An Intrusion Detection Method for Internet of Things by Fusing #br#
Spatiotemporal Features#br#

Journal of Information Security Reserach ›› 2025, Vol. 11 ›› Issue (3): 241-.

Previous Articles Next Articles

An Intrusion Detection Method for Internet of Things by Fusing #br# Spatiotemporal Features#br#

Weng Tongtong1, Jiao Gui’e2, and Zhang Wenjun2

1(College of Information Technology, Shanghai Ocean University, Shanghai 201306)
2(College of Information Technology, Shanghai Jian Qiao University, Shanghai 201306)

Online:2025-03-18 Published:2025-03-30

一种融合时空特征的物联网入侵检测方法

翁铜铜1矫桂娥2张文俊2

1(上海海洋大学信息学院上海201306)
2(上海建桥学院信息技术学院上海201306)

通讯作者: 翁铜铜硕士.主要研究方向为不平衡分类、入侵检测. 2879420176@qq.com
作者简介:翁铜铜硕士.主要研究方向为不平衡分类、入侵检测. 2879420176@qq.com 矫桂娥博士，教授.主要研究方向为数据挖掘及可视化、数字媒体技术及应用. jiaoguie@gench.edu.cn 张文俊博士，教授.主要研究方向为网络通信技术. wjzhang@mail.shu.edu.cn

Abstract

Abstract: Aiming at the problems of insufficient attack samples and more categories in unbalanced IoT traffic datasets reducing the classification accuracy and generalization ability of the detection model, an intrusion detection method for the Internet of things by fusing spatiotemporal features (BGAREU) is proposed. The data were first normalized and the SMOTEENN method was used to improve the data distribution of the training samples; then temporal features and global information were extracted by Bidirectional gated recurrent unit (BiGRU) and multihead attention, and combined ResNext network and UNet network to construct a multiscale spatial feature extraction network, and then incorporate efficient channel attention (ECANet) into the residual units to enhance the local characterization capability; finally, the fused features are fed into the Softmax classifier for multiclassification. Experiments show that the proposed model has more than 2% improvement in all the metrics compared with other models on IoT traffic datasets UNSWNB15, NSLKDD, and WSNDS. In addition, this paper verifies that the ECANet has stronger characterization ability by comparing multiple attention mechanisms, and explores the effect of different numbers of attention heads in multihead attention on the model performance.

Key words: intrusion detection, bidirectional gated recurrent unit, multihead attention, multiscale feature extraction, ECANet

摘要： 针对不平衡的物联网流量数据集中攻击样本不足且类别较多降低了检测模型的分类准确率和泛化能力等问题，提出一种融合时空特征的物联网入侵检测方法(BGAREU).首先对数据进行规范化处理，并采用SMOTEENN方法改善训练样本的数据分布；然后通过双向门控循环单元(BiGRU)和多头注意力(multihead attention)提取时序特征和全局信息，并结合ResNext网络和UNet网络构建多尺度的空间特征提取网络，再将高效通道注意力(ECANet)加入残差单元中以增强局部表征能力；最后将融合的特征输入Softmax分类器进行多分类.实验表明，在物联网流量数据集UNSWNB15，NSLKDD，WSNDS上与其他模型相比，该模型在各项指标上均有2%以上的提升.此外，还通过对比多种注意力机制验证了ECANet具有更强的表征能力，并探索了多头注意力中不同数量的注意力头对模型性能的影响.

关键词: 入侵检测, 双向门控循环单元, 多头注意力, 多尺度特征提取, 高效通道注意力

CLC Number:

TP393.08

翁铜铜, 矫桂娥, 张文俊, . 一种融合时空特征的物联网入侵检测方法[J]. 信息安全研究, 2025, 11(3): 241-.

References

［1］Jan S U, Ahmed S, Shakhov V, et al. Toward a lightweight intrusion detection system for the Internet of things［J］. IEEE Access, 2019, 7: 4245042471［2］乔楠, 李振兴, 赵国生. XGBoostRF的物联网入侵检测模型［J］. 小型微型计算机系统, 2022, 43(1): 152158［3］卢明星, 杜国真, 季泽旭. 基于深度迁移学习的网络入侵检测［J］. 计算机应用研究, 2020, 37(9): 28112814［4］Zhang Y, Li P, Wang X. Intrusion detection for IoT based on improved genetic algorithm and deep belief network［J］. IEEE Access, 2019, 7: 3171131722［5］Javed A R, Ur Rehman S, Khan M U, et al. CANintelliIDS: Detecting invehicle intrusion attacks on a controller area network using CNN and attentionbased GRU［J］. IEEE Trans on Network Science and Engineering, 2021, 8(2): 14561466［6］李晓佳, 赵国生, 汪洋, 等. 面向CNN和RNN改进的物联网入侵检测模型［J］. 计算机工程与应用, 2023, 59(14): 242250［7］Dogani J, Khunjush F, Seydali M. Host load prediction in cloud computing with discrete wavelet transformation (DWT) and bidirectional gated recurrent unit (BiGRU) network［J］. Computer Communications, 2023, 198: 157174［8］Bushra S N, Subramanian N, Chandrasekar A. An optimal and secure environment for intrusion detection using hybrid optimization based ResNet 101C model［J］. PeertoPeer Networking and Applications, 2023, 16(5): 118［9］Mu J, He H, Li L, et al. A hybrid network intrusion detection model based on CNNLSTM and attention mechanism［C］ Proc of the Int Conf on Frontiers in Cyber Security. Berlin: Springer, 2021: 214229［10］杨晓文, 张健, 况立群, 等. 融合CNNBiGRU和注意力机制的网络入侵检测模型［J］. 信息安全研究, 2024, 10(3): 202208［11］Batista G E A P A, Prati R C, Monard M C. A study of the behavior of several methods for balancing machine learning training data［J］. ACM SIGKDD Explorations Newsletter, 2004, 6(1): 2029［12］Wang Q, Wu B, Zhu P, et al. ECANet: Efficient channel attention for deep convolutional neural networks［C］ Proc of the IEEECVF Conf on Computer Vision and Pattern Recognition(CVPR). Piscataway, NJ: IEEE, 2020: 1153411542［13］Xie S, Girshick R, Dollár P, et al. Aggregated residual transformationsfor deep neural networks［C］ Proc of the IEEE Conf on Computer Vision and Pattern Recognition(CVPR). Piscataway, NJ: IEEE, 2017: 59875995

[1]	. Research on Deep Learningbased Spatiotemporal Feature Fusion Network Intrusion Detection Model [J]. Journal of Information Security Reserach, 2025, 11(2): 122-.
[2]	. A Malicious TLS Traffic Detection Method with Multimodal Features [J]. Journal of Information Security Reserach, 2025, 11(2): 130-.
[3]	. Model of Intrusion Detection Based on Federated Learning and Convolutional Neural Network [J]. Journal of Information Security Reserach, 2024, 10(7): 642-.
[4]	. Vehicle CAN Intrusion Detection Method Based on MobileViT Lightweight Network [J]. Journal of Information Security Reserach, 2024, 10(5): 411-.
[5]	. Research on Network Traffic Intrusion Detection Method Based on Denoising Diffusion Probability Model [J]. Journal of Information Security Reserach, 2024, 10(5): 421-.
[6]	. A Network Intrusion Detection Model Integrating CNN-BiGRU and Attention Mechanism [J]. Journal of Information Security Reserach, 2024, 10(3): 202-.
[7]	. Multifamily Malicious Domain Intrusion Detection Based on #br# Collaborative Attention#br# [J]. Journal of Information Security Reserach, 2024, 10(12): 115-.
[8]	. Comparison Research on Intrusion Detection Model Based on Machine Learning [J]. Journal of Information Security Reserach, 2023, 9(8): 739-.
[9]	. Detection and Classification Method of Network Attacks Based on Generalized Neural Networks [J]. Journal of Information Security Reserach, 2023, 9(6): 593-.
[10]	. Research on Malicious Behavior Detection and Identification Model Based on Deep Learning [J]. Journal of Information Security Reserach, 2023, 9(12): 1152-.
[11]	. A Scalable Realtime Multistep Attack Scene Reconstruction Method#br# #br# [J]. Journal of Information Security Reserach, 2023, 9(12): 1173-.
[12]	. Intrusion Detection Method Based on Multiscale Spatialtemporal Residual Network [J]. Journal of Information Security Reserach, 2023, 9(11): 1045-.
[13]	. A CNN-LSTM Method Based on Attention Mechanism for In vehicle CAN Bus Intrusion Detection [J]. Journal of Information Security Reserach, 2023, 9(10): 961-.
[14]	. Design and Implementation of Anomaly Detection System for Programmable Data Plane System [J]. Journal of Information Security Reserach, 2022, 8(2): 135-.
[15]	. Survey of Network Intrusion Detection Based on Deep Learning [J]. Journal of Information Security Reserach, 2022, 8(12): 1163-.

An Intrusion Detection Method for Internet of Things by Fusing #br# Spatiotemporal Features#br#

一种融合时空特征的物联网入侵检测方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics