基于Attention-BiTCN的网络入侵检测方法  被引量：7

作　　者：孙红哲 王坚[1] 王鹏[1] 安雨龙 SUN Hongzhe;WANG Jian;WANG Peng;AN Yulong(School of Air and Missile Defense,Air Force Engineering University,Xi'an 710051,China;Key Laboratory for Fault Diagnosis and Maintenance of Spacecraft in-Orbit,Xi'an 710043,China)

机构地区：[1]空军工程大学防空反导学院,西安710051 [2]航天器在轨故障诊断与维修重点实验室,西安710043

出　　处：《信息网络安全》2024年第2期309-318,共10页Netinfo Security

基　　金：国家自然科学基金[61703426,61876189]。

摘　　要：为解决网络入侵检测领域多分类准确率不高的问题,文章根据网络流量数据具有时序特征的特点,提出一种基于注意力机制和双向时间卷积神经网络(BiDirectional Temporal Convolutional Network,BiTCN)的网络入侵检测模型。首先,该模型对数据集进行独热编码和归一化处置等预处理,解决网络流量数据离散性强和标度不统一的问题;其次,将预处理好的数据经双向滑窗法生成双向序列,并同步输入Attention-Bi TCN模型中;然后,提取双向时序特征并通过加性方式融合,得到时序信息被增强后的融合特征;最后,使用Softmax函数对融合特征进行多种攻击行为检测识别。文章所提模型在NSL-KDD和UNSW-NB15数据集上进行实验验证,多分类准确率分别达到99.70%和84.07%,优于传统网络入侵检测算法,且比其他深度学习模型在检测性能上有显著提升。In order to solve the problem of low accuracy of multi-classification in network intrusion detection field,the proposed algorithm analyzed the time series characteristics of network traffic data,an intrusion detection model based on attention mechanism and bi-directional temporal convolutional network(BiTCN)was convolutional neural network.In this model,the data set was pre-processed by heat-only coding and normalization to solve the problem of strong discreteness and different scale of network traffic data,and the pre-processed data were generated into bidirectional sequence by bidirectional sliding window method,attention-bitcn model was used to extract the bidirectional temporal features and integrate them in an additive manner to obtain the fusion features enhanced by temporal information.The proposed model is experimentally verified by the datasets of NSL-KDD and UNSW-NB15,and the accuracy of multiple classification reached 99.70%and 84.07%respectively,which is superior to traditional network intrusion detection algorithms and has more significant detection performance than other deep learning models.

关 键 词：入侵检测 注意力机制 BiTCN 双向滑窗法 融合特征 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]