一种融合时空特征的物联网入侵检测方法  

作　　者：翁铜铜 矫桂娥[2] 张文俊 Weng Tongtong;Jiao Gui’e;Zhang Wenjun(College of Information Technology,Shanghai Ocean University,Shanghai 201306;College of Information Technology,Shanghai Jian Qiao University,Shanghai 201306)

机构地区：[1]上海海洋大学信息学院,上海201306 [2]上海建桥学院信息技术学院,上海201306

出　　处：《信息安全研究》2025年第3期241-248,共8页Journal of Information Security Research

基　　金：国家自然科学基金面上项目(42376194);上海市科技创新行动计划项目(19511104502);上海科学技术委员会科普项目(19DZ22048)。

摘　　要：针对不平衡的物联网流量数据集中攻击样本不足且类别较多降低了检测模型的分类准确率和泛化能力等问题,提出一种融合时空特征的物联网入侵检测方法(BGAREU).首先对数据进行规范化处理,并采用SMOTEENN方法改善训练样本的数据分布;然后通过双向门控循环单元(BiGRU)和多头注意力(multi-head attention)提取时序特征和全局信息,并结合ResNext网络和U-Net网络构建多尺度的空间特征提取网络,再将高效通道注意力(ECA-Net)加入残差单元中以增强局部表征能力;最后将融合的特征输入Softmax分类器进行多分类.实验表明,在物联网流量数据集UNSW-NB15,NSL-KDD,WSN-DS上与其他模型相比,该模型在各项指标上均有2%以上的提升.此外,还通过对比多种注意力机制验证了ECA-Net具有更强的表征能力,并探索了多头注意力中不同数量的注意力头对模型性能的影响.Aiming at the problems of insufficient attack samples and more categories in unbalanced IoT traffic datasets reducing the classification accuracy and generalization ability of the detection model,an intrusion detection method for the Internet of things by fusing spatio-temporal features(BGAREU)is proposed.The data were first normalized and the SMOTEENN method was used to improve the data distribution of the training samples;then temporal features and global information were extracted by Bi-directional gated recurrent unit(BiGRU)and multi-head attention,and combined ResNext network and U-Net network to construct a multi-scale spatial feature extraction network,and then incorporate efficient channel attention(ECA-Net)into the residual units to enhance the local characterization capability;finally,the fused features are fed into the Softmax classifier for multi-classification.Experiments show that the proposed model has more than 2%improvement in all the metrics compared with other models on IoT traffic datasets UNSW-NB15,NSL-KDD,and WSN-DS.In addition,this paper verifies that the ECA-Net has stronger characterization ability by comparing multiple attention mechanisms,and explores the effect of different numbers of attention heads in multi-head attention on the model performance.

关 键 词：入侵检测 双向门控循环单元 多头注意力 多尺度特征提取 高效通道注意力 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]