基于TCN-BiLSTM的网络安全态势预测

doi:10.12305/j.issn.1001-506X.2023.11.36

摘要/Abstract

摘要：

针对现有网络安全态势预测模型预测精确度低和收敛速度慢的问题, 提出一种基于时域卷积网络(temporal convolution network, TCN)和双向长短期记忆(bi-directional long short-term memory, BiLSTM)网络的预测方法。首先, 将TCN处理时间序列问题的优势应用到态势预测上学习态势值的序列特征; 随后, 引入注意力机制动态调整属性的权值; 然后, 利用BiLSTM模型学习态势值的前后状况, 以提取序列中更多的信息进行预测; 利用粒子群优化(particle swarm optimization, PSO)算法进行超参数寻优, 提升预测能力。实验结果表明, 所提预测方法的拟合度可达0.999 5, 其拟合效果和收敛速度均优于其他模型。

关键词: 网络安全, 态势预测, 时域卷积网络, 双向长短期记忆网络, 粒子群优化, 注意力机制

Abstract:

In order to solve the problems of low prediction accuracy and slow convergence speed of existing network security situation prediction models, a prediction method based on temporal convolution network (TCN) and bi-directional long short-term memory (BiLSTM) network is proposed. This method firstly applies the advantages of TCN in dealing with time series problems to the sequence characteristics of learning potential values in situation prediction, then introduces the attention mechanism to dynamically adjust the weights of attributes. Secondly, the proposed method uses the status before and after learning potential values of BiLSTM model to extract more information from the series for prediction. Particle swarm optimization(PSO) algorithm is used to optimize the hyperparameters to improve the prediction ability. The experimental results show that the fitting degree of the proposed prediction method can reach 0.999 5, and its fitting effect and convergence speed are better than other models.

Key words: network security, situation prediction, temporal convolution network (TCN), bi-directional long short-term memory network (BiLSTM), particle swarm optimization (PSO), attention mechanism

中图分类号:

TP393

孙隽丰, 李成海, 曹波. 基于TCN-BiLSTM的网络安全态势预测[J]. 系统工程与电子技术, 2023, 45(11): 3671-3679.

Junfeng SUN, Chenghai LI, Bo CAO. Network security situation prediction based on TCN-BiLSTM[J]. Systems Engineering and Electronics, 2023, 45(11): 3671-3679.

图/表 16

图1

表1

图2

图3

图4

表2

图5

表3

图6

表4

图7

表5

图8

表6

表7

图9

参考文献 30

1	ZHANG B, JI S P, XU J E, et al. Network security situation prediction model based on EMD and ELPSO optimized BiGRU neural network[EB/OL]. [2022-04-26]. https://doi.org/10.21203/rs.3.rs-778136/v1.
2	赵冬梅, 李志坚. 基于Transformer的网络安全态势预测[J]. 华中科技大学学报(自然科学版), 2022, 50 (5): 46- 52.
	ZHAO D M , LI Z J . Network security situation prediction based on Transformer[J]. Journal of Huazhong University of Science and Technology(Natural Science Edition), 2022, 50 (5): 46- 52.
3	唐延强, 李成海, 王坚, 等. IGAPSO-ELM: 一种网络安全态势预测模型[J]. 电光与控制, 2022, 29 (2): 30- 35.
	TANG Y Q , LI C H , WANG J , et al. IGAPSO-ELM: a network security posture prediction model[J]. Electro-Optics and Control, 2022, 29 (2): 30- 35.
4	LI R X , LI F , WU C W , et al. Research on vehicle network security situation prediction based on improved CLPSO-RBF[J]. Journal of Physics: Conference Series, 2021, 1757 (1): 012148. doi: 10.1088/1742-6596/1757/1/012148
5	何春蓉, 朱江. 基于注意力机制的GRU神经网络安全态势预测方法[J]. 系统工程与电子技术, 2021, 43 (1): 258- 266.
	HE C R , ZHU J . An attention mechanism-based security posture prediction method for GRU neural networks[J]. Systems Engineering and Electronics, 2021, 43 (1): 258- 266.
6	中国互联网信息中心. 2012至2022年网络安全信息与动态周报[EB/OL]. [2022-04-20]. https://www.cert.org.cn/publish/main/index.html.
	National Internet Emergency Center. Weekly report on network security information from 2012 to 2022[EB/OL]. [2022-04-20]. https://www.cert.org.cn/publish/main/index.html.
7	BAI S, KOLTER J Z, KOLTUN V. An empirical evaluation of generic convolutional and recurrent networks for sequence modeling[EB/OL]. [2022-04-23]. https://arxiv.org/abs/1803.01271.
8	HEWAGE P , BEHERA A , TROVATI M , et al. Temporal convolutional neural (TCN) network for an effective weather forecasting using time-series data from the local weather station[J]. Soft Computing, 2020, 24 (21): 16453- 16482. doi: 10.1007/s00500-020-04954-0
9	ZHANG R J , SUN F , SONG Z W , et al. Short-term traffic flow forecasting model based on GA-TCN[J]. Journal of Advanced Transportation, 2021, 2021, 1338607.
10	HU D. An introductory survey on attention mechanisms in NLP problems[C]//Proc. of SAI Intelligent Systems Conference, 2019: 432-448.
11	HOCHREITER S , SCHMIDHUBER J . Long short-term memory[J]. Neural Computation, 1997, 9, 1735- 1780. doi: 10.1162/neco.1997.9.8.1735
12	PRIHATNO A T , NURCAHYANTO H , AHMED M F , et al. Forecasting PM2. 5 concentration using a single-dense layer BiLSTM method[J]. Electronics, 2021, 10 (15): 1808. doi: 10.3390/electronics10151808
13	PENG T , ZHANG C , ZHOU J Z , et al. An integrated framework of bi-directional long-short term memory (BiLSTM) based on sine cosine algorithm for hourly solar radiation forecasting[J]. Energy, 2021, 221, 119887. doi: 10.1016/j.energy.2021.119887
14	WRIGHT L, DEMEURE N. Ranger21: a synergistic deep learning optimizer[EB/OL]. [2022-04-23]. https://arxiv.org/abs/2016.13731.
15	LIU L Y, JIANG H M, HE P C, et al. On the variance of the adaptive learning rate and beyond[EB/OL]. [2022-04-23]. https://arxiv.org/abs/1908.03265.
16	LOSHCHILOV I, HUTTER F. Decoupled weight decay regularization[EB/OL]. [2022-04-23]. https://arxiv.org/abs/1711.05101.
17	ZHANG M R, LUCAS J, HINTON G, et al. Lookahead optimizer: k steps forward, 1 step back[EB/OL]. [2022-04-23]. https://arxiv.org/abs/1907.08610.
18	CARLISLE A, DOZIER G. An off-the-shelf PSO[C]//Proc. of the Workshop on Particle Swarm Optimization, 2001.
19	MUNKHDALAI L . An end-to-end adaptive input selection with dynamic weights for forecasting multivariate time series[J]. IEEE Access, 2019, 7, 99099- 99114. doi: 10.1109/ACCESS.2019.2930069
20	WANG G . Comparative study on different neural networks for network security situation prediction[J]. Security and Privacy, 2021, 4 (1): e138.
21	JAIS I K M , ISMAIL A R , NISA S Q . Adam optimization algorithm for wide and deep neural network[J]. Knowledge Engineering and Data Science, 2019, 2 (1): 41- 46.
22	WANG Y J, ZHOU P Y, ZHONG W Y. An optimization strategy based on hybrid algorithm of ADAM and SGD[C]//MATEC Web of Conferences, 2018, 232: 03007.
23	LYDIA A , FRANCIS S . Adagrad-an optimizer for stochastic gradient descent[J]. International Journal of Information and Computing Science, 2019, 6 (5): 566- 568.
24	YU D, WANG H, CHEN P, et al. Mixed pooling for convolutional neural networks[C]//Proc. of the International Conference on Rough Sets and Knowledge Technology, 2014: 364-375.
25	BOUREAU Y L, PONCE J, LECUN Y. A theoretical analysis of feature pooling in visual recognition[C]//Proc. of the 27th International Conference on Machine Learning, 2010: 111-118.
26	NAGI J, DUCATELLE F, DI CARO G A, et al. Max-pooling convolutional neural networks for vision-based hand gesture recognition[C]//Proc. of the 2011 IEEE International Confe-rence on Signal and Image Processing Applications, 2011: 342-347.
27	WANG S H , KHAN M A , GOVINDARAJ V , et al. Deep rank-based average pooling network for COVID-19 recognition[J]. Computers, Materials & Continua, 2022, 70 (2): 2797- 2813.
28	LI C S , TANG G , XUE X M , et al. Short-term wind speed interval prediction based on ensemble GRU model[J]. IEEE Trans.on Sustainable Energy, 2019, 11 (3): 1370- 1380.
29	MUNKHDALAI L , MUNKHDALAI T , PARK K H , et al. An end-to-end adaptive input selection with dynamic weights for forecasting multivariate time series[J]. IEEE Access, 2019, 7, 99099- 99114.
30	DU J , CHENG Y Y , ZHOU Q , et al. Power load forecasting using BiLSTM-attention[J]. IOP Conference Series: Earth and Environmental Science, 2020, 440 (3): 032115.

输入样本	输出样本
SA₁, SA₂, SA₃, SA₄, SA₅	SA₆
SA₂, SA₃, SA₄, SA₅, SA₆	SA₇
	
SA₂₅₁, SA₂₅₂, SA₂₅₃, SA₂₅₄, SA₂₅₅	SA₂₅₆
	

境内感染网络病毒的主机数量	境内被篡改网站的总数	境内被植入后门的网站总数	境内网站的仿冒页面数量	新增信息安全漏洞数量
0.30	0.25	0.15	0.15	0.15

实验环境	具体配置
操作系统	Windows 11
CPU	Intel(R) Core(TM) i5-11300H @ 3.10 GHz3.11 GHz
内存	16 GB
硬盘	500 GB
开发框架	TensorFlow 2.8.0
开发语言	Python 3.9.12

池化方式	MAE	MSE	R²
平均池化+最大池化	0.000 969	0.000 002	0.999 523
平均池化	0.005 488	0.000 035	0.989 465
最大池化	0.005 129	0.000 027	0.991 931

模型参数	参数设置
优化算法	Ranger21
学习率	0.001
TCN卷积核	4
膨胀因子	1/2/4
BiLSTM神经单元数	146/352/260
批处理大小	222