数据与计算发展前沿 ›› 2021, Vol. 3 ›› Issue (3): 59-74.

doi: 10.11871/jfdc.issn.2096-742X.2021.03.006

• 网络通信与安全专刊 • 上一篇    下一篇

基于深度学习的网络入侵检测研究综述

肖建平1,2(),龙春1,2,*(),赵静1(),魏金侠1(),胡安磊3(),杜冠瑶1,2()   

  1. 1.中国科学院计算机网络信息中心,北京 100190
    2.中国科学院大学,计算机科学与技术学院,北京 101408
    3.中国互联网络信息中心,北京 100190
  • 收稿日期:2021-05-09 出版日期:2021-06-20 发布日期:2021-07-09
  • 通讯作者: 龙春
  • 作者简介:肖建平,中国科学院计算机网络信息中心,中国科学院大学,硕士研究生,主要研究方向为安全态势感知、安全大数据分析。
    本文中负责搜集参考文献、分析总结入侵检测的相关问题和整体统稿。
    XIAO Jianping is currently a postgraduate student at the Computer Network Information Center, Chinese Academy of Sciences. His research interests include security situation awareness and security big data analysis.
    In this paper, he is responsible for collecting references, analyzing and summarizing the related problems of intrusion detection, and the overall draft.
    E-mail: xiaojianping@cnic.cn|龙春,中国科学院计算机网络信息中心,博士,正高级工程师,主要研究方向为网络安全态势感知、安全大数据分析、云计算安全。
    本文中负责总体写作思路的确定,提供了部分参考文献。
    LONG Chun, Ph.D., is a senior engineer at the Computer Network Information Center, Chinese Academy of Sciences. His current research interests include network security situation awareness, security big data analysis, and cloud computing security.
    In this paper, he is responsible for the determination of the overall writing idea and provides some references.
    E-mail: longchun@cnic.cn|赵静,中国科学院计算机网络信息中心,高级工程师,主要研究方向为网络安全态势感知、安全大数据分析、云计算安全。
    本文中提供写作思路的指导。
    ZHAO Jing is a senior engineer at the Computer Network Information Center, Chinese Academy of Sciences. Her current research interests include network security situation awareness, security big data analysis, and cloud computing security.
    In this paper, she provides the guidance of writing ideas.
    E-mail: jingzhao@cnic.cn|魏金侠,中国科学院计算机网络信息中心,高级工程师,主要研究方向为网络安全态势感知、安全大数据分析、云计算安全。
    在本文中提供写作指导,文献指导。
    WEI Jinxia is currently a senior engineer at the Computer Network Information Center, Chinese Academy of Sciences. Her current research interests include network security situation awareness, security big data analysis, and cloud computing security.
    In this paper, she provides writing guidance and literature guidance.
    E-mail: weijinxia@cnic.cn|胡安磊,中国互联网络信息中心,正高级工程师,主要研究方向为互联网基础资源安全、网络安全态势感知、网络安全应急。
    本文中针对深度学习的相关问题给出了明确的建议。
    HU Anlei is a senior engineer at the China Internet Network Information Center. His current research interests include Internet basic resource security, network security situational awareness, and network security emergency response.
    In this paper, he gives clear suggestions on the related problems of deep learning.
    E-mail: huanlei@cnnic.cn|杜冠瑶,中国科学院计算机网络信息中心,高级工程师,主要研究方向为网络安全态势感知、安全大数据分析、云计算安全。
    本文中负责未来发展方向的分析。
    DU Guanyao is currently a senior engineer at the Computer Network Information Center, Chinese Academy of Sciences. Her current research interests include network security situation awareness, security big data analysis, and cloud computing security.
    In this paper, she is responsible for the analysis of future development directions.
    E-mail: duguanyao@cnic.cn
  • 基金资助:
    中国科学院“十四五”网信专项先期建设项目(WX145XQ10);中国科学院“十四五”网信专项先期建设项目(WX145XQ11)

A Survey on Network Intrusion Detection Based on Deep Learning

XIAO Jianping1,2(),LONG Chun1,2,*(),ZHAO Jing1(),WEI Jinxia1(),HU Anlei3(),DU Guanyao1,2()   

  1. 1. Computer Network Information Center, Chinese Academy of Sciences, Beijing 100190, China
    2. School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 101408, China
    3. China Internet Network Information Center, Beijing 100190, China
  • Received:2021-05-09 Online:2021-06-20 Published:2021-07-09
  • Contact: LONG Chun

摘要:

【目的】 互联网的迅速发展给人们的生活带来了极大的便利,然而各种网络攻击行为也日益增加,网络空间面临着严重的威胁。入侵检测在防护网络攻击中发挥着关键作用。【文献范围】 近年来,深度学习方法在入侵检测领域得到了广泛应用。本文通过广泛的文献调查,选取了该领域的最新研究工作。【方法】 首先介绍了当前的网络安全形势,并总结了入侵检测系统的类型、数据集和评估方法,然后在检测技术层面,论述了基于传统机器学习方法的入侵检测和基于深度学习的入侵检测。最后,对入侵检测技术未来的研究方向进行了展望。【结果】 通过分析对比,基于深度学习方法的入侵检测系统通常具有更好的性能。【局限】 受限于获取文献的范围,没有对基于深度学习的入侵检测方法所解决的问题进行对比。【结论】 基于深度学习方法的入侵检测技术在处理高维数据、获取数据中隐藏信息、解决网络中数据不平衡问题等方面具有优势,未来在入侵检测领域会应用地越来越广泛。

关键词: 网络安全, 入侵检测, 深度学习, 机器学习

Abstract:

[Objective] The rapid development of the Internet has brought great convenience to people's life. However, various malicious network attacks are also increasing, and cyberspace is facing serious threats. Intrusion detection plays a key role in preventing network attacks. [Coverage] In recent years, deep learning methods have been widely used in the field of intrusion detection. In this paper, through an extensive literature survey, we select the latest research work in this field. [Methods] Firstly, this paper introduces the current network security situation and summarizes the types, data sets, and evaluation methods of intrusion detection systems. In the aspect of detection technology, it discusses traditional machine learning and deep learning methods. Finally, it introduces the future research direction of intrusion detection technology. [Results] Through analysis and comparison, it shows that intrusion detection systems based on deep learning methods usually have better performance.[Limitations] Due to the scope of the available literature, this article does not make a comparison in the view of the problems solved by various intrusion detection methods based on deep learning. [Conclusions] Intrusion detection technologies based on deep learning have advantages in processing high-dimensional data, obtaining hidden information in data, and solving the problem of data imbalance in the network. In the future, it will be more and more widely used in the field of intrusion detection.

Key words: cyber security, intrusion detection, deep learning, machine learning