基于独热编码和卷积神经网络的异常检测
|
摘要
目前基于深度学习的网络异常检测是入侵检测领域新的研究方向,但是大部分研究都是利用数据挖掘处理后的特征数据进行特征学习和分类。该文利用UNSWNB15作为主要研究数据集,利用独热编码对数据集中的原始网络包进行编码,维度重构后形成二维数据,并利用GoogLeNet网络进行特征提取学习,最后训练分类器模型进行检测。实验结果表明:该方法能有效处理原始网络包并进行网络攻击检测,检测精度达到99%以上,高于基于特征数据进行的深度学习检测方法。
Deep learning based network anomaly detection is a new research field with previous studies using preprocessed datasets based on data mining or other methods.This paper transforms and encodes the UNSW-NB15 dataset using one-hot encoding to a two-dimensional dataset.Then,GoogLeNet is used for deep learning network to extract the features and train the classifier.Tests show that this method can effectively process the original network packet with a classification accuracy over 99%,which is much higher than deep learning detection methods based on preprocessed data.
Deep learning based network anomaly detection is a new research field with previous studies using preprocessed datasets based on data mining or other methods.This paper transforms and encodes the UNSW-NB15 dataset using one-hot encoding to a two-dimensional dataset.Then,GoogLeNet is used for deep learning network to extract the features and train the classifier.Tests show that this method can effectively process the original network packet with a classification accuracy over 99%,which is much higher than deep learning detection methods based on preprocessed data.
引文
[1]FIORE U,PALMIERI F,CASTIGLIONE A,et al.Network anomaly detection with the restricted Boltzmann machine[J].Neurocomputing,2013,122:13-23.
[2]YADAV S,SUBRAMANIAN S.Detection of application layer DDoS attack by feature learning using stacked AutoEncoder[C]//Proceedings of 2016 International Conference on Computational Techniques in Information and Communication Technologies.New Delhi,India:IEEE,2016:361-366.
[3]YIN C L,ZHU Y F,FEI J L,et al.A deep learning approach for intrusion detection using recurrent neural networks[J].IEEE Access,2017,5:21954-21961.
[4]YUAN X Y,LI C H,LI X L.DeepDefense:Identifying DDoS attack via deep learning[C]//Proceedings of 2017IEEE International Conference on Smart Computing.Hong Kong,China:IEEE,2017:1-8.
[5]LI Z P,QIN Z,HUANG K,et al.Intrusion detection using convolutional neural networks for representation learning[M]//LIU D,XIE S,LI Y,et al.Neural Information Processing.Cham:Springer,2017:858-866.
[6]WANG W,SHENG Y Q,WANG J L,et al.HAST-IDS:Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J].IEEEAccess,2018,6:1792-1806.
[7]MOUSTAFA N,SLAY J.UNSW-NB15:A comprehensive data set for network intrusion detection systems(UNSW-NB15network data set)[C]//Proceedings of 2015Military Communications and Information Systems Conference.Canberra,ACT,Australia:IEEE,2015:1-6.
[8]MOUSTAFA N,SLAY J.The evaluation of network anomaly detection systems:Statistical analysis of the UNSW-NB15data set and the comparison with the KDD99data set[J].Information Systems Security,2016,25(1-3):18-31.
[9]BOUVRIE J.Notes on convolutional neural networks[Z].Neural Networks,2006.
[10]SZEGEDY C,LIU W,JIA Y Q,et al.Going deeper with convolutions[C]//Proceedings of 2015IEEE Conference on Computer Vision and Pattern Recognition(CVPR).Boston,MA,USA:IEEE,2015:1-9.
[11]LIN M,CHEN Q,YAN S C.Network in network[Z].arXiv:1312.4400,2013.
[2]YADAV S,SUBRAMANIAN S.Detection of application layer DDoS attack by feature learning using stacked AutoEncoder[C]//Proceedings of 2016 International Conference on Computational Techniques in Information and Communication Technologies.New Delhi,India:IEEE,2016:361-366.
[3]YIN C L,ZHU Y F,FEI J L,et al.A deep learning approach for intrusion detection using recurrent neural networks[J].IEEE Access,2017,5:21954-21961.
[4]YUAN X Y,LI C H,LI X L.DeepDefense:Identifying DDoS attack via deep learning[C]//Proceedings of 2017IEEE International Conference on Smart Computing.Hong Kong,China:IEEE,2017:1-8.
[5]LI Z P,QIN Z,HUANG K,et al.Intrusion detection using convolutional neural networks for representation learning[M]//LIU D,XIE S,LI Y,et al.Neural Information Processing.Cham:Springer,2017:858-866.
[6]WANG W,SHENG Y Q,WANG J L,et al.HAST-IDS:Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J].IEEEAccess,2018,6:1792-1806.
[7]MOUSTAFA N,SLAY J.UNSW-NB15:A comprehensive data set for network intrusion detection systems(UNSW-NB15network data set)[C]//Proceedings of 2015Military Communications and Information Systems Conference.Canberra,ACT,Australia:IEEE,2015:1-6.
[8]MOUSTAFA N,SLAY J.The evaluation of network anomaly detection systems:Statistical analysis of the UNSW-NB15data set and the comparison with the KDD99data set[J].Information Systems Security,2016,25(1-3):18-31.
[9]BOUVRIE J.Notes on convolutional neural networks[Z].Neural Networks,2006.
[10]SZEGEDY C,LIU W,JIA Y Q,et al.Going deeper with convolutions[C]//Proceedings of 2015IEEE Conference on Computer Vision and Pattern Recognition(CVPR).Boston,MA,USA:IEEE,2015:1-9.
[11]LIN M,CHEN Q,YAN S C.Network in network[Z].arXiv:1312.4400,2013.