基于去噪扩散概率模型的网络流量入侵检测方法研究  

作　　者：王子昂 汤艳君[1] 王子晨 王子祎 Wang Ziang;Tang Yanjun;Wang Zichen;Wang Ziyi(School of Public Security Information Technology and Intelligence,Criminal Investigation Police University of China,Shenyang 110854)

机构地区：[1]中国刑事警察学院公安信息技术与情报学院,沈阳110854

出　　处：《信息安全研究》2024年第5期421-430,共10页Journal of Information Security Research

基　　金：辽宁网络安全执法协同创新中心项目(WXZX201912002);中国刑事警察学院研究生创新能力提升项目(2023YCYB32)。

摘　　要：互联网、物联网技术的迅猛发展,保障网络系统的安全性成为一项紧迫的任务.然而,传统的入侵检测模型在面对复杂网络环境中的稀有类攻击流量时存在局限性,不同种类网络流量的数据不平衡性会影响模型整体的分类性能.针对以上问题,提出基于去噪扩散概率模型的网络流量入侵检测方法——DDPM_1DCNN_BiLSTM,使用去噪扩散概率模型生成稀有类攻击流量数据进行样本扩充,使用融合自注意力机制的1DCNN_BiLSTM模型进行特征的提取与流量检测.实验使用不平衡入侵检测数据集NSL-KDD,将1DCNN_BiLSTM与包括randomforest,decisiontree等现有常见分类模型分别在原始训练集与平衡化数据集上训练,并使用训练后的模型对同一测试集分类.实验结果表明,由平衡化数据集训练出的各种现有分类模型相较于由原始不平衡数据集训练出的模型,前者在测试集中表现的效果更好,并且所提方法相较于常见的入侵检测方法具有更高的准确率与F1分数,证明了所提方法对提高稀有类攻击流量检出率与入侵检测综合能力的有效性.The rapid development of the Internet and Internet of things(IoT)technologies has made it an urgent task to guarantee the security of network systems.However,traditional intrusion detection models have limitations when facing with rare classes of attack traffic in complex network environments.The imbalance in data across different types of network traffic adversely affects the overall classification performance of these models.To address the above issues,this paper proposes an intrusion detection method,DDPM_1DCNN_BiLSTM,based on a denoising diffusion probability model.The proposed method utilizes diffusion probabilistic model to generate rare classes of attack traffic data for sample augmentation.Subsequently,1DCNN_BiLSTM model integrated withself-attention mechanism are used to extract features and detect traffic.The experiments use the unbalanced intrusion detection dataset NSL-KDD to train 1DCNN_BiLSTM with existing common classification models including randomforest,decisiontree,etc.on the original training set and the balanced dataset respectively,and uses the trained model to classify the same test set.The experimental results indicate that various existing classification models trained on the balanced dataset perform better in the test set compared to the models trained on the original unbalanced dataset.Furthermore,the proposed method has higher accuracy and F1 score compared to common intrusion detection methods,proving the effectiveness of the proposed method to improve the detection rate of the rare class of attack traffic and the comprehensive capability of intrusion detection.

关 键 词：去噪扩散概率模型 入侵检测 稀有类攻击流量 不平衡数据 深度学习 

分 类 号：TP391.44[自动化与计算机技术—计算机应用技术] TN915.08[自动化与计算机技术—计算机科学与技术]