Computer Engineering and Applications ›› 2022, Vol. 58 ›› Issue (13): 119-127.DOI: 10.3778/j.issn.1002-8331.2103-0443

• Network, Communication and Security • Previous Articles     Next Articles

Intrusion Detection Algorithm Combining Convolutional Neural Network and Three-Branch Decision

WU Qirui, HUANG Shucheng   

  1. College of Computer, Jiangsu University of Science and Technology, Zhenjiang, Jiangsu 212003, China
  • Online:2022-07-01 Published:2022-07-01

结合卷积神经网络和三支决策的入侵检测算法

吴启睿,黄树成   

  1. 江苏科技大学 计算机学院,江苏 镇江 212003

Abstract: With the diversification and intelligentization of network intrusion behaviors, traditional intrusion detection algorithms have problems such as inadequate feature extraction and inaccurate model classification when they process massive data with high-dimensional feature and non-linearity. Therefore, an intrusion detection algorithm combining convolutional neural network(CNN) and three-way decision(TWD) is proposed. Convolutional neural network has superior feature extraction ability. At the same time, three-way decision can avoid the risk caused by blind classification due to insufficient information, and reduce the time in classification. This method uses the convolutional neural network to extract high-dimensional data feature and constructs multi-granularity feature space. Then, the real-time decision on network behavior will be made through the theory of three-way decision. When the network behavior cannot be decided immediately, deferred decisions are made. In other words, this part of network behavior will be extracted again to construct feature spaces of different granularity. Finally, the classification results will be output. Experimental results on NSL-KDD and CIC-IDS2017 data sets show that the proposed algorithm can improve the performance of intrusion detection system.

Key words: convolutional neural network(CNN), three-way decision(TWD), feature extraction, intrusion detection

摘要: 随着网络入侵行为的多样化和智能化,传统的入侵检测算法在面对高维特征、非线性的海量数据时,存在特征提取不充分、模型分类不够精确等问题,为此,提出了一种结合卷积神经网络(convolutional neural networks,CNN)和三支决策(three-way decision,TWD)的入侵检测算法。卷积神经网络具有优越的特征提取能力;同时,三支决策可以规避因信息不足而盲目分类造成的风险,且减少分类所耗费的时间。该方法通过卷积神经网络对高维数据进行特征提取,构建多粒度特征空间,然后基于三支决策理论对网络行为做出即时决策,对于无法即时决策的网络行为进行延迟决策,即对该部分网络行为再次特征提取以构建不同的粒度特征空间,最后输出分类结果。该方法建立的模型在NSL-KDD、CIC-IDS2017数据集上的实验结果表明,提出的算法可以提升入侵检测系统的性能。

关键词: 卷积神经网络, 三支决策, 特征提取, 入侵检测