Journal of Frontiers of Computer Science and Technology ›› 2018, Vol. 12 ›› Issue (4): 575-585.DOI: 10.3778/j.issn.1673-9418.1707049

Previous Articles     Next Articles

CNN and LSTM Deep Network Based Intrusion Detection for Malicious Users

WANG Yi1, FENG Xiaonian2, QIAN Tieyun1+, ZHU Hui3, ZHOU Jing3   

  1. 1. School of Computer Science, Wuhan University, Wuhan 430072, China
    2. China Power Finance Co., Ltd., Beijing 100005, China
    3. Beijing Huitong Financial Information Technology Co., Ltd., Beijing 100094, China
  • Online:2018-04-01 Published:2018-04-04

基于CNN和LSTM深度网络的伪装用户入侵检测

王  毅1,冯小年2,钱铁云1+,朱  辉3,周  静3   

  1. 1. 武汉大学 计算机学院,武汉 430072
    2. 中国电力财务有限公司,北京 100005
    3. 北京汇通金财信息科技有限公司,北京 100094

Abstract: The intrusion detection of internal malicious users, as an active security protection technology, has been a hot research topic in recent years. Existing methods are unable to accurately model the users?? behavior. This paper proposes a novel CCNN-LSTM method which combines the convolution neural network (CNN) and long short-term memory (LSTM) neural network for camouflage intrusion detection. The basic idea is to use convolution neural network to capture the local correlation in users?? activity data, and use long short-term memory neural network to deal with sequential relationship and long-range dependency. The proposed method can automatically learn the representation of data without artificial extraction of complex features, and can also scale to large volume of high dimensional data. The experimental results show that the proposed method has higher detection rate and lower detection cost than a number of baselines.

Key words: intrusion detection of malicious users, depth neural network, convolution neural network, long and short-term memory artificial neural network

摘要: 用户伪装入侵检测技术作为一种主动式安全防护技术已成为当前的研究热点。现有的用户伪装入侵检测技术存在难以准确建模用户行为模式的缺陷。利用卷积神经网络(convolution neural network,CNN)处理局部关联性数据和特征提取的优势,以及长短期记忆(long short-term memory,LSTM)神经网络捕获数据时序性和长程依赖性的优势,设计了一种结合卷积和长短期记忆的深度神经网络(CCNN-LSTM)用于伪装入侵检测。该方法具有较强的学习能力,能自动学习数据的表征而无需人工提取复杂特征,在面对复杂高维的海量数据时具有较强的潜力。实验结果表明,该方法具有更高的检测率及更低的检测代价,其性能胜过多个基线系统。

关键词: 伪装用户入侵检测, 深度神经网络, 卷积神经网络, 长短期记忆人工神经网络