SIA OpenIR  > 数字工厂研究室
面向网络入侵检测的GAN-SDAE-RF模型研究
Alternative TitleResearch on GAN-SDAE-RF Model for Network Intrusion Detection
安磊1; 韩忠华1,2; 林硕1; 尚文利3,4,5
Department数字工厂研究室
Source Publication计算机工程与应用
ISSN1002-8331
2020
Pages1-13
Contribution Rank2
Funding Organization国家自然科学基金面上项目(No.61773368) ; 辽宁省教育厅青年科技人才“育苗”项目(No.Inqn201912) ; 沈阳市科技计划双百工程项目(No.Z18-5-015)
Keyword深度学习 生成式对抗网络 栈式降噪自编码器 随机森林算法
Abstract

针对传统机器学习方法在处理不平衡的海量高维数据时罕见攻击类检测率低的问题,提出了一种基于深度学习的随机森林算法的入侵检测模型,为了避免传统的随机森林面对高维数据和不平衡数据时分类精度低、稳定性差和对罕见攻击类检测率低的问题,引入生成式对抗网络(GAN)和栈式降噪自编码器(SDAE)对随机森林算法(RF)进行改进。首先,将罕见攻击类数据集输入GAN神经网络中,生成新的攻击类样本,改善网络入侵数据在样本集中不均衡分布的情况,然后,通过堆叠深层的SDAE逐层抽取网络数据的分布规则,并结合各个编码层的系数惩罚和重构误差,来确定高维数据中与入侵行为相关的特征,基于降维后的特征数据构建森林决策树。采用UNSW-NB15数据集的实验结果表明,与SVM、KNN、CNN、LSTM、DBN方法相比,GAN-SDAE-RF整体检测准确率平均提高了9.39%、误报率和漏报率平均降低了9%和15.24%以及在少数类Analysis、Shellcode、Backdoor、Worms上检测率分别提高了26.8%,27.98%,27.85%,39.97%。

Other Abstract

Aiming at the problem of low detection rate of rare attacks in traditional machine learning methods when dealing with unbalanced massive high-dimensional data, an intrusion detection model based on deep learning and random forest algorithm is proposed. In order to avoid the problems of low classification accuracy, poor stability and low detection rate of rare attacks when traditional random forests face high-dimensional data and unbalanced data, Generative Adversarial Network and Stacked Denoising Autoencoder were introduced into the Random Forest algorithm for improvement. First, the rare attack data set is input into the GAN neural network to generate a new attack sample to improve the uneven distribution of network intrusion data in the sample set. Then, the deep-stacked SDAE extracts the distribution rules of the network data layer by layer, and combines the coefficient penalty and reconstruction error of each coding layer to determine the features related to the intrusion behavior in the high-dimensional data. The forest decision tree is constructed based on the characteristic data after dimension reduction. The experimental results using the UNSW-NB15 data set show that compared with SVM, KNN, CNN, LSTM, and DBN methods, the overall detection accuracy of GAN-SDAE-RF has increased by 9.39% on average, and the FPR and FNR have decreased by 9% and 15.24% on average. The detection rates on Shellcode, Backdoor, and Worms have increased by 26.8%, 27.98%, 27.85%, and 39.97% respectively.

Language中文
Document Type期刊论文
Identifierhttp://ir.sia.cn/handle/173321/27766
Collection数字工厂研究室
Corresponding Author安磊
Affiliation1.沈阳建筑大学信息与控制工程学院
2.中国科学院沈阳自动化研究所数字工厂研究室
3.中国科学院沈阳自动化研究所工业控制网络与系统研究室
4.中国科学院网络化控制系统重点实验室
5.中国科学院机器人与智能制造创新研究院
Recommended Citation
GB/T 7714
安磊,韩忠华,林硕,等. 面向网络入侵检测的GAN-SDAE-RF模型研究[J]. 计算机工程与应用,2020:1-13.
APA 安磊,韩忠华,林硕,&尚文利.(2020).面向网络入侵检测的GAN-SDAE-RF模型研究.计算机工程与应用,1-13.
MLA 安磊,et al."面向网络入侵检测的GAN-SDAE-RF模型研究".计算机工程与应用 (2020):1-13.
Files in This Item:
File Name/Size DocType Version Access License
面向网络入侵检测的GAN_SDAE_RF(1085KB)期刊论文出版稿开放获取CC BY-NC-SAView Application Full Text
Related Services
Recommend this item
Bookmark
Usage statistics
Export to Endnote
Google Scholar
Similar articles in Google Scholar
[安磊]'s Articles
[韩忠华]'s Articles
[林硕]'s Articles
Baidu academic
Similar articles in Baidu academic
[安磊]'s Articles
[韩忠华]'s Articles
[林硕]'s Articles
Bing Scholar
Similar articles in Bing Scholar
[安磊]'s Articles
[韩忠华]'s Articles
[林硕]'s Articles
Terms of Use
No data!
Social Bookmark/Share
File name: 面向网络入侵检测的GAN_SDAE_RF模型研究.pdf
Format: Adobe PDF
All comments (0)
No comment.
 

Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.