电子测量与仪器学报

梁欣怡,行鸿彦,侯天浩.基于自监督特征增强的 CNN-BiLSTM 网络入侵检测方法[J].电子测量与仪器学报,2022,36(10):65-73

基于自监督特征增强的 CNN-BiLSTM 网络入侵检测方法

CNN-BiLSTM network intrusion detection method based onself-supervised feature enhancement

DOI：

英文关键词:deep learning self-supervised learning data enhancement network intrusion detection

基金项目:国家重点研发计划(2021YFE0105500)、国家自然科学基金(62171228)项目资助

作者	单位
梁欣怡	1.南京信息工程大学江苏省气象灾害预报预警与评估协同创新中心
行鸿彦	1.南京信息工程大学江苏省气象灾害预报预警与评估协同创新中心
侯天浩	1.南京信息工程大学江苏省气象灾害预报预警与评估协同创新中心

Author	Institution
Liang Xinyi	1.Jiangsu Collaborative Innovation Center on Forecast and Evaluation of Meteorological Disasters, Nanjing University of Information Science & Technology
Xing Hongyan	1.Jiangsu Collaborative Innovation Center on Forecast and Evaluation of Meteorological Disasters, Nanjing University of Information Science & Technology
Hou Tianhao	1.Jiangsu Collaborative Innovation Center on Forecast and Evaluation of Meteorological Disasters, Nanjing University of Information Science & Technology

摘要点击次数: 779

全文下载次数: 1339

中文摘要:

针对网络入侵检测中攻击样本和流量特征不足的问题,提出一种基于自监督特征增强的 CNN-BiLSTM 网络入侵检测方法,实现在流量数据中检测异常网络流量的目标。通过分析流量特征数据分布差异,采用 IQR 异常值处理方法进行数据预处理,使用自编码器对攻击样本进行数据增强,构建 CNN-BiLSTM 神经网络和自编码器组成半自监督模型,分别提取高维流量特征和自监督特征,将组合特征作为最终特征输入到分类模型中进行预测分类,实现网络入侵检测。实验结果表明,与其他入侵检测方法相比,所提方法在准确率和 F1 分数上分别达到了 85. 7%和 85. 1%,能够有效提高网络入侵的检测精度以及对未知攻击的检测能力。

英文摘要:

Aiming at the problem of insufficient attack samples and traffic characteristics in network intrusion detection, a CNN-BiLSTM network intrusion detection method based on self-supervised feature enhancement was proposed to detect abnormal network traffic in traffic data. By analyzing the difference in the distribution of traffic characteristic, IQR outlier processing method was used for data preprocessing, and autoencoder was used to enhance the number of attack samples. A semi-self-supervised model composed of CNNBilSTM neural network and autoencoder was constructed to extract high-dimensional traffic characteristics and self-supervised features respectively. The combined features are input into the classification model as the final features for prediction and classification, so as to realize the function of network intrusion detection. The experimental results show that compared with other intrusion detection methods, the accuracy and F1 score of the proposed method are 85. 7% and 85. 1% respectively, which can effectively improve the detection accuracy of network intrusion and the detection ability of unknown attacks.

查看全文查看/发表评论下载PDF阅读器