基于LSTM的卷積神經(jīng)網(wǎng)絡(luò)異常流量檢測(cè)方法
信息技術(shù)與網(wǎng)絡(luò)安全 7期
陳解元
(國(guó)家計(jì)算機(jī)網(wǎng)絡(luò)與信息安全管理中心,北京100032)
摘要: 針對(duì)傳統(tǒng)機(jī)器學(xué)習(xí)方法依賴人工特征提取,存在檢測(cè)算法準(zhǔn)確率低、無(wú)法應(yīng)對(duì)0day漏洞利用等未知類型攻擊等問(wèn)題,提出一種基于卷積神經(jīng)網(wǎng)絡(luò)(Convolutional Neural Networks,CNN)和長(zhǎng)短期記憶網(wǎng)絡(luò)(Long-Short Term Memory,LSTM)混合算法的異常流量檢測(cè)方法,充分發(fā)掘攻擊流量的結(jié)構(gòu)化特點(diǎn),提取流量數(shù)據(jù)的時(shí)空特征,提高了異常流量檢測(cè)系統(tǒng)性能。實(shí)驗(yàn)結(jié)果表明,在CIC-IDS2017數(shù)據(jù)集上,多種異常流量檢測(cè)的準(zhǔn)確率均超過(guò)96.9%,總體準(zhǔn)確率達(dá)到98.8%,與其他機(jī)器學(xué)習(xí)算法相比準(zhǔn)確率更高,同時(shí)保持了極低的誤警率。
中圖分類號(hào): TP393.08
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.07.007
引用格式: 陳解元. 基于LSTM的卷積神經(jīng)網(wǎng)絡(luò)異常流量檢測(cè)方法[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(7):42-46.
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.07.007
引用格式: 陳解元. 基于LSTM的卷積神經(jīng)網(wǎng)絡(luò)異常流量檢測(cè)方法[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(7):42-46.
Network intrusion detection based on convolutional neural networks with LSTM
Chen Xieyuan
(National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC), Beijing 100032,China)
Abstract: As traditional machine learning methods rely on artificial feature extraction,there are problems such as low accuary and inability to deal with unknown types of attacks such as 0day vulnerability exploitation,this paper proposed a hybrid algorithm based on Convolutional Neural Networks(CNN) and Long-Short Term Memory(LSTM) to fully explore the structural characteristics of attack traffic, extract the spatiotemporal characteristics of traffic data, and improve the performance of abnormal traffic detection system.The experimental results show that on the CIC-IDS2017 data set, the accuracy of various abnormal traffic detection is more than 96.9%, and the overall accuracy reaches 98.8%, which is higher than other machine learning algorithms, while maintaining a very low false alarm rate.
Key words : network intrusion detection;Convolutional Neural Networks(CNN);Long-Short Term Memory(LSTM);deep learning
0 引言
信息技術(shù)的廣泛應(yīng)用和網(wǎng)絡(luò)空間的興起發(fā)展,極大促進(jìn)了經(jīng)濟(jì)社會(huì)繁榮進(jìn)步,同時(shí)也帶來(lái)新的安全風(fēng)險(xiǎn)和挑戰(zhàn)。網(wǎng)絡(luò)安全威脅逐步從信息竊聽、篡改、傳播病毒等方式上升為更新穎的高強(qiáng)度DDoS攻擊、0day漏洞利用、APT攻擊等形式,造成的大規(guī)模數(shù)據(jù)泄露和網(wǎng)絡(luò)黑產(chǎn)行業(yè)大規(guī)模增長(zhǎng)嚴(yán)重危害信息系統(tǒng)運(yùn)營(yíng)者權(quán)益和用戶個(gè)人隱私[1]。網(wǎng)絡(luò)空間中信息傳輸與交互均以流量為載體,通過(guò)異常流量檢測(cè),及時(shí)發(fā)現(xiàn)網(wǎng)絡(luò)異常情況和攻擊行為,對(duì)于強(qiáng)化網(wǎng)絡(luò)安全應(yīng)急響應(yīng)能力,維護(hù)網(wǎng)絡(luò)空間安全具有重要意義[2]。
本文詳細(xì)內(nèi)容請(qǐng)下載:http://m.jysgc.com/resource/share/2000003676
作者信息:
陳解元
(國(guó)家計(jì)算機(jī)網(wǎng)絡(luò)與信息安全管理中心,北京100032)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。