融合WaveNet和BiGRU的网络入侵检测方法

doi:10.12305/j.issn.1001-506X.2022.08.31

摘要/Abstract

摘要：

为解决当前入侵检测算法对于网络入侵的多分类准确率普遍不高的问题, 鉴于网络入侵数据具有时间序列特性, 提出一种融合WaveNet和双向门控循环单元(bi-directional gated recurrent unit, BiGRU)的网络入侵检测方法。为解决原始攻击数据分布广、离散性强的问题, 首先对数据进行独热编码及归一化处理, 之后使用WaveNet进行卷积操作, 对数据进行序列缩短处理, 同时使用最大、平均池化融合的方法全面提取数据特征, 最后由BiGRU完成对模型的训练并实现分类。基于NSL-KDD、UNSW-NB15以及CIC-IDS2017数据集进行了对比实验, 结果表明, 所提方法对于上述数据集的准确率分别能够达到99.62%、83.98%以及99.86%, 较同类型的CNN-BiLSTM分别提升了0.4%、1.9%以及0.1%。

关键词: 入侵检测, 双向门控循环单元, 池化融合, 特征提取

Abstract:

In order to solve the problem that the accuracy of current intrusion detection algorithms for network intrusion multi classification is generally not high, in view of the time series characteristics of network intrusion data, a network intrusion detection method combining WaveNet and bi-directional gated recurrent unit (BiGRU) is proposed. In order to solve the problem of wide distribution and strong discreteness of the original attack data, the data is encoded and normalized firstly. Then the WaveNet is used for convolution operation to shorten the sequence of the data, and the data features are extracted by the maximum and average pooling parallel method. Finally, BiGRU completes the training of the model and realizes the classification. Based on NSL-KDD, UNSW-NB15 and CIC-IDS2017 data set, a comparative experiment is carried out. The results show that the accuracy of the proposed method for the above data sets can reach 99.62%, 83.98% and 99.86% respectively, which is 0.4%, 1.9% and 0.1% higher than that of CNN-BiLSTM of the same type.

Key words: intrusion detection, bi-directional gated recurrent unit (BiGRU), pooling fusion, feature extraction

中图分类号:

TP393

马泽煊, 李进, 路艳丽, 陈晨. 融合WaveNet和BiGRU的网络入侵检测方法[J]. 系统工程与电子技术, 2022, 44(8): 2652-2660.

Zexuan MA, Jin LI, Yanli LU, Chen CHEN. Network intrusion detection method based on WaveNet and BiGRU[J]. Systems Engineering and Electronics, 2022, 44(8): 2652-2660.

图/表 16

图1

图2

图3

图4

图5

表1

图6

图7

图8

图9

图10

表2

表3

表4

表5

表6

参考文献 32

1	MOHAMED A F , LEANDROS M , SOTIRIS M , et al. Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study[J]. Journal of Information Security and Applications, 2020, doi: 10.1016/j.jisa.2019.102419
2	HAO S Y, LONG J, YANG Y C. Detecting web attacks using Bi-LSTM model based on deep learning[C]//Proc. of the International Conference on Security and Privacy in New Computing Environments, 2019: 551-563.
3	KIM J Y, KIM J, THU H L T, et al. Long short term memory recurrent neural network classifier for intrusion detection[C]//Proc. of the International Conference on Platform Technology and Service, 2016.
4	SUN P F , LIU P J , LI Q , et al. Extracting features using CNN-LSTM hybrid network for intrusion detection system[J]. Security and Communication Networks, 2020, doi: 10.1155/2020/8890306
5	谢康. 基于神经网络的入侵检测相关技术研究[D]. 济南: 山东大学, 2016.
	XIE K. Research on intrusion detection technology based on neural network[D]. Ji'nan: Shandong University, 2016.
6	DORADO R F , DURÁN S J . Short-term load forecasting using encoder-decoder WaveNet: application to the French grid[J]. Energies, 2021, doi: 10.3390/en14092524
7	谢潇雨. 基于卷积神经网络的入侵检测模型研究[D]. 南京: 南京邮电大学, 2019.
	XIE X Y. Research on intrusion detection model based on convolutional neural network[D]. Nanjing: Nanjing University of Posts and Telecommunications, 2019.
8	WANG H , CAO Z J , HONG B . A network intrusion detection system based on convolutional neural network[J]. Journal of Intelligent & Fuzzy Systems, 2020, 38 (6): 7623- 7637.
9	ARIAV I , COHEN I . An end-to-end multimodal voice activity detection using WaveNet encoder and residual networks[J]. IEEE Journal of Selected Topics in Signal Processing, 2019, 13 (2): 265- 274. doi: 10.1109/JSTSP.2019.2901195
10	CHEN Y S , FENG N X , HONG B B , et al. Express WaveNet: a lower parameter optical neural network with random shift wavelet pattern[J]. Optics Communications, 2021, 485, 126709. doi: 10.1016/j.optcom.2020.126709
11	YUAN X Y, LI C H, LI X L. Deep defense: identifying DDOS attack via deep learning[C]//Proc. of the IEEE International Conference on Smart Computing, 2017.
12	RAI A. Optimizing a new intrusion detection system using ensemble methods and deep neural network[C]//Proc. of the 4th International Conference on Trends in Electronics and Informatics, 2020.
13	WANKHEDE S, KSHIRSAGAR D. DOS attack detection using machine learning and neural network[C]//Proc. of the 4th International Conference on Computing Communication Control and Automation, 2018.
14	GONG Y L , LU N , ZHANG J J . Application of deep learning fusion algorithm in natural language processing in emotional semantic analysis[J]. Concurrency and Computation: Practice and Experience, 2019, 31 (10): e4779. doi: 10.1002/cpe.4779
15	周航, 凌捷. 改进的基于BiLSTM的网络入侵检测方法[J]. 计算机工程与设计, 2020, 41 (7): 1809- 1814.
	ZHOU H , LING J . Improved network intrusion detection method based on BiLSTM[J]. Computer Engineering and Design, 2020, 41 (7): 1809- 1814.
16	RAN Z Y , ZHENG D S , LAI Y L , et al. Applying stack bidirectional LSTM model to intrusion detection[J]. CMC-Computers Materials & Continua, 2020, 65 (1): 309- 320.
17	YAN X , SHI Z M , WANG G C , et al. Detection of possible hydrological precursor anomalies using long short-term memory: a case study of the 1996 Lijiang earthquake[J]. Journal of Hydrology, 2021, doi: 10.1016/j.jhydrol.2021.126369
18	AZAM R, MUHAMMAD J S, SHAHID M A. Machine and deep learning based comparative analysis using hybrid approaches for intrusion detection system[C]//Proc. of the 3rd International Conference on Advancements in Computational Sciences, 2020.
19	SINGH N B , SINGH M M , SARKAR A , et al. A novel wide & deep transfer learning stacked GRU framework for network intrusion detection[J]. Journal of Information Security and Applications, 2021, doi: 10.1016/j.jisa.2021.102899
20	YAN B H , HAN G D . LA-GRU: building combined intrusion detection model based on imbalanced learning and gated recurrent unit neural network[J]. Security and Communication Networks, 2018, doi: 10.1155/2018/6026878
21	KAMAL A , ABULAISH M . CAT-BiGRU: convolution and attention with bi-directional gated recurrent unit for self-deprecating sarcasm detection[J]. Cognitive Computation, 2021, 14, 1- 19.
22	SONG Y , LI Z L , CHENG C . ARP attack intrusion detection method of industrial control system based on CNN-BILSTM[J]. Computer Application Research, 2020, 37 (S2): 242- 244.
23	DÜDÜKÇÜ H V, TAŞKIRAN M, KAHRAMAN N. LSTM and WaveNet implementation for predictive maintenance of turbofan engines[C]//Proc. of the IEEE 20th International Symposium on Computational Intelligence and Informatics, 2020.
24	ISHAQUE M, HUDEC L. Feature extraction using deep learning for intrusion detection system[C]//Proc. of the 2nd International Conference on Computer Applications & Information Security, 2019.
25	ACHARYA T, KHATRI I, ANNAMALAI A, et al. Efficacy of machine learning-based classifiers for binary and multi-class network intrusion detection[C]//Proc. of the IEEE International Conference on Automatic Control & Intelligent Systems, 2021.
26	SARIKA C K , NISHTHA K . Analysis of KDD-cup′99, NSL-KDD and UNSW-NB15 datasets using deep learning in IoT[J]. Procedia Computer Science, 2020, 167, 1561- 1573. doi: 10.1016/j.procs.2020.03.367
27	KOCHER G , GUISHAN K A . Analysis of machine learning algorithms with feature selection for intrusion detection using UNSW-NB15 dataset[J]. International Journal of Network Security & Its Applications, 2021, 13 (1): 21- 31.
28	HOOGE D L , WAUTERS T , VOLCKAERT B , et al. Inter-dataset generalization strength of supervised machine learning methods for intrusion detection[J]. Journal of Information Security and Applications, 2020, doi: 10.1016/j.jisa.2020.102564
29	KAJAL R S D M , AJAY G . Decision tree based algorithm for intrusion detection[J]. International Journal of Advanced Networking and Applications, 2016, 7 (4): 2828- 2834.
30	夏景明, 李冲, 谈玲, 等. 改进的随机森林分类器网络入侵检测方法[J]. 计算机工程与设计, 2019, 40 (8): 2146- 2150.
	XIA J M , LI C , TAN L , et al. Improved intrusion detection method of random forest classifier network[J]. Computer Engineering and Design, 2019, 40 (8): 2146- 2150.
31	李俊, 夏松竹, 兰海燕, 等. 基于GRU-RNN的网络入侵检测方法[EB/OL]. 哈尔滨工程大学学报, 2021. DOI: 10.4218/etrij.2019-0476.
	LI J, XIA S Z, LAN H Y, et al. Network intrusion detection method based on GRU-RNN[EB/OL]. Journal of Harbin Engineering University, 2021. DOI: 10.4218/etrij.2019-0476.
32	JAY S M, MANOLLAS. Efficient deep CNN-BILSTM model for network intrusion detection[C]//Proc. of the 3rd International Conference on Artificial Intelligence and Pattern Recognition, 2020.

模型参数	参数设置
批量大小设置	1 024
损失函数	Categorical_crossentropy
优化器	Nadam
优化器学习率	0.001
Epoch设置	20
扩大卷积层数	4
扩大步长	2\4\8\16
BiGRU单元数	64\128
Dropout率	0.5

数据集	编码方式
数据集	独热编码	标签编码
NSL-KDD	99.62±0.11	98.84±0.17
UNSW-NB15	83.98±0.16	82.77±0.20
CIC-IDS2017	99.86±0.03	99.73±0.08

数据集	池化方式
数据集	平均池化	最大池化	池化融合
NSL-KDD	99.03±0.10	99.22±0.11	99.62±0.11
UNSW-NB15	82.97±0.18	83.26±0.14	83.98±0.16
CIC-IDS2017	99.58±0.04	99.60±0.05	99.86±0.03

算法	评价指标
算法	准确率	精确率	召回率	F1-score
决策树	76.92	71.98	54.52	55.97
随机森林	75.41	84.00	75.41	77.53
K均值聚类	79.34	78.01	79.34	76.28
GRU_RNN	99.13	99.05	99.08	99.06
CNN-BiLSTM	99.22	99.18	99.14	99.15
本文模型	99.62	99.60	99.48	99.40

算法	评价指标
算法	准确率	精确率	召回率	F1-score
决策树	73.37	80.94	73.36	76.30
随机森林	75.41	84.00	75.41	77.53
K均值聚类	70.93	82.42	70.91	76.23
GRU_RNN	81.99	82.59	79.75	81.14
CNN-BiLSTM	82.08	82.68	80.00	81.32
本文模型	83.98	84.13	83.76	83.80