计算机科学与探索 ›› 2020, Vol. 14 ›› Issue (12): 2050-2060.DOI: 10.3778/j.issn.1673-9418.2007023

• 网络与信息安全 • 上一篇    下一篇

多通道自编码器深度学习的入侵检测方法

杨杰,唐亚纯,谭道军,刘小兵   

  1. 湖南科技学院 电子与信息工程学院,湖南 永州 425199
  • 出版日期:2020-12-01 发布日期:2020-12-11

Intrusion Detection Method of Multi-channel Autoencoder Deep Learning

YANG Jie, TANG Yachun, TAN Daojun, LIU Xiaobing   

  1. School of Electronics and Information Engineering, Hunan University of Science and Engineering, Yongzhou, Hunan 425199, China
  • Online:2020-12-01 Published:2020-12-11

摘要:

针对现有的入侵检测方法在检测准确率和误报率方面存在的不足,提出了一种多通道自编码器深度学习的入侵检测方法。该方法分为无监督学习和有监督学习两个阶段:首先分别采用正常流量和攻击流量训练两个独立的自编码器,其重构的两个新特征向量与原始样本共同组成多通道特征向量表示;然后利用一维卷积神经网络(CNN)对多通道特征向量表示进行处理,学习通道之间可能的依赖关系,用于更好地区分正常流量和攻击流量之间的差异。该方法将无监督的多通道特征学习和有监督的跨通道特征依赖学习有机地结合起来,用于训练灵活有效的入侵检测模型,达到极大地提高模型检测准确率的目的。同时,为了优化CNN的超参数并提高网络对通道间依赖关系的辨识效果,利用遗传算法自动寻找CNN模型的最优拓扑集合。实验结果表明,该方法在多个数据集中获得了良好的结果,比其他入侵检测算法具有更好的预测准确性。

关键词: 入侵检测, 自编码器, 深度学习, 多通道, 遗传算法(GA)

Abstract:

Aiming at the shortcomings of the existing intrusion detection methods in detection accuracy and false alarm rate, an intrusion detection method of multi-channel autoencoder deep learning is proposed. The method is divided into two stages: unsupervised learning and supervised learning. Firstly, two independent autoencoders are trained by normal traffic and attack traffic respectively, and the two new feature vectors reconstructed and the original samples form a multi-channel eigenvector representation. Then, the 1-D convolutional neural network (CNN) is used to process the multi-channel eigenvector representation, and the possible dependence between channels is learned to better distinguish the difference between normal traffic and attack traffic. The proposed method combines unsupervised multi-channel feature learning and supervised cross-channel feature dependence learning to train a flexible and effective intrusion detection model, which greatly improves the accuracy of model detection. At the same time, in order to optimize the parameters of CNN and improve the identification effect of network on channel dependence, genetic algorithm is used to automatically find the optimal topology set of CNN model. The experimental results show that the proposed method achieves good results in multiple data sets and has better prediction accuracy than other intrusion detection algorithms.

Key words: intrusion detection, autoencoder, deep learning, multi-channel, genetic algorithm (GA)