Computer Engineering and Applications ›› 2021, Vol. 57 ›› Issue (21): 155-164.DOI: 10.3778/j.issn.1002-8331.2007-0264

Previous Articles     Next Articles

Research on GAN-SDAE-RF Model for Network Intrusion Detection

AN Lei, HAN Zhonghua, LIN Shuo, SHANG Wenli   

  1. 1.Faculty of Information and Control Engineering, Shenyang Jianzhu University, Shenyang 110168, China
    2.Department of Digital Factory, Shenyang Institute of Automation, Chinese Academy of Sciences(CAS), Shenyang 110016, China
    3.Department of Industrial Control Network and System, Shenyang Institute of Automation, Chinese Academy of Sciences, Shenyang 110016, China
    4.Key Laboratory of Network Control System, Chinese Academy of Sciences, Shenyang 110016, China
    5.Institutes for Robotics and Intelligent Manufacturing, Chinese Academy of Sciences, Shenyang 110016, China
  • Online:2021-11-01 Published:2021-11-04



  1. 1.沈阳建筑大学 信息与控制工程学院,沈阳 110168
    2.中国科学院 沈阳自动化研究所 数字工厂研究室,沈阳 110016
    3.中国科学院 沈阳自动化研究所 工业控制网络与系统研究室,沈阳 110016
    4.中国科学院 网络化控制系统重点实验室,沈阳 110016
    5.中国科学院 机器人与智能制造创新研究院,沈阳 110016


Aiming at the problem of low detection rate of rare attacks in traditional machine learning methods when dealing with unbalanced massive high-dimensional data, an intrusion detection model based on deep learning and random forest algorithm is proposed. In order to avoid the problems of low classification accuracy, poor stability and low detection rate of rare attacks when traditional random forests face high-dimensional data and unbalanced data, Generative Adversarial Network and Stacked Denoising Autoencoder are introduced into the Random Forest algorithm for improvement. The rare attack data set is input into the GAN neural network to generate a new attack sample to improve the uneven distribution of network intrusion data in the sample set. The deep-stacked SDAE extracts the distribution rules of the network data layer by layer, and combines the coefficient penalty and reconstruction error of each coding layer to determine the features related to the intrusion behavior in the high-dimensional data. The forest decision tree is constructed based on the characteristic data after dimension reduction.  The experimental results using the UNSW-NB15 data set show that compared with SVM, KNN, CNN, LSTM, and DBN methods, the overall detection accuracy of GAN-SDAE-RF has increased by 9.39% on average, and the FPR and FNR have decreased by 9% and 15.24% on average. The detection rates on Shellcode, Backdoor, and Worms have increased by 26.8%, 27.98%, 27.85%, and 39.97% respectively.

Key words: deep learning, generative adversarial network, stacked denoising autoencoder, random forest



关键词: 深度学习, 生成式对抗网络, 栈式降噪自编码器, 随机森林算法