%和90.36%，优于传统机器学习和深度学习模型。

关键词: 入侵检测, 不平衡处理, 堆叠降噪自动编码器, 卷积神经网络, 注意力机制

Abstract: In response to the issues of low detection rates caused by data imbalance and feature redundancy in many current intrusion detection methods, an intrusion detection approach integrating improved sampling techniques and SRFCNN-BiLSTM is proposed. Firstly, an FBS-RE hybrid sampling algorithm is designed, which combines Borderline-SMOTE oversampling and RENN undersampling to simultaneously process both majority and minority class samples, addressing the data imbalance problem. Secondly, stacked denoising autoencoder (SDAE) are utilized for data dimensionality reduction, minimizing the impact of noise and eliminating redundant features. Then, an improved convolutional neural network (split residual fuse convolutional neural networks, SRFCNN) and bidirectional long short-term memory network (BiLSTM) are employed to better extract spatial and temporal features from the data, an attention mechanism is incorporated to assign different weights to features, enhancing classification capabilities and improving detection rates of minority attack traffic. Finally, the model is validated on the UNSW-NB15 dataset, achieving accuracy and F1 scores of 89.24% and 90.36%, respectively, outperforming traditional machine learning and deep learning models.

Key words: intrusion detection, unbalanced treatment, stacked denoising autoencoder, convolutional neural networks, attention mechanism

中图分类号:

陈虹, 由雨竹, 金海波, 武聪, 邹佳澎. 融合改进采样技术和SRFCNN-BiLSTM的入侵检测方法[J]. 计算机工程与应用, 2025, 61(9): 315-324.

CHEN Hong, YOU Yuzhu, JIN Haibo, WU Cong, ZOU Jiapeng. Fusion of Improved Sampling Technology and SRFCNN-BiLSTM Intrusion Detection Method[J]. Computer Engineering and Applications, 2025, 61(9): 315-324.

参考文献

[1] CHOU D, JIANG M. A survey on data-driven network intrusion detection[J]. ACM Computing Surveys (CSUR), 2021, 54(9): 1-36.
[2] CHOUBISA M, DOSHI R, KHATRI N, et al. A simple and robust approach of random forest for intrusion detection system in cyber security[C]//Proceedings of the 2022 International Conference on IoT and Blockchain Technology (ICIBT), 2022: 1-5.
[3] SU Y, QI K, DI C, et al. Learning automata based feature selection for network traffic intrusion detection[C]//Proceedings of the 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), 2018: 622-627.
[4] WANG H, GU J, WANG S. An effective intrusion detection framework based on SVM with feature augmentation[J]. Knowledge-Based Systems, 2017, 136: 130-139.
[5] WU T, FAN H, ZHU H, et al. Intrusion detection system combined enhanced random forest with SMOTE algorithm[J]. EURASIP Journal on Advances in Signal Processing, 2022, 2022(1): 39.
[6] 刘涛涛, 付钰, 王坤, 等.基于VAE-CWGAN和特征统计重要性融合的网络入侵检测方法[J].通信学报, 2024, 45(2):54-67.
LIU T T, FU Y, WANG K, et al.Network intrusion detection method based on VAE-CWGAN and fusion of statistical importance of feature[J]. Journal on Communications, 2024, 45 (2): 54-67.
[7] MUSHTAQ E, ZAMEER A, UMER M, et al. A two-stage intrusion detection system with auto-encoder and LSTMs[J]. Applied Soft Computing, 2022, 121: 108768.
[8] SAYEGH H R, DONG W, AL-MADANI A M. Enhanced intrusion detection with LSTM-based model, feature selection, and SMOTE for imbalanced data[J]. Applied Sciences, 2024, 14(2): 479.
[9] 高忠石, 苏旸, 柳玉东.基于PCA-LSTM的入侵检测研究[J]. 计算机科学, 2019, 46(S2): 473-476.
GAO Z S, SU Y, LIU Y D. Study on intrusion detection based on PCA-LSTM[J]. Computer Science, 2019, 46(S2): 473-476.
[10] 杨晓文, 张健, 况立群, 等.融合CNN-BiGRU和注意力机制的网络入侵检测模型[J]. 信息安全研究, 2024, 10(3): 202-208.
YANG X W, ZHANG J, KUANG L Q, et al.A network intrusion detection model integrating CNN-BiGRU and attention mechanism[J]. Journal of Information Security Research, 2024, 10 (3): 202-208.
[11] GUPTA N, JINDAL V, BEDI P. LIO-IDS: handling class imbalance using LSTM and improved one-vs-one technique in intrusion detection system[J]. Computer Networks, 2021, 192: 108076.
[12] Al-TURAIKI I, ALTWAIJRY N. A convolutional neural networkfor improved anomaly-based network intrusion detetion[J]. Big Data, 2021, 9(3): 233-252.
[13] MA Z, LI J, SONG Y, et al. Network intrusion detectionmethod based on FCWGAN and BiLSTM[J]. Computational Intelligence and Neuroscience, 2022, 2022: 6591140.
[14] PENG K, LEUNG V C M, ZHENG L, et al. Intrusion detection system based on decision tree over big data in fog environment[J]. Wireless Communications and Mobile Computing, 2018, 2018(1): 4680867.
[15] 张玉清, 董颖, 柳彩云, 等.深度学习应用于网络空间安全的现状、趋势与展望[J]. 计算机研究与发展, 2018, 55(6): 1117-1142.
ZHANG Y Q, DONG Y, LIU C Y, et al.Situation, trends and prospects of deep learning applied to cyberspace security [J]. Journal of Computer Research and Development, 2018, 55(6): 1117-1142.
[16] HOCHREITER S, SCHMIDHUBER J. Long short-term memory[J]. Neural Computation, 1997, 9(8): 1735-1780.
[17] 李洋, 董红斌.基于CNN和BiLSTM网络特征融合的文本情感分析[J]. 计算机应用, 2018, 38(11): 3075-3080.
LI Y, DONG H B. Text sentiment analysis based on feature fusion of convolution neural network and bidirectional long short-term network[J]. Journal of Computer Applications, 2018, 38(11): 3075-3080.
[18] ALMOGREN A S. Intrusion detection in edge-of-things computing[J]. Journal of Parallel and Distributed Computing, 2020, 137: 259-265.
[19] CHICCO D, SADOWSKI P, BALDI P. Deep autoencoder neural networks for gene ontology annotation predictions[C]//Proceedings of the 5th ACM Conference on Bioinformatics, Computational Biology, and Health Informatics, 2014: 533-540.
[20] 朱铭康, 卢先领. 基于Bi-LSTM-Attention模型的人体行为识别算法[J]. 激光与光电子学进展, 2019, 56(15):153-161.
ZHU M K, LU X L. Human action recognition algorithm based on Bi-LSTM-Attention model[J]. Laser & Optoelectronics Progress, 2019, 56(15): 153-161.
[21] VINCENT P, LAROCHELLE H, LAJOIE I, et al. Stacked denoising autoencoders: learning useful representations in a deep network with a local denoising criterion[J]. Journal of Machine Learning Research, 2010, 11(12): 3371-3408.
[22] DHANABAL L, SHANTHARAJAH S P. A study on NSL-KDD dataset for intrusion detection system based on classification algorithms[J]. International Journal of Advanced Research in Computer and Communication Engineering, 2015, 4(6): 446-452.
[23] TAVALLAEE M, BAGHERI E, LU W, et al. A detailed analysis of the KDD CUP 99 data set[C]//Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009: 1-6.
[24] MOUSTAFA N, SLAY J. The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J]. Information Security Journal: A Global Perspective, 2016, 25(1/2/3): 18-31.
[25] DING Y, ZHAI Y. Intrusion detection system for NSL- KDD dataset using convolutional neural networks[C]//Proceedings of the 2018 2nd International Conference on Computer Science and Artificial Intelligence, 2018: 81-85.
[26] SHARAFALDIN I, LASHKARI A H, GHORBANI A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]//Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018) , 2018: 108-116.
[27] LIN Y, WANG J, TU Y, et al. Time-related network intrusion detection model: a deep learning method[C]//Proceedings of the 2019 IEEE Global Communications Conference (GLOBECOM), 2019: 1-6.
[28] 王相月, 赵利辉. 基于多阶段特征选择和CNN-GRU的网络入侵检测模型[J]. 中北大学学报(自然科学版), 2024, 45(1): 66-73.
WANG X Y, ZHAO L H. Network intrusion detection model based on multi-stage feature selection and CNN-GRU [J]. Journal of North University of China(Natural Science Edition), 2024, 45(1): 66-73.
[29] SHOU D, LI C, WANG Z, et al. An intrusion detection method based on attention mechanism to improve CNN-BILSTM model[J]. The Computer Journal, 2024, 67(5): 1851-1865.