基于CNN结合BiGRU的恶意流量分类算法研究  被引量：1

作　　者：杨永平 王思婷 YANG Yongping;WANG Siting(School of Information Technology,Beijing Normal University,Zhuhai,Zhuhai,Guangdong 519087,China;National Key Laboratory of Mobile Security,Beijing University of Posts and Telecommunications,Beijing 100876,China)

机构地区：[1]北京师范大学珠海分校信息技术学院,广东珠海519087 [2]北京邮电大学国家移动安全重点实验室,北京100876

出　　处：《计算机科学》2024年第S02期857-865,共9页Computer Science

基　　金：广东省教育厅科技项目(2020KTSCX175);北京师范大学珠海分校校内教研项目(202041)。

摘　　要：网络入侵检测是一项重要的网络安全技术,恶意流量识别分类是网络入侵检测的基础。利用端口检测技术、深度包检测技术、特征工程机器学习算法检测技术在当前网络环境下进行流量识别分类已失效或不易实施,因此文中提出了结合卷积神经网络和循环神经网络改进简化模型门控循环单元的恶意流量识别分类算法模型CNNBiGRU,运用卷积神经网络CNN提取网络流结构特征和空间特征,双向门控循环单元BiGRU提取序列特征,符合网络流兼具空间结构和序列特征的特点。在CIC-IDS2017公开数据集上进行了测试和模型优化与参数选择,实验结果表明所提算法比经典机器学习算法在分类效果上有一定的优势而且不需要特征工程,与单一神经网络算法相比也具有更好的识别效果,与融合神经网络算法在同等准确率目标衡量下又有一定的学习迭代次数优势,具有更高的学习效率。Network intrusion detection is an important network security technology,malicious traffic recognition and classification is the basis of network intrusion detection.In the current network environment,port detection technology,deep packet detection technology,and feature engineering machine learning algorithm detection technology for malicious traffic identification and classification have failed or are not easy to implement.This paper proposes a malicious traffic recognition classification algorithm model CNNBiGRU,which combines convolutional neural network and bidirectional gated recurrent unit.CNNBiGRU uses convolutional neural network CNN to extract network flow structure features and spatial features,and uses bidirectional gated recurrent unit BiGRU to extract sequence features,which is consistent with the characteristics of network flow with both spatial structure and sequence features.Tests and model optimization and parameter selection are performed on the CIC-IDS2017 dataset.The experimental results show that the proposed algorithm has certain advantages in classification effect and no feature engineering is required compared with the classical machine learning algorithm,and also has better recognition effect compared with the single-neural network algorithm.Compared with the fusion neural network algorithm,it maintains the same high detection result and has a little advantage in the number of learning iterations under the same accuracy target measurement.

关 键 词：恶意流量分类 深度学习 卷积神经网络 双向门控循环单元 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]