基于深度学习的网络入侵混合检测方法
首发时间:2019-06-18
摘要:针对如何在保证网络入侵检测性能的前提下具备未知攻击类型检测能力的问题,通过结合栈式稀疏自编码器、深度神经网络两种监督学习模型和K均值无监督学习算法,提出一种基于深度学习的网站入侵混合检测方法。首先通过稀疏栈式自编码器模型对多维数据进行特征提取,以得到具有更好学习能力的特征表示。然后整合所提取的特征和原有特征作为更加全面的特征候选集,使用深度神经网络模型进行特征选择和分类。在整个检测过程中同时结合栈式稀疏自编码器模型和K均值聚类算法加入新攻击类型判定因素,以实现对新攻击类型的有效检测。选取常用的NSL_KDD公开数据集作为实验数据集从模型检测性能影响因素和不同方法检测性能对比两个方面对所提出的网络入侵混合检测方法进行了评估。实验结果表明,文中提出的方法较传统方法具有更好的攻击行为检测能力,在保证检测准确率的同时可以有效检测新攻击类型,尤其是对于数量比较大的未知攻击类型。
关键词: 信息安全 深度学习 网络入侵检测 稀疏栈式自编码器 深度神经网络 K均值聚类。
For information in English, please click here
Deep Learning Based Network Intrusion Hybrid Detection Method
Abstract:In order to address the problems about the huge, complex and high dimentional network data in network intrusion detection, a deep learning based hybrid method for network intrusion detection is proposed in this paper, with the combination of supervised and unsupervised learning methods. First, used sparse stacked auto-encoder to extract features, which had better performance in classification. Second, combined the original features and extracted features to construct a more comprehensive feature set, then used deep neural network to furter select features and classificate the data. At the same time, some elements, which is relative with the discriminating of new attack typewere added to detect the new attack types. Lastly, NSL_KDD as a common public data set was used to evaluate the performace of the propose method from two aspects, including the effect elements of model performance and the performance comparation between different methods. The results show that the proposed method has better performance in discriminating the attackts from normal actions, compared with other traditional methods, especially in detecting new attack types.
Keywords: Information safety Deep learning Network Intrusion Dectection Sparse Stacked Auto-encoder Deep Neural Network K-means clustering
基金:
引用
No.****
同行评议
共计0人参与
勘误表
基于深度学习的网络入侵混合检测方法
评论
全部评论0/1000