基于LSTM的卷積神經(jīng)網(wǎng)絡異常流量檢測方法
信息技術(shù)與網(wǎng)絡安全 7期
陳解元
(國家計算機網(wǎng)絡與信息安全管理中心,,北京100032)
摘要: 針對傳統(tǒng)機器學習方法依賴人工特征提取,,存在檢測算法準確率低、無法應對0day漏洞利用等未知類型攻擊等問題,,提出一種基于卷積神經(jīng)網(wǎng)絡(Convolutional Neural Networks,,CNN)和長短期記憶網(wǎng)絡(Long-Short Term Memory,LSTM)混合算法的異常流量檢測方法,,充分發(fā)掘攻擊流量的結(jié)構(gòu)化特點,,提取流量數(shù)據(jù)的時空特征,提高了異常流量檢測系統(tǒng)性能,。實驗結(jié)果表明,,在CIC-IDS2017數(shù)據(jù)集上,多種異常流量檢測的準確率均超過96.9%,,總體準確率達到98.8%,,與其他機器學習算法相比準確率更高,同時保持了極低的誤警率,。
中圖分類號: TP393.08
文獻標識碼: A
DOI: 10.19358/j.issn.2096-5133.2021.07.007
引用格式: 陳解元. 基于LSTM的卷積神經(jīng)網(wǎng)絡異常流量檢測方法[J].信息技術(shù)與網(wǎng)絡安全,,2021,40(7):42-46.
文獻標識碼: A
DOI: 10.19358/j.issn.2096-5133.2021.07.007
引用格式: 陳解元. 基于LSTM的卷積神經(jīng)網(wǎng)絡異常流量檢測方法[J].信息技術(shù)與網(wǎng)絡安全,,2021,40(7):42-46.
Network intrusion detection based on convolutional neural networks with LSTM
Chen Xieyuan
(National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC), Beijing 100032,,China)
Abstract: As traditional machine learning methods rely on artificial feature extraction,there are problems such as low accuary and inability to deal with unknown types of attacks such as 0day vulnerability exploitation,,this paper proposed a hybrid algorithm based on Convolutional Neural Networks(CNN) and Long-Short Term Memory(LSTM) to fully explore the structural characteristics of attack traffic, extract the spatiotemporal characteristics of traffic data, and improve the performance of abnormal traffic detection system.The experimental results show that on the CIC-IDS2017 data set, the accuracy of various abnormal traffic detection is more than 96.9%, and the overall accuracy reaches 98.8%, which is higher than other machine learning algorithms, while maintaining a very low false alarm rate.
Key words : network intrusion detection;Convolutional Neural Networks(CNN),;Long-Short Term Memory(LSTM),;deep learning
0 引言
信息技術(shù)的廣泛應用和網(wǎng)絡空間的興起發(fā)展,極大促進了經(jīng)濟社會繁榮進步,,同時也帶來新的安全風險和挑戰(zhàn),。網(wǎng)絡安全威脅逐步從信息竊聽、篡改,、傳播病毒等方式上升為更新穎的高強度DDoS攻擊,、0day漏洞利用、APT攻擊等形式,,造成的大規(guī)模數(shù)據(jù)泄露和網(wǎng)絡黑產(chǎn)行業(yè)大規(guī)模增長嚴重危害信息系統(tǒng)運營者權(quán)益和用戶個人隱私[1],。網(wǎng)絡空間中信息傳輸與交互均以流量為載體,通過異常流量檢測,,及時發(fā)現(xiàn)網(wǎng)絡異常情況和攻擊行為,,對于強化網(wǎng)絡安全應急響應能力,維護網(wǎng)絡空間安全具有重要意義[2],。
本文詳細內(nèi)容請下載:http://forexkbc.com/resource/share/2000003676
作者信息:
陳解元
(國家計算機網(wǎng)絡與信息安全管理中心,,北京100032)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載,。