不平衡数据下面向包粒度应用层负载的轻量化入侵检测模型  

作　　者：杨毅铭 陈世平 YANG Yiming;CHEN Shiping(School of Optical-Electrical and Computer Engineering,University of Shanghai for Science and Technology,Shanghai 200093,China;University of Shanghai for Science and Technology Library,Shanghai 200093,China)

机构地区：[1]上海理工大学光电信息与计算机工程学院,上海200093 [2]上海理工大学图书馆,上海200093

出　　处：《小型微型计算机系统》2025年第2期465-473,共9页Journal of Chinese Computer Systems

基　　金：国家自然基金项目(61472256,61170277)资助;上海理工大学科技发展基金项目(16KJFZ035,2017KJFZ033)资助;沪江基金项目(A14006)资助。

摘　　要：网络入侵检测是一种重要的网络安全方案.目前网络入侵检测模型都有较高精确度,但是模型复杂,参数量和计算量较大.针对该问题,设计了一种新的基于包粒度应用层负载的网络入侵检测一维卷积轻量模型.本文首先对UNSWNB15数据集的原始流量文件进行包粒度应用层负载数据提取,构造一维灰度特征向量.在此基础上,本文提出一种由新的一维深度可分离卷积残差模块组成,融入了全局上下文注意力机制(Global Context Attention Module)的一维卷积轻量模型Fast Payload,并进行了针对性的模型优化和可行性论证.Fast Payload模型在UNSWNB15数据集上的9分类任务中宏平均准确率达到82.433%,加权平均精确率达到90.820%,均高于对比模型;同时,该模型计算量和参数量均低于对比模型.其次本文提出了二阶段类别平衡损失函数GHM2StageLoss,有效解决了数据集的类别不平衡问题,相比其他类别平衡损失函数,效果更好.为方便后续研究的复现,本研究开源部分源代码,网址为https://github.com/sadantange/FastPayload.Network intrusion detection is an important network security scheme.At present,the NIDS models have high accuracy,but the models are complex and require a large amount of parameters and computation.To address this issue,We propose a new one-dimensional convolution lightweight model for network intrusion detection based on packet-level L7 payload.We first extracted packet-level L7 payload from original traffic files of the UNSWNB15 dataset to construct the one-dimensional grayscale feature vector.On this basis,we propose a one-dimensional convolutional lightweight model Fast Payload,which is composed of a new one-dimensional depthwise separable convolutional residual module and incorporates the global context attention module.Model optimization and feasibility verification are also conducted.The Fast Payload model has a macro accuracy of 82.433%and a weighted accuracy of 90.820%in the 9 classification tasks on the UNSWNB15 dataset,both of which are higher than the comparison models.At the same time,the computational and parameter quantities of this model are much lower than those of the comparison models.We also propose a two-stage class balance loss function GHM2StageLoss,which effectively solves the problem of class imbalance.Compared with other class balance loss functions,the effect of GHM2StageLoss is better.To facilitate the replication of subsequent research,this study is open source with the source code available at https://github.com/sadantange/FastPayload.

关 键 词：入侵检测 一维卷积神经网络 深度可分离卷积 全局上下文注意力机制 类别平衡 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]