融合WaveNet和BiGRU的网络入侵检测方法  被引量：17

作　　者：马泽煊 李进[1] 路艳丽[1] 陈晨 MA Zexuan;LI Jin;LU Yanli;CHEN Chen(School of Air and Missile Defense,Air Force Engineering University,Xi’an 710051,China;Xi’an Satellite Control Center,Xi’an 710043,China)

机构地区：[1]空军工程大学防空反导学院,陕西西安710051 [2]西安卫星测控中心,陕西西安710043

出　　处：《系统工程与电子技术》2022年第8期2652-2660,共9页Systems Engineering and Electronics

基　　金：国家自然科学基金(61703426,61806219,61876189);陕西省高校科协青年人才托举计划(20190108);陕西省创新能力支撑计划(2020KJXX-065)资助课题。

摘　　要：为解决当前入侵检测算法对于网络入侵的多分类准确率普遍不高的问题,鉴于网络入侵数据具有时间序列特性,提出一种融合WaveNet和双向门控循环单元(bi-directional gated recurrent unit, BiGRU)的网络入侵检测方法。为解决原始攻击数据分布广、离散性强的问题,首先对数据进行独热编码及归一化处理,之后使用WaveNet进行卷积操作,对数据进行序列缩短处理,同时使用最大、平均池化融合的方法全面提取数据特征,最后由BiGRU完成对模型的训练并实现分类。基于NSL-KDD、UNSW-NB15以及CIC-IDS2017数据集进行了对比实验,结果表明,所提方法对于上述数据集的准确率分别能够达到99.62%、83.98%以及99.86%,较同类型的CNN-BiLSTM分别提升了0.4%、1.9%以及0.1%。In order to solve the problem that the accuracy of current intrusion detection algorithms for network intrusion multi classification is generally not high, in view of the time series characteristics of network intrusion data, a network intrusion detection method combining WaveNet and bi-directional gated recurrent unit(BiGRU) is proposed. In order to solve the problem of wide distribution and strong discreteness of the original attack data, the data is encoded and normalized firstly. Then the WaveNet is used for convolution operation to shorten the sequence of the data, and the data features are extracted by the maximum and average pooling parallel method. Finally, BiGRU completes the training of the model and realizes the classification. Based on NSL-KDD, UNSW-NB15 and CIC-IDS2017 data set, a comparative experiment is carried out. The results show that the accuracy of the proposed method for the above data sets can reach 99.62%, 83.98% and 99.86% respectively, which is 0.4%, 1.9% and 0.1% higher than that of CNN-BiLSTM of the same type.

关 键 词：入侵检测 双向门控循环单元 池化融合 特征提取 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]