Computer Engineering and Applications ›› 2021, Vol. 57 ›› Issue (19): 142-149.DOI: 10.3778/j.issn.1002-8331.2006-0220

Previous Articles     Next Articles

Intrusion Detection Method Based on Two-Layer Attention Networks

CAO Lei, LI Zhanbin, YANG Yongsheng, ZHAO Longfei   

  1. 1.National Marine Data and Information Service, Tianjin 300171, China
    2.Institute of Public Safety Research, Tsinghua University, Beijing 100084, China
  • Online:2021-10-01 Published:2021-09-29

基于双层注意力神经网络的入侵检测方法

曹磊,李占斌,杨永胜,赵龙飞   

  1. 1.国家海洋信息中心,天津 300171
    2.清华大学 公共安全研究院,北京 100084

Abstract:

Network-based intrusion detection technology, as an important security protection means, plays an important role in timely detection of network attacks. Currently, machine learning algorithms using feature engineering are common methods for detecting and analyzing network intrusions, but manually designed features often lose important information of payload data. In addition, different data packets in the network attack traffic play different roles in intrusion detection, but most existing algorithms are not capable of capturing important information. To address the above problems, this paper proposes a new deep learning model L2-AMNN, which directly extracts the raw network traffic payload data as samples without complex feature engineering, and introduces a two-layer attention on the basis of bidirectional Long Short-Term Memory(LSTM) network to capture keyword bytes information and data packets information to generate more accurate feature vectors of intrusion detection. The experimental results show that compared with SVM, DNN, LSTM and other models, L2-AMNN improves the accuracy and detection rate of network intrusion detection by an average of 4.05% and 2.48%, and reduces the false alarm rate and miss rate by an average of 4.41% and 2.61%, and the overall detection performance is better than other similar models.

Key words: cyber security, intrusion detection, deep learning, attention mechanism, Long Short-Term Memory(LSTM)

摘要:

基于网络的入侵检测技术作为一种重要的安全防护手段,对及时发现网络攻击行为起着重要的作用。目前,采用特征工程的机器学习算法是检测分析网络入侵的常用方法,但是人工设计的特征往往会丢失有效载荷的重要信息;另外,网络攻击流量中的不同数据包信息在入侵检测中所起的作用是不同的,而现有算法大都对重要信息的捕捉能力不足。针对上述问题,提出了一种新的深度学习模型L2-AMNN,无需复杂的特征工程,直接提取原始网络流量的有效载荷数据作为样本,在双向长短时记忆神经网络基础上,引入双层注意力机制,捕获关键字节信息和数据包信息,生成更加准确的入侵检测特征向量。实验结果表明,与SVM、DNN、LSTM等模型相比,L2-AMNN对网络入侵检测的准确率、检出率平均提升了4.05%和2.48%,同时误报率、漏报率平均降低了4.41%和2.61%,总体检测性能优于其他同类模型。

关键词: 网络安全, 入侵检测, 深度学习, 注意力机制, 长短时记忆神经网络