基于时间卷积网络的无监督入侵检测模型  

作　　者：廖金菊 丁嘉伟 冯光辉 LIAO Jinju;DING Jiawei;FENG Guanghui(School of Information Engineering,Zhengzhou University of Industrial Technology,Zhengzhou 451150,China;School of Computer Science and Cyber Engineering,Guangzhou University,Guangzhou 510006,China)

机构地区：[1]郑州工业应用技术学院信息工程学院,河南郑州451150 [2]广州大学计算机科学与网络工程学院,广东广州510006

出　　处：《电信科学》2025年第1期164-173,共10页Telecommunications Science

基　　金：教育部产学合作协同育人项目(No.220602236285739);广东省自然科学基金面上项目(No.2022A1515011386)。

摘　　要：现有的多数入侵检测模型通过长短期记忆(long short-term memory,LSTM)网络评估数据之间的时间依赖性。然而,LSTM网络处理序列数据增加了训练模型的计算复杂度和存储成本。为此,提出了基于多头注意力机制和时间卷积网络的无监督入侵检测模型(unsupervised intrusion detection model based on multihead attention mechanism or temporal convolutional network,UDMT)。UDMT不依赖于LSTM网络,它利用时间卷积网络和多头注意力机制构建生成对抗网络的生成器和决策器,实现计算的并行化,进而降低复杂度。同时,UDMT不依赖于标签的攻击数据,它具有检测已知攻击和未知攻击的能力。此外,UDMT采用不同的隐藏层模式,配置灵活,以满足不同的检测率和检测时延的要求。相比于两个同类的检测模型,提出的UDMT能获取更高的检测率和更低的检测时延。Most existing intrusion detection models rely on long short-term memory(LSTM)networks to consider time-dependencies among data.However,LSTM’s sequential data processing significantly increases computational complexity and memory consumption during training.Therefore,unsupervised intrusion detection model based on multi-head attention mechanism and temporal convolutional network(UDMT)was proposed.UDMT didn’trely on LSTM networks.Instead,it used temporal convolutional network and multi-head attention mechanism in the genera‐tive adversarial network generator and discriminator networks to enable more computation parallelization,and re‐duced computational complexity.Moreover,UDMT was capable of detecting both known and zero-day attacks with‐out relying on labeled attack data.In addition,UDMT can adopt different privacy layer modes,and the configuration was flexible to meet the requirements of different detection rates and detection delays.Experiment results show that the proposed UDMT has higher detection rate and lower detection latency than two state-of-the-art intrusion detection models.

关 键 词：入侵检测模型 长短期记忆网络 生成对抗网络 多头注意力机制 时间卷积网络 

分 类 号：TN393[电子电信—物理电子学]