网络入侵检测是网络安全领域中重要的手段,而异常流量检测是入侵检测中的关键技术。针对传统检测模型误报率高、效率低的问题,提出一种基于多头注意力融合门控循环单元—卷积神经网络模型(MA-GRUCNN)的异常流量检测模型。利用XGBoost进行特征降维,将降维后的数据输入MA-GRUCNN模型中,通过卷积神经网络(CNN)提取流量数据高维特征,使用注意力机制捕捉全局依赖关系,并通过门控循环单元(GRU)捕获时间序列的长期依赖。在NSL-KDD数据集上的实验结果表明,该模型在检测准确率、精确率、召回率和F1得分方面均优于其他方法,检测准确率高达97.45%。
Abstract
Network intrusion detection is a crucial approach in the field of cybersecurity, with anomaly traffic detection being a key technique in intrusion detection. To address the issues of high false alarm rates and low efficiency in traditional detection models, this paper proposes an anomaly traffic detection model based on MA-GRUCNN. XGBoost is used for feature dimensionality reduction, and the reduced-dimensional data is then fed into the MA-GRUCNN model. CNN is employed to extract high-dimensional features from the traffic data, an attention mechanism is used to capture global dependencies, and GRU is utilized to capture long-term dependencies in the time series. Experimental results on the NSL-KDD dataset demonstrate that the proposed method outperforms other approaches in terms of detection accuracy, precision, recall, and F1 score, achieving a detection accuracy up to 97.45%.
关键词
CNN /
GRU /
特征提取 /
网络流量 /
异常检测
Key words
CNN /
GRU /
feature extraction /
network traffic /
anomaly detection
{{custom_sec.title}}
{{custom_sec.title}}
{{custom_sec.content}}
参考文献
[1] Imrana Y,Xiang Y,Ali L,et al.A bidirectional LSTM deep learning approach for intrusion detection[J].Expert Systems with Applications,2021,185:115524.
[2] 顾伟,行鸿彦,侯天浩.基于网络流量时空特征和自适应加权系数的异常流量检测方法[J].电子与信息学报,2024,46(6):2647-2654.
[3] Ikram S T,Cherukuri A K.Improving accuracy of intrusion detection model using PCA and optimized SVM[J].Journal of computing and information technology,2016,24(2):133-148.
[4] Wang H,Gu J,Wang S.An effective intrusion detection framework based on SVM with feature augmentation[J].Knowledge-Based Systems,2017(136):130-139.
[5] Kołodziej M,Majkowski A,Rysz A.Implementation of machine learning and deep learning techniques for the detection of epileptic seizures using intracranial electroencephalography[J].Applied Sciences,2023,13(15):8747.
[6] Li Y,Xu Y,Liu Z,et al.Robust detection for network intrusion of industrial IoT based on multi-CNN fusion[J].Measurement,2020,154:107450.
[7] Jiang F,Fu Y,Gupta B B,et al.Deep learning based multi-channel intelligent attack detection for data security[J].IEEE transactions on Sustainable Computing,2018,5(2):204-212.
[8] Al-Mhiqani M N,Ahmad R,Zainal Abidin Z,et al.A review of insider threat detection:Classification,machine learning techniques,datasets,open challenges,and recommendations[J].Applied Sciences,2020,10(15):5208.
[9] Patil S,Varadarajan V,Mazhar S M,et al.Explainable artificial intelligence for intrusion detection system[J].Electronics,2022,11(19):3079.
[10] Yang Y,Gu Y,Yan Y.Machine learning-based intrusion detection for rare-class network attacks[J].Electronics,2023,12(18):3911.
