基于聚类和非对称自编码的低频攻击检测方法  

作　　者：聂俊珂 马鹏 苏旸 王绪安[1,2] NIE Junke;MA Peng;SU Yang;WANG Xu’an(College of Cryptographic Engineering,Engineering University of Armed Police Force,Xi’an 710086,China;Key Laboratory of Network and Information Security of Armed Police Force,Engineering University of Armed Police Force,Xi’an 710086,China)

机构地区：[1]武警工程大学密码工程学院,陕西西安710086 [2]武警工程大学网络与信息安全武警部队重点实验室,陕西西安710086

出　　处：《现代电子技术》2020年第20期87-91,共5页Modern Electronics Technique

基　　金：国家自然科学基金资助项目(61772550);国家自然科学基金资助项目(U1636114);国家自然科学基金资助项目(61572521)。

摘　　要：针对传统网络入侵检测方法无法有效检测高维网络下的低频攻击问题,提出一种结合聚类方法与非对称堆叠去噪自动编码器(ASDA)进行改进的入侵检测方法。该方法首先利用非对称堆叠去噪自动编码器对网络入侵数据进行数据特征提取和降维的操作,将输出结果进行重构平衡。将平衡重构后的数据集作为输入,利用改进K均值和密度聚类(DBSCAN)相结合的聚类分析技术进行特征选择,将选择后的特征数据作为输入,利用浅层学习分类器随机森林(RF)进行分类识别。实验结果证明,该文方法与传统入侵检测方法相比,提升了高维网络下低频攻击的检测准确率及效率,同时降低了误报率。In allusion to the problem that the traditional network intrusion detection method cannot effectively detect low⁃frequency attack in the high⁃dimensional networks,a improved intrusion detection method combing the clustering method with the asymmetric stacked denosing autoencoder(ASDA)is proposed.In this method,the ASDA is utilized to extract data features and reduce dimension of network intrusion data,and then the output results are reconstructed to balance dataset.The reconstructed equilibrium dataset is taken as the input,and the clustering analysis technology combing the improved K⁃Means and density⁃based spatial clustering of applications with noise(DBSCAN)is utilized to select the feature data.The selected feature data is used as input,and the shallow learning classifier random forests(RF)is used to conduct the classification and identification.The experimental results show that,in comparison with the traditional intrusion detection method,this method can promote the accuracy and efficiency of low⁃frequency attacks detection in high⁃dimensional networks,and reduce the false alarm rate.

关 键 词：低频攻击 入侵检测 高维网络 聚类分析 特征提取 分类识别 

分 类 号：TN752-34[电子电信—电路与系统] TP393[自动化与计算机技术—计算机应用技术]