王文涛,汤婕,王嘉鑫.结合特征选择的SAE-LSTM入侵检测模型[J].中南民族大学学报自然科学版,2022,41(3):347-355
结合特征选择的SAE-LSTM入侵检测模型
SAE-LSTM intrusion detection model combined with feature selection
  
DOI:10.12130/znmdzk.20220314
中文关键词: 入侵检测系统  随机森林  聚类  稀疏自动编码器  循环神经网络
英文关键词: intrusion detection system  random forest  clustering  sparse autoencoder  recurrent neural network
基金项目:教育部产学研合作协同育人资助项目(201902214013)
作者单位
王文涛 中南民族大学 计算机科学学院 & 湖北省制造企业智能管理工程技术研究中心武汉 430074 
汤婕 中南民族大学 计算机科学学院 & 湖北省制造企业智能管理工程技术研究中心武汉 430074 
王嘉鑫 中南民族大学 计算机科学学院 & 湖北省制造企业智能管理工程技术研究中心武汉 430074 
摘要点击次数: 257
全文下载次数: 295
中文摘要:
      入侵检测系统(IDS)是计算机和通信系统中对攻击进行预警的重要技术.目前的IDS在安全检测方面存在2个问题:1)存在大量高维冗余数据及不相关特征干扰分类过程;2)现有模型多是针对早期网络攻击类型,对新型攻击适应性较差.针对这2个问题,提出了一种结合特征选择的SAE-LSTM入侵检测框架,采用融合聚类思想的随机森林特征打分机制,弥补在特征量大的情况下计算消耗高的不足.将特征选取后的数据,先经稀疏自动编码器进行数据重构,再由LSTM模型进行分类检测.实验在UNSW-NB15网络数据集上进行,结果表明:模型在时间戳步长为8时表现最佳,准确率达98%以上,误报率低至4.18%,与其他入侵检测模型相比有着更优秀的检测效果.
英文摘要:
      Intrusion detection systems (IDS) are important technologies for early warning of attacks in computer and communication systems. Current IDS have some problems in security detection: a large amount of high-dimensional redundant data and irrelevant features interfere with the classification process, and many models are built for earlier types of attacks and are poorly adapted to new types of attacks. To address these two problems, this paper proposes an SAE-LSTM intrusion detection framework that combines feature selection with a random forest feature scoring mechanism that incorporates clustering ideas to compensate for the high computational consumption of random forest in the case of a large number of features. The feature-selected data are first reconstructed by a sparse auto-encoder and then classified and detected by an LSTM model. The model was tested on the UNSW-NB15 dataset. The experimental results show that the model performs best at a timestamp step of 8, with an accuracy of over 98% and a false alarm rate as low as 4.18%, which is better than other intrusion detection methods.
查看全文   查看/发表评论  下载PDF阅读器
关闭