基于convLSTM的卷积神经网络的网络入侵检测方法  

作　　者：张跃 郭子昕 黄益彬 颜涛 ZHANG Yue;GUO Zixin;HUANG Yibin;YAN Tao(NARI Group Corporation(State Grid Electric Power Research Institute),Nanjing 210000,China)

机构地区：[1]南瑞集团有限公司(国网电力科学研究院),江苏南京210000

出　　处：《计算机与现代化》2025年第3期119-126,共8页Computer and Modernization

基　　金：企业自选科技资助项目(5246DR230010)。

摘　　要：在网络入侵检测领域,一般采用特征工程中人工提取特征的机器学习方式,但人工提取特征的方式容易丢失重要的特征信息;另外,不同种类的攻击流量在检测中起着不同的作用。现有算法普遍存在重要信息丢失、攻击类型识别准确率低等问题。针对上述问题,本文提出一种基于卷积长短期网络(Convolutional Long-Short Term Memory, convLSTM)和卷积神经网络(Convolutional Neural Networks,CNN)的混合算法的异常流量检测方法 convLSTM-CNN。该方法不需要人工提取复杂的流量特征,直接以网络流量的有效载荷作为数据样本,充分挖掘流量的结构特征,提取出网络流量的时间和空间特征,生成准确的入侵检测的特征向量。实验结果显示,在CIC-ISDS2017数据集上,本文算法convLSTM-CNN对网络入侵检测的准确率达到了99.39%。与DNN、SVM、LSTM、GRU-CNN等算法相比,具有更高的准确率和更低的误警率,表明该算法提高了异常流量检测的效率。In the field of network intrusion detection,machine learning methods that manually extract features in feature engi⁃neering are generally used,but the manual feature extraction method is prone to losing important feature information;In addi⁃tion,different types of attack traffic play different roles in detection,and existing algorithms generally suffer from important infor⁃mation loss and low accuracy in identifying attack types.A hybrid algorithm based on Convolutional Long-Short Term Memory(convLSTM)and Convolutional Neural Networks(CNN)is proposed for anomaly traffic detection in response to the aforemen⁃tioned issues,Which directly use the payload of network traffic as data samples without manual extraction of complex traffic fea⁃tures,fully explores the structural features of traffic,extracts temporal and spatial features,and generates accurate intrusion de⁃tection feature vectors.The experimental results show that on the CIC-ISDS2017 dataset,the accuracy of the hybrid algorithm convLSTM-CNN in network intrusion detection reaches 99.39%.Compared with the simple DNN,SVM,LSTM,GRU-CNN and other models,it has a higher accuracy and lower false alarm rate,indicating that the algorithm improves the efficiency of abnor⁃mal traffic detection.

关 键 词：网络安全 入侵检测 卷积长短期网络 卷积神经网络 深度学习 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]