基于堆叠稀疏去噪自编码器的混合入侵检测方法  被引量：3

作　　者：田世林 李焕洲[1,2] 唐彰国[1,2] 张健[1,2] 李其臻 TIAN Shilin;LI Huanzhou;TANG Zhangguo;ZHANG Jian;LI Qizhen(School of Physics and Electronic Engineering,Sichuan Normal University,Chengdu 610101,Sichuan;Institute of Cyber and Communication Technology,Sichuan Normal University,Chengdu 610101,Sichuan)

机构地区：[1]四川师范大学物理与电子工程学院,四川成都610101 [2]四川师范大学网络与通信技术研究所,四川成都610101

出　　处：《四川师范大学学报（自然科学版）》2024年第4期517-527,共11页Journal of Sichuan Normal University（Natural Science）

基　　金：国家自然科学基金(U1836103);四川省高校重点实验室重点项目(WSN2022001)。

摘　　要：针对高维数据场景下传统入侵检测方法特征提取困难、检测准确率低等问题,提出一种集成多种深度学习模型的混合入侵检测方法.该方法由特征降维算法和混合检测模型2部分组成.首先,利用堆叠稀疏去噪自编码器对原始数据进行特征降维,从而剔除可能存在的噪声干扰和冗余信息.然后,采用一维卷积神经网络和双向门控循环单元学习数据中的空间维度特征和时序维度特征,将融合后的空时特征通过注意力分配不同的权重系数,从而使有用的信息得到更好表达,再经由全连接层训练后进行分类.为检验方案的可行性,在UNSW-NB15数据集上进行验证.结果表明,该模型与其他同类型入侵检测算法相比,拥有更优秀的检测性能,其准确率达到99.57%,误报率仅为0.68%.In order to solve the problems of difficult feature extraction and low detection accuracy of traditional intrusion detection methods in high-dimensional data scenarios,a hybrid intrusion detection method integrating multiple deep learning models is proposed.The method includes two parts:feature dimensionality reduction algorithm and hybrid detection model.First,the feature dimensionality reduction of the original data is performed by using the stacked sparse denoising autoencoder,so as to eliminate possible noise interference and redundant information.Then,a one-dimensional convolutional neural network and a two-way gated recurrent unit are used to learn the spatial dimension features and temporal dimension features in the data,and the fused space-time features are assigned different weight coefficients through attention,so that useful information can be obtained with better expression,and then classified after fully connected layer training.In order to test the feasibility of the scheme,it is verified on the UNSW-NB15 dataset.The results show that the model has better detection performance than other intrusion detection algorithms of the same type,with an accuracy rate of 99.57%and a false alarm rate of only 0.68%.

关 键 词：异常检测 注意力机制 堆叠稀疏去噪自编码器 一维卷积神经网络 双向门控循环单元 

分 类 号：TP309.5[自动化与计算机技术—计算机系统结构]