Intrusion Detection Method Based on Multiscale Spatialtemporal  Residual Network

Abstract

Abstract: In view of the problems of the existing intrusion detection methods, such as poor feature extraction, low classification accuracy, and weak generalization ability, this paper proposes an intrusion detection model named MultiScale SpatialTemporal Residual Network(MSSTRNet)that integrates multiscale convolutional network (CNN), long shortterm memory network (LSTM), and residual network. Log1p smoothing is first applied to transform the data with large skewness, and this paper proves its effectiveness by comparing the correlation with the label before and after transformation and visualizing the data distribution. Then, the spatial and temporal features of the data are extracted by a multiscale onedimensional convolution module and a long shortterm memory module respectively. Finally, based on the idea of residual network, identity mapping is added to avoid gradient disappearance, gradient explosion and network degradation. The experimental results on the UNSW_NB15 dataset show that the proposed method can effectively enhance the representation ability and generalization ability of the model, and the performance of evaluation metrics has been significantly improved.

Key words: network intrusion detection, deep learning, Multi-scale convolutional neural network, long short term memory model, Residual network

摘要： 针对现有的入侵检测方法存在特征提取不佳、分类准确率低、泛化能力不强等问题，提出一种融合多尺度卷积神经网络、长短期记忆网络和残差网络的入侵检测模型(multiscale spatialtemporal residual network, MSSTRNet).首先，借助log1p平滑处理对偏度较大的数据进行转化，通过转化前后与标签的相关性对比以及数据分布可视化证明其有效性；其次，分别通过多尺度1维卷积模块和长短期记忆模块提取数据的空间特征和时序特征并进行特征融合；最后，基于残差网络的思想添加恒等映射，避免梯度消失、梯度爆炸以及网络退化等问题.在数据集UNSW_NB15上的实验结果表明，所提方法可以有效增强模型的表征能力以及泛化能力，且各项指标性能有比较明显的提升.

关键词: 网络入侵检测, 深度学习, 多尺度卷积神经网络, 长短期记忆网络, 残差网络

CLC Number:

TP393.08

张天月, 陈伟, 刘宇啸, . 基于多尺度时空残差网络的入侵检测方法[J]. 信息安全研究, 2023, 9(11): 1045-.

References

［1］Anderson J P. Computer security threat monitoring and surveillance［R］. Washington: Anderson Company, 1980［2］黄屿璁, 张潮, 吕鑫, 等. 基于深度学习的网络入侵检测研究综述［J］. 信息安全研究, 2022, 8(12): 11631177［3］Zhong Ying, Chen Wenqi, Wang Zhiliang, et al. HELAD: A novel network anomaly detection model based on heterogeneous ensemble learning［J］. Computer Networks, 2020, 169: 107049［4］Tylman W. Anomalybased intrusion detection using Bayesian networks［C］ Proc of the 3rd Int Conf on Dependability of Computer Systems. Piscataway, NJ: IEEE, 2008: 211218［5］Mohammadi M, Rashid T A, Sarkhel H, et al. A comprehensive survey and taxonomy of the SVMbased intrusion detection systems［J］.Journal of Network and Computer Applications, 2021, 178: 102983［6］Guezzaz A, Benkirane S, Azrour M, et al. A reliable network intrusion detection approach using decision tree with enhanced data quality［J］. Security and Communication Networks, 2021, 2021: 1230593［7］Zhang Ling, Zhang Jianwei, Fan Naimei, et al. Intrusion detection model based on rough set and random forest［J］. International Journal of Grid and High Performance Computing, 2022, 14(1): 113［8］Taguelmimt R, Beghdad R. DSkNN: An intrusion detection system based on a distance sumbased Knearest neighbors［J］. International Journal of Information Security and Privacy, 2021, 15(2): 131144［9］Wester P, Heiding F, Lagerstrm R. Anomalybased intrusion detection using tree augmented Naive Bayes［C］ Proc of the 25th Int Enterprise Distributed Object Computing Workshop (EDOCW). Piscataway, NJ: IEEE, 2021: 112121［10］周杰英, 贺鹏飞, 邱荣发, 等. 融合随机森林和梯度提升树的入侵检测研究［J］. 软件学报, 2021, 32(10): 32543265［11］江泽涛, 周谭盛子, 韩立尧. 基于感知哈希矩阵的最近邻入侵检测算法［J］. 电子学报, 2019, 47(7): 15381546［12］Zhang Xiaoqing, Yang Fei, Hu Yue, et al. RANet: Network intrusion detection with groupgating convolutional neural network［J］. Journal of Network and Computer Applications, 2022, 198: 103266［13］王明, 李剑. 基于卷积神经网络的网络入侵检测系统［J］. 信息安全研究, 2017, 3(11): 990994［14］Kasongo M S, Sun Y. A gated recurrent unit based intrusion detection for SCADA networks［C］ Proc of the 6th Int Conf on Computing, Communication and Security (ICCCS). Piscataway, NJ: IEEE, 2021: 16［15］Andresini G, Appice A, Malerba D. Autoencoderbased deep metric learning for network intrusion detection［J］. Information Sciences, 2021, 569: 706727［16］Belarbi O, Khan A, Carnelli P, et al. An intrusion detection system based on deep belief networks［C］ Proc of Int Conf on Science of Cyber Security. Berlin: Springer, 2022: 377392［17］张兴兰, 尹晟霖. 可变融合的随机注意力胶囊网络入侵检测模型［J］. 通信学报, 2020, 41(11): 160168［18］Mirsky Y, Doitshman T, Elovici Y, et al. Kitsune: An ensemble of autoencoders for online network intrusion detection［J］. arXiv preprint, arXiv:1802.09089, 2018［19］Li Xukui, Chen Wei, Zhang Qianru, et al. Building autoencoder intrusion detection system based on random forest feature selection［J］. Computers & Security, 2020, 95: 101851［20］Azizjon M, Jumabek A, Kim W. 1D CNN based network intrusion detection with normalization on imbalanced data［C］ Proc of 2020 Int Conf on Artificial Intelligence in Information and Communication (ICAIIC). Piscataway, NJ: IEEE, 2020: 218224［21］Imrana Y, Xiang Y, Ali L, et al. A bidirectional LSTM deep learning approach for intrusion detection［J］. Expert Systems with Applications, 2021, 185(8): 115524［22］Zhang Jianwu, Ling Yu, Fu Xingbing, et al. Model of the intrusion detection system based on the integration of spatialtemporal features［J］. Computers & Security, 2020, 89: 101681

[1]	. Cyberbullying Detection Model Based on ELMoTextCNN [J]. Journal of Information Security Reserach, 2023, 9(9): 868-.
[2]	. Research on Blockchain Abnormal Transaction Detection Technology Based on LightGBM [J]. Journal of Information Security Reserach, 2023, 9(9): 877-.
[3]	. Encrypted Proxy Traffic Identification Method Based on Convolutional Neural Network#br# [J]. Journal of Information Security Reserach, 2023, 9(8): 722-.
[4]	. Comparison Research on Intrusion Detection Model Based on Machine Learning [J]. Journal of Information Security Reserach, 2023, 9(8): 739-.
[5]	. Research on Vulnerability Text Feature Classification Technology Based on BERT [J]. Journal of Information Security Reserach, 2023, 9(7): 687-.
[6]	. Image Steganalysis Method Based on Multiattention Mechanism and Siamese Network [J]. Journal of Information Security Reserach, 2023, 9(6): 573-.
[7]	. Neural Network Backdoor Detection Method Based on Multilevel Measurement Difference [J]. Journal of Information Security Reserach, 2023, 9(6): 587-.
[8]	. Research on Adversarial Examples Generation Technology Based on Text Keywords [J]. Journal of Information Security Reserach, 2023, 9(4): 338-.
[9]	. [J]. Journal of Information Security Reserach, 2022, 8(8): 760-.
[10]	. [J]. Journal of Information Security Reserach, 2022, 8(8): 793-.
[11]	. [J]. Journal of Information Security Reserach, 2022, 8(8): 812-.
[12]	. DGCNN-based Exploit Kit Attack Activities Detection Method [J]. Journal of Information Security Reserach, 2022, 8(7): 685-.
[13]	. [J]. Journal of Information Security Reserach, 2022, 8(6): 578-.
[14]	. Research and Prospect of Adversarial Attack in the Field of Natural Laguage Processing [J]. Journal of Information Security Reserach, 2022, 8(3): 202-.
[15]	. Physical Adversarial Attacks Against Deep Reinforcement Learning Based Navigation [J]. Journal of Information Security Reserach, 2022, 8(3): 212-.

Intrusion Detection Method Based on Multiscale Spatialtemporal Residual Network

基于多尺度时空残差网络的入侵检测方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics