基于联邦学习与卷积神经网络的入侵检测模型  

作　　者：罗文华[1] 张晓龙 Luo Wenhua;Zhang Xiaolong(School of Public Security Information Technology and Intelligence,Criminal Investigation Police University of China,Shenyang 110035)

机构地区：[1]中国刑事警察学院公安信息技术与情报学院,沈阳110035

出　　处：《信息安全研究》2024年第7期642-648,共7页Journal of Information Security Research

基　　金：国家重点研发计划项目(2021YFC3301801)。

摘　　要：网络入侵检测模型需要在大规模的网络流量数据中及时准确地识别出恶意数据,但单一机构的标签数据不足,各机构之间不愿共享数据,导致训练出的入侵检测模型性能不高.针对上述问题,提出一种基于联邦学习和1维卷积神经网络的入侵检测模型FL-1DCNN,在保证较高检测精度的同时,允许更多的参与方保护自身数据的隐私和安全,解决了标签数据不足的问题.FL-1DCNN模型首先对原始数据集进行一系列预处理操作,然后在联邦学习机制下将1维卷积神经网络作为各参与方的通用模型进行特征提取,最后通过Sigmoid分类器进行二分类.实验结果表明,FL-1DCNN模型在CICIDS2017数据集上的准确率达到96.5%,F1分数达到97.9%.此外,相较于传统集中式学习训练出的模型1DCNN,FL-1DCNN模型在训练时间上缩短了32.7%.The cyber intrusion detection model needs to identify the malicious data timely and accurately among the largescale cyber traffic data.However,due to the insufficient label data of a single institution and the unwillingness of various institutions to share data,the performance of the trained cyber intrusion detection model has low performance.In view of the above problems,this paper proposed an intrusion detection model FL-1DCNN,which combined federated learning and onedimensional convolutional neural network.While ensuring high detection accuracy,it allowed more participants to protect their data privacy and security,which solved the problem of insufficiency of the labeled data.The FL-1DCNN model first carried on a series of preprocessing operations on the original data set,then used the onedimensional convolutional neural network as the general model of each participant to extract features under the federated learning mechanism and finally performs binary classification using a sigmoid classifier.The experimental results show that the accuracy of the FL-1DCNN model on the CICIDS2017 dataset is 96.5%and the F1score of the FL-1DCNN model is 97.9%.In addition,compared to the traditional centralized training model 1DCNN,the FL-1DCNN model reduces training time by 32.7%.

关 键 词：入侵检测 联邦学习 深度学习 卷积神经网络 CICIDS2017数据集 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]