基于双向循环生成对抗网络的无线传感网入侵检测方法  被引量：18

作　　者：刘拥民[1,2] 杨钰津 罗皓懿 黄浩 谢铁强 LIU Yongmin;YANG Yujin;LUO Haoyi;HUANG Hao;XIE Tieqiang(School of Computer and Information Engineering,Central South University of Forestry and Technology,Changsha Hunan 410004,China;Smart Forest Cloud Research Center,Central South University of Forestry and Technology,Changsha Hunan 410004,China)

机构地区：[1]中南林业科技大学计算机与信息工程学院,长沙410004 [2]中南林业科技大学智慧林业云研究中心,长沙410004

出　　处：《计算机应用》2023年第1期160-168,共9页journal of Computer Applications

基　　金：国家自然科学基金资助项目(31870532);湖南省自然科学基金资助项目(2021JJ31163);湖南省教育科学“十三五”规划2020年度基金资助项目(XJK20BGD048)。

摘　　要：针对无线传感器网络(WSN)入侵检测方法在离散高维特征的不平衡数据集上检测精度低和泛化能力差的问题,提出一种基于双向循环生成对抗网络的WSN入侵检测方法 BiCirGAN。首先,引入对抗学习异常检测(ALAD)通过潜在空间合理地表示高维、离散的原始特征,提高对原始特征的可理解性。其次,采用双向循环对抗的结构确保真实空间和潜在空间双向循环的一致性,从而保证生成对抗网络(GAN)训练的稳定性,并提高异常检测的性能。同时,引入Wasserstein距离和谱归一化优化方法改进GAN的目标函数,以进一步解决GAN的模式崩坏与生成器缺乏多样性的问题。最后,由于入侵攻击数据的统计属性随时间以不可预见的方式变化,建立带有Dropout操作的全连接层网络对异常检测结果进行优化。实验结果表明,在KDD99、UNSW-NB15和WSN_DS数据集上,相较于AnoGAN、BiGAN、MAD-GAN以及ALAD方法,BiCirGAN在检测精确度上提高了3.9%~33.0%,且平均推断速度是ALAD方法的4.67倍。Aiming at the problems of low detection accuracy and poor generalization ability of Wreless Sensor Network(WSN) intrusion detection methods on imbalanced datasets with discrete high-dimensional features, an intrusion detection method for WSN based on Bidirectional Circulation Generative Adversarial Network was proposed, namely BiCirGAN.Firstly, Adversarially Learned Anomaly Detection(ALAD) was introduced to improve the understandability of the original features by reasonably representing the high-dimensional, discrete original features through the latent space. Secondly, the bidirectional circulation adversarial structure was adopted to ensure the consistency of bidirectional circulation in real space and latent space, thereby ensuring the stability of Generative Adversarial Network(GAN) training and improving performance of anomaly detection. At the same time, Wasserstein distance and spectral normalization optimization methods were introduced to improve the objective function of GAN to further solve the problems of mode collapse of GAN and lack of diversity of generators. Finally, because the statistical properties of intrusion attack data changed in an unpredictable way over time, a full connection layer network with Dropout operation was established to optimize the anomaly detection results.Experimental results on KDD99, UNSW-NB15 and WSN_DS datasets show that compared to Anomaly detection with GAN(AnoGAN), Bidirectional GAN(BiGAN), Multivariate Anomaly Detection with GAN(MAD-GAN) and ALAD methods, BiCirGAN has a 3. 9% to 33. 0% improvement in detection accuracy, and the average inference speed is 4. 67 times faster than that of ALAD method.

关 键 词：无线传感器网络 入侵检测 生成对抗网络 谱归一化 对抗学习 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]