基于LSTM的卷積神經(jīng)網(wǎng)絡(luò)異常流量檢測方法
信息技術(shù)與網(wǎng)絡(luò)安全 7期
陳解元
(國家計算機網(wǎng)絡(luò)與信息安全管理中心,北京100032)
摘要: 針對傳統(tǒng)機器學(xué)習(xí)方法依賴人工特征提取,存在檢測算法準(zhǔn)確率低、無法應(yīng)對0day漏洞利用等未知類型攻擊等問題,提出一種基于卷積神經(jīng)網(wǎng)絡(luò)(Convolutional Neural Networks,CNN)和長短期記憶網(wǎng)絡(luò)(Long-Short Term Memory,LSTM)混合算法的異常流量檢測方法,充分發(fā)掘攻擊流量的結(jié)構(gòu)化特點,提取流量數(shù)據(jù)的時空特征,提高了異常流量檢測系統(tǒng)性能。實驗結(jié)果表明,在CIC-IDS2017數(shù)據(jù)集上,多種異常流量檢測的準(zhǔn)確率均超過96.9%,總體準(zhǔn)確率達(dá)到98.8%,與其他機器學(xué)習(xí)算法相比準(zhǔn)確率更高,同時保持了極低的誤警率。
中圖分類號: TP393.08
文獻(xiàn)標(biāo)識碼: A
DOI: 10.19358/j.issn.2096-5133.2021.07.007
引用格式: 陳解元. 基于LSTM的卷積神經(jīng)網(wǎng)絡(luò)異常流量檢測方法[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(7):42-46.
文獻(xiàn)標(biāo)識碼: A
DOI: 10.19358/j.issn.2096-5133.2021.07.007
引用格式: 陳解元. 基于LSTM的卷積神經(jīng)網(wǎng)絡(luò)異常流量檢測方法[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(7):42-46.
Network intrusion detection based on convolutional neural networks with LSTM
Chen Xieyuan
(National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC), Beijing 100032,China)
Abstract: As traditional machine learning methods rely on artificial feature extraction,there are problems such as low accuary and inability to deal with unknown types of attacks such as 0day vulnerability exploitation,this paper proposed a hybrid algorithm based on Convolutional Neural Networks(CNN) and Long-Short Term Memory(LSTM) to fully explore the structural characteristics of attack traffic, extract the spatiotemporal characteristics of traffic data, and improve the performance of abnormal traffic detection system.The experimental results show that on the CIC-IDS2017 data set, the accuracy of various abnormal traffic detection is more than 96.9%, and the overall accuracy reaches 98.8%, which is higher than other machine learning algorithms, while maintaining a very low false alarm rate.
Key words : network intrusion detection;Convolutional Neural Networks(CNN);Long-Short Term Memory(LSTM);deep learning
0 引言
信息技術(shù)的廣泛應(yīng)用和網(wǎng)絡(luò)空間的興起發(fā)展,極大促進(jìn)了經(jīng)濟(jì)社會繁榮進(jìn)步,同時也帶來新的安全風(fēng)險和挑戰(zhàn)。網(wǎng)絡(luò)安全威脅逐步從信息竊聽、篡改、傳播病毒等方式上升為更新穎的高強度DDoS攻擊、0day漏洞利用、APT攻擊等形式,造成的大規(guī)模數(shù)據(jù)泄露和網(wǎng)絡(luò)黑產(chǎn)行業(yè)大規(guī)模增長嚴(yán)重危害信息系統(tǒng)運營者權(quán)益和用戶個人隱私[1]。網(wǎng)絡(luò)空間中信息傳輸與交互均以流量為載體,通過異常流量檢測,及時發(fā)現(xiàn)網(wǎng)絡(luò)異常情況和攻擊行為,對于強化網(wǎng)絡(luò)安全應(yīng)急響應(yīng)能力,維護(hù)網(wǎng)絡(luò)空間安全具有重要意義[2]。
本文詳細(xì)內(nèi)容請下載:http://www.jysgc.com/resource/share/2000003676
作者信息:
陳解元
(國家計算機網(wǎng)絡(luò)與信息安全管理中心,北京100032)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。