数据与计算发展前沿 ›› 2021, Vol. 3 ›› Issue (3): 59-74.
doi: 10.11871/jfdc.issn.2096-742X.2021.03.006
肖建平1,2(),龙春1,2,*(),赵静1(),魏金侠1(),胡安磊3(),杜冠瑶1,2()
收稿日期:
2021-05-09
出版日期:
2021-06-20
发布日期:
2021-07-09
通讯作者:
龙春
作者简介:
肖建平,中国科学院计算机网络信息中心,中国科学院大学,硕士研究生,主要研究方向为安全态势感知、安全大数据分析。 基金资助:
XIAO Jianping1,2(),LONG Chun1,2,*(),ZHAO Jing1(),WEI Jinxia1(),HU Anlei3(),DU Guanyao1,2()
Received:
2021-05-09
Online:
2021-06-20
Published:
2021-07-09
Contact:
LONG Chun
摘要:
【目的】 互联网的迅速发展给人们的生活带来了极大的便利,然而各种网络攻击行为也日益增加,网络空间面临着严重的威胁。入侵检测在防护网络攻击中发挥着关键作用。【文献范围】 近年来,深度学习方法在入侵检测领域得到了广泛应用。本文通过广泛的文献调查,选取了该领域的最新研究工作。【方法】 首先介绍了当前的网络安全形势,并总结了入侵检测系统的类型、数据集和评估方法,然后在检测技术层面,论述了基于传统机器学习方法的入侵检测和基于深度学习的入侵检测。最后,对入侵检测技术未来的研究方向进行了展望。【结果】 通过分析对比,基于深度学习方法的入侵检测系统通常具有更好的性能。【局限】 受限于获取文献的范围,没有对基于深度学习的入侵检测方法所解决的问题进行对比。【结论】 基于深度学习方法的入侵检测技术在处理高维数据、获取数据中隐藏信息、解决网络中数据不平衡问题等方面具有优势,未来在入侵检测领域会应用地越来越广泛。
肖建平,龙春,赵静,魏金侠,胡安磊,杜冠瑶. 基于深度学习的网络入侵检测研究综述[J]. 数据与计算发展前沿, 2021, 3(3): 59-74.
XIAO Jianping,LONG Chun,ZHAO Jing,WEI Jinxia,HU Anlei,DU Guanyao. A Survey on Network Intrusion Detection Based on Deep Learning[J]. Frontiers of Data and Computing, 2021, 3(3): 59-74.
表1
基于传统机器学习的入侵检测"
文献 | 传统机器 学习方法 | 数据处 理方法 | 特征选 择/提取 | 数据集 | 任务 类别 | 性能评价 |
---|---|---|---|---|---|---|
[ | HMM | \ | 序列采样 | 公共和私有数据集 | 多分类 | \ |
[ | HMM、PCA | 数据传输、数据归一化和特征提取 | \ | Kyoto 2006+ | 二分类 | Precision:98.3%、ACC:99.1%、Recall:95.1% |
[ | KNN、树种子算法(TSA) | 数据归一化 | KNN-TSA | KDD 99 | 二分类 | ACC: 87.34% |
[ | KNN、SVM | 数据缩减、攻击类别转换、数据标准化 | NBFS | KDD 99、NSL-KDD 、Kyoto 2006+ | 多分类 | DR:KDD 99:94.58%(DOS)、93.25%(R2L)、92.02%(U2R)、91.12%(Probe);NSL-KDD:95.77%(DOS)、95.60%(R2L)、94.85%(U2R)、94.21%(Probe); Kyoto2006+:94.97%(DOS)、94.81%(R2L)、93.93%(U2R)、93.87%(Probe) |
[ | SVM | 零-均值规范化 | 压缩采样 | KDD 99 | 多分类 | DR: 99.01%(R2L)、98.39%(Dos)、FPR:1.13%(U2R)、0.94%(R2L) |
[ | PCA、SVM | 数据数值化、线性比例变换法 | PCA | KDD 99 | 多分类 | ACC:99.93%(DoS)、98.6%(Probe) DR:96.92%(all)、97.50%(R2L) |
[ | k-means、SVM | 对数缩放 | \ | KDD 99 | 多分类 | ACC:95.75% DR:99.53%(Dos)、31.39%(R2L) |
[ | GMM | \ | \ | NSL-KDD | 二分类 | ACC:94.28% 、DR:97.21%、 FAR:8.59% |
[ | PCA、IG、k-means | \ | k-means、信息增益率 | NSL-KDD | 二分类 | ACC:90.48%、DR:89.01%、FAR:2.45% |
表1
基于深度学习的入侵检测"
文献 | 深度学习 方法 | 数据预处理方法 | 特征选择方法 | 数据集 | 任务类别 | 性能评价 |
---|---|---|---|---|---|---|
[ | RNN | 特征数值化和数值归一化 | RNN | NSL-KDD | 多分类 | 整体ACC:99.16%,整体FAR:0.34% |
[ | BLSTMRNN | 手动提取攻击类型 | \ | UNSW-NB15 | 二分类 | ACC: 95.71%、Recall : 96%、f1-score: 98% |
[ | NDAE | 特征数值化和数值归一化 | NDAE | KDD99 | 多分类 | 整体ACC: 97.85%、Recall : 97.85%、f1-score: 98.15% |
[ | DRBM | One-hot编码 | \ | KDD99 | 二分类 | ACC:95% |
[ | DBN、GA | Min-Max正则化 | GA | NSL-KDD | 多分类 | ACC: 99.37%(Probe) 99.45%(DoS)、98.68%(U2R)、97.78%(R2L) Recall: 99.4%(Probe)、99.7%(DoS)、98.2%(U2R)、93.4%(R2L) |
[ | CNN、AE | One-hot编码Min-Max 正则化 | PCA、AE、CNN | KDD 99 | 多分类 | ACC: 94%、DR: 93%、FAR: 0.5% |
[ | CNN | One-hot编码Min-Max正则化 | \ | NSL-KDD | 多分类 | ACC: KDDTest+79.48% KDDTest-21 60.71% |
[ | GAN | \ | \ | ADFA-LD | 二分类 | F-meaure: 41.64%、AUC: 71.30% |
[1] | 2020年上半年我国互联网网络安全监测数据分析报告[EB/OL]. 国家互联网应急中心CNCERT.[2021-05-08]. https://www.cert.org.cn/publish/main/upload/File/2020Report(2).pdf. |
[2] | Anderson JP. Computer security threat monitoring and surveillance[R]. Technical report, James P. Anderson Company, 1980. |
[3] | Denning D.E. An Intrusion-Detection Model[J]. IEEE Transactions on Software Engineering, 1987, 13(2):222-232. |
[4] | Lin Y., Zhang Y., Ou Y. The Design and Implementation of Host-Based Intrusion Detection System[C]. In: Pro-ceedings of the 2010 Third International Symposium on Intelligent Information Technology and Security Infor-matics, 2010:595-598. |
[5] |
Hamed T., Dara R., Kremer S.C. Network intrusion detection system based on recursive feature addition and bigram technique[J]. Computers & Security, 2018, 73:137-155.
doi: 10.1016/j.cose.2017.10.011 |
[6] | Lippmann R., Haines J.W., Fried D.J., et al. Evaluating intrusion detection systems: The 1998 DARPA offline intrusion detection evaluation[C]. IEEE DARPA Inf. Surviv. Conf. Expo., 2000: 12-26. |
[7] | University of California Irvine, KDD repository. Stolfo S. J., KDD Cup 1999 Data Set, http://kdd.ics.uci.edu, Jun. 2014. |
[8] | Tavallaee M., Bagheri E., Lu W., Ghorbani AA. A detailed analysis of the KDD CUP 99 data set[C]. 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009. 1-6. |
[9] |
Shiravi A., Shiravi H., Tavallaee M., Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection[J]. Computers & Security, 2012, 31(3):357-374.
doi: 10.1016/j.cose.2011.12.012 |
[10] | Moustafa N., Slay J. UNSW-NB15: A Comprehensive Data set for Network Intrusion Detection systems (UNSW-NB15 Network Data Set)[C]. Military Communications and Information Systems Conference (MilCIS), 2015: 1-6. |
[11] | Sharafaldin I., Lashkari A.H., Ghorbani A.A. Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, 2018: 108-116. |
[12] |
Ariu D., Tronci R., Giacinto G. HMMPayl: An intrusion detection system based on Hidden Markov Models[J]. Computers & Security, 2011, 30(4):221-241.
doi: 10.1016/j.cose.2010.12.004 |
[13] | Xiao L., Wang H. Network Intrusion Detection Based on Hidden Markov Model and Conditional Entropy[J]. Information Sciences, 2019:509-519. |
[14] |
Liang J.W., Ma M.D., Sadiq M., Yeung K.H. A filter model for intrusion detection system in Vehicle Ad Hoc Networks: A hidden Markov methodology[J]. Knowledge-Based Systems, 2019, 163:611-623.
doi: 10.1016/j.knosys.2018.09.022 |
[15] | Chen F., Ye Z., Wang C., Yan L., Wang R. A Feature Selection Approach for Network Intrusion Detection Based on Tree-Seed Algorithm and K-Nearest Neighbor[C]. In: Proceedings of the 2018 IEEE 4th International Sym-posium on Wireless Systems within the International Conferences on Intelligent Data Acquisition and Advanced Computing Systems, 2018: 68-72. |
[16] |
Saleh A.I., Talaat F.M., Labib L.M. A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers[J]. Artificial Intelligence Review, 2019, 51(3):403-443.
doi: 10.1007/s10462-017-9567-1 |
[17] | Chen S., Peng M., Xiong H., Yu X. SVM Intrusion Detection Model Based on Compressed Sampling[J]. Journal of Electrical and Computer Engineering, 2016, 2016:1-6. |
[18] | 戚名钰, 刘铭, 傅彦铭. 基于PCA的SVM网络入侵检测研究[J]. 信息网络安全, 2015, (02):15-18. |
[19] |
Wang H.W., Gu J., Wang S.S. An effective intrusion detection framework based on SVM with feature augmen-tation[J]. Knowledge-Based Systems, 2017, 136:130-139.
doi: 10.1016/j.knosys.2017.09.014 |
[20] | Aung Y.Y., Min M.M. Hybrid Intrusion Detection System using K-means and Classification and Regression Trees Algorithms[C]. In: Proceedings of the 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, 2018: 195-199. |
[21] |
Al-Yaseen W.L., Othman Z.A., Nazri M.Z.A. Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system[J]. Expert Systems with Applications, 2017, 67:296-303.
doi: 10.1016/j.eswa.2016.09.041 |
[22] | Bitaab M., Hashemi S. Hybrid Intrusion Detection: Combining Decision Tree and Gaussian Mixture Model[C]. In: Proceedings of the 2017 14th International ISC (Iranian Society of Cryptology) Conference on Informa-tion Security and Cryptology (ISCISC), 2017: 8-12. |
[23] |
Chapaneri R., Shah S. Multi-level Gaussian mixture modeling for detection of malicious network traffic[J]. Journal of Supercomputing, 2021, 77(5):4618-4638.
doi: 10.1007/s11227-020-03447-z |
[24] |
De La Hoz E., Ortiz A., Ortega J., Prieto B. PCA filtering and probabilistic SOM for network intrusion detection[J]. Neurocomputing, 2015, 164:71-81.
doi: 10.1016/j.neucom.2014.09.083 |
[25] | 许勐璠, 李兴华, 刘海, 钟成, 马建峰. 基于半监督学习和信息增益率的入侵检测方案[J]. 计算机研究与发展, 2017, 54(10):2255-2267. |
[26] |
Yao H.P., Fu D.Y., Zhang P.Y., Li M.Z., Liu Y.J. MSML: A Novel Multilevel Semi-Supervised Machine Learning Framework for Intrusion Detection System[J]. IEEE Internet of Things Journal, 2019, 6(2):1949-1959.
doi: 10.1109/JIoT.6488907 |
[27] |
LeCun Y., Bengio Y., Hinton G. Deep learning[J]. Nature, 2015, 521(7553):436-444.
doi: 10.1038/nature14539 pmid: 26017442 |
[28] | Deng L., Yu D. Deep Learning: Methods and Applications[J]. Found Trends Signal Process, 2014, 7(3-4):197-387. |
[29] | Tang T.A., Mhamdi L., McLernon D., Zaidi S.A.R., Ghogho M. Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks[C]. In: Proceedings of the 2018 4th IEEE Conference on Network Softwari-zation and Workshops (NetSoft), 2018: 202-206. |
[30] | Suda H., Natsui M., Hanyu T. Systematic Intrusion Detection Technique for an In-vehicle Network Based on Time-Series Feature Extraction. In: Proceedings of the 2018 IEEE 48th International Symposium on Multiple-Valued Logic (ISMVL), 2018: 56-61. |
[31] | 燕昺昊, 韩国栋. 基于深度循环神经网络和改进SMOTE算法的组合式入侵检测模型[J]. 网络与信息安全学报, 2018, 4(07):48-59. |
[32] |
Hochreiter S., Schmidhuber J. Long short-term memory[J]. Neural Computation, 1997, 9(8):1735-1780.
pmid: 9377276 |
[33] |
Hou H.X., Xu Y.Y., Chen M.H., Liu Z., Guo W., Gao M.C., et al. Hierarchical Long Short-Term Memory Network for Cyberattack Detection[J]. IEEE Access, 2020, 8:90907-90913.
doi: 10.1109/Access.6287639 |
[34] | Roy B., Cheung H. A Deep Learning Approach for Intrusion Detection in Internet of Things using Bi-Directional Long Short-Term Memory Recurrent Neural Network[C]. In: Proceedings of the 2018 28th International Telecommunication Networks and Applications Confer-ence, 2018: 57-62. |
[35] |
Xu C., Shen J., Du X., Zhang F. An Intrusion Detection System Using a Deep Neural Network With Gated Recurrent Units[J]. IEEE Access, 2018, 6:48697-48707.
doi: 10.1109/ACCESS.2018.2867564 |
[36] | Shone N., Ngoc T.N., Phai V.D., Shi Q. A Deep Learning Approach to Network Intrusion Detection[J]. IEEE Trans-actions on Emerging Topics in Computational Intelligence, 2018, 2(1):41-50. |
[37] |
Li X.K., Chen W., Zhang Q.R., Wu L.F. Building Auto-Encoder Intrusion Detection System based on random forest feature selection[J]. Computers & Security, 2020, 95:101851.
doi: 10.1016/j.cose.2020.101851 |
[38] | Vartouni A.M., Kashi S.S., Teshnehlab M. An Anomaly Detection Method to Detect Web Attacks Using Stacked Auto-Encoder[C]. In: Proceedings of the 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems, 2018: 131-134. |
[39] | Farahnakian F., Heikkonen J. A Deep Auto-Encoder based Approach for Intrusion Detection System[C]. In: Proceedings of the 2018 20th International Conference on Advanced Communication Technology, 2018: 178-183. |
[40] |
Yang Y.Q., Zheng K.F., Wu B., Yang Y.X., Wang X.J. Network Intrusion Detection Based on Supervised Adversarial Variational Auto-Encoder With Regulariza-tion[J]. IEEE Access, 2020, 8:42169-42184.
doi: 10.1109/Access.6287639 |
[41] |
Fiore U., Palmieri F., Castiglione A., De Santis A. Net-work anomaly detection with the restricted Boltzmann machine[J]. Neurocomputing, 2013, 122:13-23.
doi: 10.1016/j.neucom.2012.11.050 |
[42] |
Aldwairi T., Perera D., Novotny M.A. An evaluation of the performance of Restricted Boltzmann Machines as a model for anomaly network intrusion detection[J]. Computer Networks, 2018, 144:111-119.
doi: 10.1016/j.comnet.2018.07.025 |
[43] | Elsaeidy A., Munasinghe K.S., Sharma D., Jamalipour A. Intrusion detection in smart cities using Restricted Boltzmann Machines[J]. Journal of Network and Com-puter Applications, 2019, 135:76-83. |
[44] | Gao N., Gao L., Gao Q., Wang H. An Intrusion Detection Model Based on Deep Belief Networks[C]. In: Proceedings of the 2014 Second International Conference on Advanced Cloud and Big Data, 2014: 247-252. |
[45] |
Zhang Y., Li P.S., Wang X.H. Intrusion Detection for IoT Based on Improved Genetic Algorithm and Deep Belief Network[J]. IEEE Access, 2019, 7:31711-31722.
doi: 10.1109/ACCESS.2019.2903723 |
[46] |
Xiao Y.H., Xing C., Zhang T.N., Zhao Z.K. An Intrusion Detection Model Based on Feature Reduction and Convolutional Neural Networks[J]. IEEE Access, 2019, 7:42210-42219.
doi: 10.1109/Access.6287639 |
[47] |
Naseer S., Saleem Y., Khalid S., Bashir M.K., Han J.H, Iqbal M.M., et al. Enhanced Network Anomaly Detection Based on Deep Neural Networks[J]. IEEE Access, 2018, 6:48231-48246.
doi: 10.1109/ACCESS.2018.2863036 |
[48] |
Wu KH, Chen ZG, Li W. A Novel Intrusion Detection Model for a Massive Network Using Convolutional Neural Networks[J]. IEEE Access, 2018, 6:50850-50859.
doi: 10.1109/ACCESS.2018.2868993 |
[49] | Blanco R., Malagón P., Cilla J.J., Moya J.M. Multiclass Network Attack Classifier Using CNN Tuned with Genetic Algorithms[C]. In: Proceedings of the 2018 28th International Symposium on Power and Timing Modeling, Optimization and Simulation (PATMOS), 2018: 177-182. |
[50] | 张阳玉, 吕光宏, 李鹏飞. SDN网络入侵检测系统的深度学习方法综述[J]. 计算机应用, 2019, 39(S2):147-151. |
[51] | Goodfellow I., Pouget-Abadie J., Mirza M., Xu B., Warde-Farley D., Ozair S., et al. Generative Adversarial Nets[C]. Advances in Neural Information Processing Systems, 2014: 2672-2680. |
[52] | Salem M., Taheri S., Yuan J.S. Anomaly Generation Using Generative Adversarial Networks in Host-Based Intrusion Detection[C]. In: Proceedings of the 2018 9th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), 2018: 683-687. |
[53] | Lin Z., Shi Y., Xue Z. IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection[J]. ArXiv Preprint ArXiv: 1809. 02077, 2018. |
[54] | Usama M., Asim M., Latif S., Qadir J., Ala Al F. Gen-erative Adversarial Networks For Launching and Th-warting Adversarial Attacks on Network Intrusion Detec-tion Systems[C]. In: Proceedings of the 2019 15th International Wireless Communications & Mobile Computing Confer-ence, 2019: 78-83. |
[55] | Javaid A, Niyaz Q, Sun W, Alam M. A Deep Learning Approach for Network Intrusion Detection System[J]. EAI Endorsed Transactions on Security and Safety, 2016, 3(9):21-26. |
[56] | Cordero CG, Hauke S, Mühlhäuser M, Fischer M. Analyzing flow-based anomaly intrusion detection using Replicator Neural Networks[C]. In: Proceedings of the 2016 14th Annual Conference on Privacy, Security and Trust (PST), 2016: 317-324. |
[57] |
Li D, Deng L, Lee M, Wang H. IoT data feature extrac-tion and intrusion detection system for smart cities based on deep migration learning[J]. International Journal of Information Management, 2019, 49:533-545.
doi: 10.1016/j.ijinfomgt.2019.04.006 |
[58] | Servin A., Kudenko D. Multi-agent Reinforcement Learning for Intrusion Detection[C]. In: Proceedings of the 7th European Symposium on Adaptive Agents and Multi-Agent Systems, 2007: 211-223. |
[1] | 许淞源,刘峰. ESDRec:一种面向地球大数据平台的数据推荐模型[J]. 数据与计算发展前沿, 2023, 5(1): 55-64. |
[2] | 赵忠斌,蔡满春,芦天亮. 融合多头注意力机制的网络恶意流量检测[J]. 数据与计算发展前沿, 2022, 4(5): 60-67. |
[3] | 许波,姜政伟,辛丽玲,周宇飞. 基于特征工程与威胁情报的Webshell检测方法研究[J]. 数据与计算发展前沿, 2022, 4(5): 77-86. |
[4] | 危婷,张宏海,蔺小丽,张蕾蕾,王妍,贾金峰. 云服务网站用户复访行为预测模型研究[J]. 数据与计算发展前沿, 2022, 4(3): 124-130. |
[5] | 孙永谦,张茹茹,林子涵,张圣林,谭智元,张玉志. KPI异常检测方法评估[J]. 数据与计算发展前沿, 2022, 4(3): 46-65. |
[6] | 陈琼,杨咏,黄天林,冯媛. 小样本图像语义分割综述[J]. 数据与计算发展前沿, 2021, 3(6): 17-34. |
[7] | 蒲晓蓉,黄佳欣,刘军池,孙家瑜,罗纪翔,赵越,陈柯成,任亚洲. 面向临床需求的CT图像降噪综述[J]. 数据与计算发展前沿, 2021, 3(6): 35-49. |
[8] | 何涛,王桂芳,马廷灿. 基于词嵌入语义异常的跨学科研究内容发现方法[J]. 数据与计算发展前沿, 2021, 3(6): 50-59. |
[9] | 张怡宁,何洪波,王闰强. 热门数字音频预测技术综述[J]. 数据与计算发展前沿, 2021, 3(4): 81-92. |
[10] | 蒲剑苏,朱正国,邵慧,高博洋,朱焱麟,闫宗楷,向勇. 基于可视化的固态电解质材料机器学习筛选与预测[J]. 数据与计算发展前沿, 2021, 3(4): 18-29. |
[11] | 张舒莹,韩鑫胤,何小雨,袁丹阳,栾海晶,李瑞琳,何佳茵,牛北方. 基于机器学习的基因组微卫星状态探测方法综述[J]. 数据与计算发展前沿, 2021, 3(3): 126-135. |
[12] | 陈子健,李俊,岳兆娟,赵泽方. 基于自编码器与属性信息的混合推荐模型[J]. 数据与计算发展前沿, 2021, 3(3): 148-155. |
[13] | 李序,连一峰,张海霞,黄克振. 网络安全知识图谱关键技术[J]. 数据与计算发展前沿, 2021, 3(3): 9-18. |
[14] | 郭佳龙,王宗国,王彦棡,赵旭山,宿彦京,刘志威. 基于计算机技术的材料研发方法概述[J]. 数据与计算发展前沿, 2021, 3(2): 120-132. |
[15] | 赵伟昱,张宏海,仲波. 基于深度学习的遥感影像地块分割方法[J]. 数据与计算发展前沿, 2021, 3(2): 133-141. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||