《電子技術(shù)應(yīng)用》
您所在的位置:首頁 > 其他 > 设计应用 > 基于LSTM的卷积神经网络异常流量检测方法
基于LSTM的卷积神经网络异常流量检测方法
信息技术与网络安全 7期
陈解元
(国家计算机网络与信息安全管理中心,北京100032)
摘要: 针对传统机器学习方法依赖人工特征提取,存在检测算法准确率低、无法应对0day漏洞利用等未知类型攻击等问题,提出一种基于卷积神经网络(Convolutional Neural Networks,CNN)和长短期记忆网络(Long-Short Term Memory,LSTM)混合算法的异常流量检测方法,充分发掘攻击流量的结构化特点,提取流量数据的时空特征,提高了异常流量检测系统性能。实验结果表明,在CIC-IDS2017数据集上,多种异常流量检测的准确率均超过96.9%,总体准确率达到98.8%,与其他机器学习算法相比准确率更高,同时保持了极低的误警率。
中圖分類號(hào): TP393.08
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.07.007
引用格式: 陳解元. 基于LSTM的卷積神經(jīng)網(wǎng)絡(luò)異常流量檢測方法[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(7):42-46.
Network intrusion detection based on convolutional neural networks with LSTM
Chen Xieyuan
(National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC), Beijing 100032,China)
Abstract: As traditional machine learning methods rely on artificial feature extraction,there are problems such as low accuary and inability to deal with unknown types of attacks such as 0day vulnerability exploitation,this paper proposed a hybrid algorithm based on Convolutional Neural Networks(CNN) and Long-Short Term Memory(LSTM) to fully explore the structural characteristics of attack traffic, extract the spatiotemporal characteristics of traffic data, and improve the performance of abnormal traffic detection system.The experimental results show that on the CIC-IDS2017 data set, the accuracy of various abnormal traffic detection is more than 96.9%, and the overall accuracy reaches 98.8%, which is higher than other machine learning algorithms, while maintaining a very low false alarm rate.
Key words : network intrusion detection;Convolutional Neural Networks(CNN);Long-Short Term Memory(LSTM);deep learning

0 引言

信息技術(shù)的廣泛應(yīng)用和網(wǎng)絡(luò)空間的興起發(fā)展,極大促進(jìn)了經(jīng)濟(jì)社會(huì)繁榮進(jìn)步,同時(shí)也帶來新的安全風(fēng)險(xiǎn)和挑戰(zhàn)。網(wǎng)絡(luò)安全威脅逐步從信息竊聽、篡改、傳播病毒等方式上升為更新穎的高強(qiáng)度DDoS攻擊、0day漏洞利用、APT攻擊等形式,造成的大規(guī)模數(shù)據(jù)泄露和網(wǎng)絡(luò)黑產(chǎn)行業(yè)大規(guī)模增長嚴(yán)重危害信息系統(tǒng)運(yùn)營者權(quán)益和用戶個(gè)人隱私[1]。網(wǎng)絡(luò)空間中信息傳輸與交互均以流量為載體,通過異常流量檢測,及時(shí)發(fā)現(xiàn)網(wǎng)絡(luò)異常情況和攻擊行為,對(duì)于強(qiáng)化網(wǎng)絡(luò)安全應(yīng)急響應(yīng)能力,維護(hù)網(wǎng)絡(luò)空間安全具有重要意義[2]。




本文詳細(xì)內(nèi)容請(qǐng)下載:http://m.ihrv.cn/resource/share/2000003676



作者信息:

陳解元

(國家計(jì)算機(jī)網(wǎng)絡(luò)與信息安全管理中心,北京100032)


此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。

相關(guān)內(nèi)容