基于半监督学习的无线网络攻击行为检测优化方法  被引量：43

作　　者：王婷[1,2] 王娜 崔运鹏[1,2] 李欢 Wang Ting;Wang Na;Cui Yunpeng;Li Huan(Agricultural Information Institute,Chinese Academy of Agricultural Sciences,Beijing 100081;Key Laboratory of Big Agri-Data(Agricultural Information Institute,Chinese Academy of Agricultural Sciences),Ministry of Agriculture and Rural Areas,Beijing 100081;Unit 96962,Beijing 102206)

机构地区：[1]中国农业科学院农业信息研究所,北京100081 [2]农业农村部农业大数据重点实验室(中国农业科学院农业信息研究所),北京100081 [3]96962部队,北京102206

出　　处：《计算机研究与发展》2020年第4期791-802,共12页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(61672101);中国农业科学院基本科研业务费院级项目(Y2020XC15)。

摘　　要：针对如何优化深度学习技术在海量高维复杂的无线网络流量数据中有效发现异常攻击行为的问题,提出一种基于半监督学习的无线网络攻击行为检测优化方法(WiFi network attacks detection optimization method,WiFi-ADOM).首先基于无监督学习模型栈式稀疏自编码器提出2种网络流量特征表示向量:新特征值向量和原始特征权重值向量.然后利用原始特征权重值向量初始化监督学习模型深度神经网络的权重值得到网络攻击类型的预判结果,并通过无监督学习聚类方法Bi-kmeans对网络流量的新特征值向量进行聚类以生成未知攻击类型判别纠正项.最后结合预判结果和未知攻击类型判别纠正项,得到网络攻击类型的最终判定结果.通过和已有研究方法对比,在公开无线网络攻击行为数据集AWID上验证了WiFi-ADOM方法对网络攻击行为检测的优化性能,同时探索了与网络攻击检测相关的重要特征属性的问题.实验结果表明:WiFi-ADOM方法在保证准确率等检测性能的同时能够有效检测未知攻击类型,具备优化网络攻击行为检测的能力.Aiming to optimize the attacks detection in high-dimensional and complex wireless network traffic data with deep learning technology,this paper proposed a WiFi-ADOM(WiFi network attacks detection optimization method)based on semi-supervised learning.Firstly,based on stacked sparse auto-encoder(SSAE),which is an unsupervised learning model,two types of network traffic feature representation vectors are proposed:new feature value vector and original feature weight value vector.Then,the original feature weight value vector is used to initialize the weight value of the supervised learning model deep neural network to obtain the preliminary result of the attack type,and the unsupervised learning clustering method Bi-kmeans is used to produce the corrective term for unknown attacks discrimination with the new feature value vectors.Finally,the preliminary result of the attack type and the corrective term of the unknown attacks discrimination are combined to obtain the final result of the attack type.Compared with the existing attacks detection methods with the public wireless network traffic data set AWID,the optimal performance of the method of WiFi-ADOM for network attacks detection is verified.At the same time,the importance of features in network attacks detection is explored.The results show that the method of WiFi-ADOM can effectively detect unknown attacks while ensuring detection performance.

关 键 词：网络攻击行为检测 网络入侵检测 半监督学习 深度学习 Bi-kmeans聚类 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]