数字工厂研究室知识库

针对传统机器学习方法在处理不平衡的海量高维数据时罕见攻击类检测率低的问题，提出了一种基于深度学习的随机森林算法的入侵检测模型，为了避免传统的随机森林面对高维数据和不平衡数据时分类精度低、稳定性差和对罕见攻击类检测率低的问题，引入生成式对抗网络（GAN）和栈式降噪自编码器（SDAE）对随机森林算法（RF）进行改进。首先，将罕见攻击类数据集输入GAN神经网络中，生成新的攻击类样本，改善网络入侵数据在样本集中不均衡分布的情况，然后，通过堆叠深层的SDAE逐层抽取网络数据的分布规则，并结合各个编码层的系数惩罚和重构误差，来确定高维数据中与入侵行为相关的特征，基于降维后的特征数据构建森林决策树。采用UNSW-NB15数据集的实验结果表明，与SVM、KNN、CNN、LSTM、DBN方法相比，GAN-SDAE-RF整体检测准确率平均提高了9.39%、误报率和漏报率平均降低了9%和15.24%以及在少数类Analysis、Shellcode、Backdoor、Worms上检测率分别提高了26.8%，27.98%，27.85%，39.97%。

Aiming at the problem of low detection rate of rare attacks in traditional machine learning methods when dealing with unbalanced massive high-dimensional data, an intrusion detection model based on deep learning and random forest algorithm is proposed. In order to avoid the problems of low classification accuracy, poor stability and low detection rate of rare attacks when traditional random forests face high-dimensional data and unbalanced data, Generative Adversarial Network and Stacked Denoising Autoencoder were introduced into the Random Forest algorithm for improvement. First, the rare attack data set is input into the GAN neural network to generate a new attack sample to improve the uneven distribution of network intrusion data in the sample set. Then, the deep-stacked SDAE extracts the distribution rules of the network data layer by layer, and combines the coefficient penalty and reconstruction error of each coding layer to determine the features related to the intrusion behavior in the high-dimensional data. The forest decision tree is constructed based on the characteristic data after dimension reduction. The experimental results using the UNSW-NB15 data set show that compared with SVM, KNN, CNN, LSTM, and DBN methods, the overall detection accuracy of GAN-SDAE-RF has increased by 9.39% on average, and the FPR and FNR have decreased by 9% and 15.24% on average. The detection rates on Shellcode, Backdoor, and Worms have increased by 26.8%, 27.98%, 27.85%, and 39.97% respectively.