基于开放集的入侵检测方法研究  

作　　者：王春东 张嘉凯 WANG Chundong;ZHANG Jiakai(School of Computer Science and Engineering,Tianjin University of Technology,Tianjin 300384,China)

机构地区：[1]天津理工大学计算机科学与工程学院,天津300384

出　　处：《计算机科学》2024年第S02期919-924,共6页Computer Science

基　　金：国家自然科学基金联合基金项目(U1536122);天津市科委重大专项(15ZXDSGX00030)。

摘　　要：入侵检测是网络安全中的一项重要任务,旨在检测异常行为和潜在攻击。近几年,深度学习方法在入侵检测任务中取得了很大突破。但随着近几年互联网行业的迅猛发展,新型攻击类型不断增加,深度学习方法在测试中面对新型类别时,往往会以高置信度给出一个已知类别中的预测结果,导致无法识别未知攻击。基于此,提出一种基于不确定性建模的开放集识别方法,即将MC-Dropout应用于深度学习分类器中以捕获不确定性,从而获得高质量预测概率。该开放集合识别方法不仅能够对已知类别进行分类,同时还能够对未知类别进行判别。通过在CICIDS2017数据集上验证,所提出的方法能够实现对未知类别的检测,和其他现有方法相比具有一定的先进性,各项指标与基准模型对比均取得最好表现,能有效地应用于现实的网络环境。Intrusion detection is an important task in network security,which aims to detect anomalous behaviors and potential attacks.In recent years,deep learning methods have made great breakthroughs in intrusion detection tasks.However,with the rapid development of the Internet industry in recent years,new types of attacks are increasing,and deep learning methods tend to give a prediction result in a known category with high confidence when faced with a new type of category in testing,resulting in the inability to recognize unknown attacks.Based on this,this paper proposes an open set identification method based on uncertainty modeling,i.e.,MC-Dropout is applied to deep learning classifiers to capture uncertainty and thus obtain high-quality prediction probabilities.This open set identification method is not only able to classify known categories,but also able to discriminate unknown categories.The proposed method is validated on the CICIDS2017 dataset,and is able to achieve the detection of unknown categories,and has a certain degree of sophistication compared with other existing methods,and achieves the best performance in all the metrics compared with the benchmark model,which can be effectively applied to the real-world network environment.

关 键 词：入侵检测 开放集识别 深度学习 MC-Dropout 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]