基于DeepInsight和迁移学习的入侵检测技术  被引量：1

作　　者：刘文琪 胡涛[2] 闫洁 李煌 李诗佳 葛红娟[1] LIU Wenqi;HU Tao;YAN Jie;LI Huang;LI Shijia;GE Hongjuan(College of Civil Aviation,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China;Avic China Aero-Polytechnology Establishment,Beijing 100028,China;The 54th Research Institute of China Electronics Technology Group Corporation,Shijiazhuang 050081,China)

机构地区：[1]南京航空航天大学民航学院,南京211106 [2]中国航空综合技术研究所,北京100028 [3]中国电子科技集团公司第五十四研究所,石家庄050081

出　　处：《工程科学学报》2024年第12期2238-2245,共8页Chinese Journal of Engineering

基　　金：国家自然科学基金民航联合基金重点资助项目(U2133203,U2233205)。

摘　　要：针对入侵检测研究中,入侵检测训练样本较少、样本不平衡等问题,本文提出一种基于DeepInsight和迁移学习的入侵检测方法 DI–TL–CNN (DeepInsight–transfer learning–convolutional neural network,DI–TL–CNN).分析采用DeepInsight方法将入侵数据转换为适合CNN模型输入的图像数据集的过程;研究基于VGG16模型的训练方法,并进一步利用迁移学习开展目标域入侵检测的过程.通过冻结和微调CNN模型中不同模块参数,比较研究了6种迁移方案,并基于数据集实验研究,获得优化方案.采用以UNSW-NB15为基础的不平衡数据集作为方法验证对象,进行网络的入侵检测分析,验证本文提出的DI–TL–CNN方法的正确性;进一步实验比较研究本文提出的方法与其他方法的检测性能,实验结果表明,DI–TL–CNN方法更加适用于样本较小和不平衡数据情况下的入侵检测,其准确率和召回率等性能指标均优于其他检测方法,具有良好的应用前景.In the dynamic field of the internet in modern life,networks are increasingly vulnerable to a diverse range of cyberattacks.Conventional intrusion detection systems based on machine learning techniques require a large number of samples for training.However,in some scenarios,only a limited number of malicious samples can be collected.To address the issue of insufficient training samples and unbalanced sample classes for intrusion detection system in real network environments,this paper proposes an intrusion detection method named DeepInsight–transfer learning–convolutional neural network(DI–TL–CNN),which is based on DI and TL.First,the DI method is used to convert the intrusion dataset into an image form suitable for CNN model input.The DI method can transform text while maintaining the semantic relationships between data points,thereby providing high-quality images.In this step,we map the 1D feature vector representation of the input data onto the 2D image representation using T-SNE and construct 2D grayscale images.In the second step,we train and optimize the VGG16 model through TL and fine-tuning,enhancing the model’s adaptability and performance.We propose six TL schemes by freezing and fine-tuning the parameters of different modules in the CNN model to enhance intrusion detection performance.In the TL process,the VGG16 model,pretrained on the ImageNet dataset,demonstrates promising results for generic image classification tasks.The bottom layers of CNN models often learn basic feature patterns that are applicable to various tasks,while the features acquired by the top layers of the model are specific to the target domain intrusion dataset.Fine-tuning allows the model to adjust the pretrained architecture’s higher-order features to better match the targeted dataset.During the training process,the bottom layers of the pretrained architecture are frozen,whereas the top layers are unfrozen for fine-tuning.The optimal intrusion detection model is determined through a comparison of the performance of th

关 键 词：入侵检测 DeepInsight 迁移学习 迁移方案 卷积神经网络 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]