Frontiers of Data and Computing ›› 2021, Vol. 3 ›› Issue (3): 59-74.
doi: 10.11871/jfdc.issn.2096-742X.2021.03.006
• Special Issue: Communication and Security of Network • Previous Articles Next Articles
XIAO Jianping1,2(),LONG Chun1,2,*(),ZHAO Jing1(),WEI Jinxia1(),HU Anlei3(),DU Guanyao1,2()
Received:
2021-05-09
Online:
2021-06-20
Published:
2021-07-09
Contact:
LONG Chun
E-mail:xiaojianping@cnic.cn;anquanip@cnic.cn;weijinxia@cnic.cn;huanlei@cnnic.cn;duguanyao@cnic.cn
XIAO Jianping,LONG Chun,ZHAO Jing,WEI Jinxia,HU Anlei,DU Guanyao. A Survey on Network Intrusion Detection Based on Deep Learning[J]. Frontiers of Data and Computing, 2021, 3(3): 59-74.
Table 1
Intrusion detection based on traditional machine learning"
文献 | 传统机器 学习方法 | 数据处 理方法 | 特征选 择/提取 | 数据集 | 任务 类别 | 性能评价 |
---|---|---|---|---|---|---|
[ | HMM | \ | 序列采样 | 公共和私有数据集 | 多分类 | \ |
[ | HMM、PCA | 数据传输、数据归一化和特征提取 | \ | Kyoto 2006+ | 二分类 | Precision:98.3%、ACC:99.1%、Recall:95.1% |
[ | KNN、树种子算法(TSA) | 数据归一化 | KNN-TSA | KDD 99 | 二分类 | ACC: 87.34% |
[ | KNN、SVM | 数据缩减、攻击类别转换、数据标准化 | NBFS | KDD 99、NSL-KDD 、Kyoto 2006+ | 多分类 | DR:KDD 99:94.58%(DOS)、93.25%(R2L)、92.02%(U2R)、91.12%(Probe);NSL-KDD:95.77%(DOS)、95.60%(R2L)、94.85%(U2R)、94.21%(Probe); Kyoto2006+:94.97%(DOS)、94.81%(R2L)、93.93%(U2R)、93.87%(Probe) |
[ | SVM | 零-均值规范化 | 压缩采样 | KDD 99 | 多分类 | DR: 99.01%(R2L)、98.39%(Dos)、FPR:1.13%(U2R)、0.94%(R2L) |
[ | PCA、SVM | 数据数值化、线性比例变换法 | PCA | KDD 99 | 多分类 | ACC:99.93%(DoS)、98.6%(Probe) DR:96.92%(all)、97.50%(R2L) |
[ | k-means、SVM | 对数缩放 | \ | KDD 99 | 多分类 | ACC:95.75% DR:99.53%(Dos)、31.39%(R2L) |
[ | GMM | \ | \ | NSL-KDD | 二分类 | ACC:94.28% 、DR:97.21%、 FAR:8.59% |
[ | PCA、IG、k-means | \ | k-means、信息增益率 | NSL-KDD | 二分类 | ACC:90.48%、DR:89.01%、FAR:2.45% |
Table 2
Intrusion detection based on deep learning"
文献 | 深度学习 方法 | 数据预处理方法 | 特征选择方法 | 数据集 | 任务类别 | 性能评价 |
---|---|---|---|---|---|---|
[ | RNN | 特征数值化和数值归一化 | RNN | NSL-KDD | 多分类 | 整体ACC:99.16%,整体FAR:0.34% |
[ | BLSTMRNN | 手动提取攻击类型 | \ | UNSW-NB15 | 二分类 | ACC: 95.71%、Recall : 96%、f1-score: 98% |
[ | NDAE | 特征数值化和数值归一化 | NDAE | KDD99 | 多分类 | 整体ACC: 97.85%、Recall : 97.85%、f1-score: 98.15% |
[ | DRBM | One-hot编码 | \ | KDD99 | 二分类 | ACC:95% |
[ | DBN、GA | Min-Max正则化 | GA | NSL-KDD | 多分类 | ACC: 99.37%(Probe) 99.45%(DoS)、98.68%(U2R)、97.78%(R2L) Recall: 99.4%(Probe)、99.7%(DoS)、98.2%(U2R)、93.4%(R2L) |
[ | CNN、AE | One-hot编码Min-Max 正则化 | PCA、AE、CNN | KDD 99 | 多分类 | ACC: 94%、DR: 93%、FAR: 0.5% |
[ | CNN | One-hot编码Min-Max正则化 | \ | NSL-KDD | 多分类 | ACC: KDDTest+79.48% KDDTest-21 60.71% |
[ | GAN | \ | \ | ADFA-LD | 二分类 | F-meaure: 41.64%、AUC: 71.30% |
[1] | 2020年上半年我国互联网网络安全监测数据分析报告[EB/OL]. 国家互联网应急中心CNCERT.[2021-05-08]. https://www.cert.org.cn/publish/main/upload/File/2020Report(2).pdf. |
[2] | Anderson JP. Computer security threat monitoring and surveillance[R]. Technical report, James P. Anderson Company, 1980. |
[3] | Denning D.E. An Intrusion-Detection Model[J]. IEEE Transactions on Software Engineering, 1987, 13(2):222-232. |
[4] | Lin Y., Zhang Y., Ou Y. The Design and Implementation of Host-Based Intrusion Detection System[C]. In: Pro-ceedings of the 2010 Third International Symposium on Intelligent Information Technology and Security Infor-matics, 2010:595-598. |
[5] |
Hamed T., Dara R., Kremer S.C. Network intrusion detection system based on recursive feature addition and bigram technique[J]. Computers & Security, 2018, 73:137-155.
doi: 10.1016/j.cose.2017.10.011 |
[6] | Lippmann R., Haines J.W., Fried D.J., et al. Evaluating intrusion detection systems: The 1998 DARPA offline intrusion detection evaluation[C]. IEEE DARPA Inf. Surviv. Conf. Expo., 2000: 12-26. |
[7] | University of California Irvine, KDD repository. Stolfo S. J., KDD Cup 1999 Data Set, http://kdd.ics.uci.edu, Jun. 2014. |
[8] | Tavallaee M., Bagheri E., Lu W., Ghorbani AA. A detailed analysis of the KDD CUP 99 data set[C]. 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009. 1-6. |
[9] |
Shiravi A., Shiravi H., Tavallaee M., Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection[J]. Computers & Security, 2012, 31(3):357-374.
doi: 10.1016/j.cose.2011.12.012 |
[10] | Moustafa N., Slay J. UNSW-NB15: A Comprehensive Data set for Network Intrusion Detection systems (UNSW-NB15 Network Data Set)[C]. Military Communications and Information Systems Conference (MilCIS), 2015: 1-6. |
[11] | Sharafaldin I., Lashkari A.H., Ghorbani A.A. Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, 2018: 108-116. |
[12] |
Ariu D., Tronci R., Giacinto G. HMMPayl: An intrusion detection system based on Hidden Markov Models[J]. Computers & Security, 2011, 30(4):221-241.
doi: 10.1016/j.cose.2010.12.004 |
[13] | Xiao L., Wang H. Network Intrusion Detection Based on Hidden Markov Model and Conditional Entropy[J]. Information Sciences, 2019:509-519. |
[14] |
Liang J.W., Ma M.D., Sadiq M., Yeung K.H. A filter model for intrusion detection system in Vehicle Ad Hoc Networks: A hidden Markov methodology[J]. Knowledge-Based Systems, 2019, 163:611-623.
doi: 10.1016/j.knosys.2018.09.022 |
[15] | Chen F., Ye Z., Wang C., Yan L., Wang R. A Feature Selection Approach for Network Intrusion Detection Based on Tree-Seed Algorithm and K-Nearest Neighbor[C]. In: Proceedings of the 2018 IEEE 4th International Sym-posium on Wireless Systems within the International Conferences on Intelligent Data Acquisition and Advanced Computing Systems, 2018: 68-72. |
[16] |
Saleh A.I., Talaat F.M., Labib L.M. A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers[J]. Artificial Intelligence Review, 2019, 51(3):403-443.
doi: 10.1007/s10462-017-9567-1 |
[17] | Chen S., Peng M., Xiong H., Yu X. SVM Intrusion Detection Model Based on Compressed Sampling[J]. Journal of Electrical and Computer Engineering, 2016, 2016:1-6. |
[18] | 戚名钰, 刘铭, 傅彦铭. 基于PCA的SVM网络入侵检测研究[J]. 信息网络安全, 2015, (02):15-18. |
[19] |
Wang H.W., Gu J., Wang S.S. An effective intrusion detection framework based on SVM with feature augmen-tation[J]. Knowledge-Based Systems, 2017, 136:130-139.
doi: 10.1016/j.knosys.2017.09.014 |
[20] | Aung Y.Y., Min M.M. Hybrid Intrusion Detection System using K-means and Classification and Regression Trees Algorithms[C]. In: Proceedings of the 2018 IEEE/ACIS 16th International Conference on Software Engineering Research, Management and Application, 2018: 195-199. |
[21] |
Al-Yaseen W.L., Othman Z.A., Nazri M.Z.A. Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system[J]. Expert Systems with Applications, 2017, 67:296-303.
doi: 10.1016/j.eswa.2016.09.041 |
[22] | Bitaab M., Hashemi S. Hybrid Intrusion Detection: Combining Decision Tree and Gaussian Mixture Model[C]. In: Proceedings of the 2017 14th International ISC (Iranian Society of Cryptology) Conference on Informa-tion Security and Cryptology (ISCISC), 2017: 8-12. |
[23] |
Chapaneri R., Shah S. Multi-level Gaussian mixture modeling for detection of malicious network traffic[J]. Journal of Supercomputing, 2021, 77(5):4618-4638.
doi: 10.1007/s11227-020-03447-z |
[24] |
De La Hoz E., Ortiz A., Ortega J., Prieto B. PCA filtering and probabilistic SOM for network intrusion detection[J]. Neurocomputing, 2015, 164:71-81.
doi: 10.1016/j.neucom.2014.09.083 |
[25] | 许勐璠, 李兴华, 刘海, 钟成, 马建峰. 基于半监督学习和信息增益率的入侵检测方案[J]. 计算机研究与发展, 2017, 54(10):2255-2267. |
[26] |
Yao H.P., Fu D.Y., Zhang P.Y., Li M.Z., Liu Y.J. MSML: A Novel Multilevel Semi-Supervised Machine Learning Framework for Intrusion Detection System[J]. IEEE Internet of Things Journal, 2019, 6(2):1949-1959.
doi: 10.1109/JIoT.6488907 |
[27] |
LeCun Y., Bengio Y., Hinton G. Deep learning[J]. Nature, 2015, 521(7553):436-444.
doi: 10.1038/nature14539 pmid: 26017442 |
[28] | Deng L., Yu D. Deep Learning: Methods and Applications[J]. Found Trends Signal Process, 2014, 7(3-4):197-387. |
[29] | Tang T.A., Mhamdi L., McLernon D., Zaidi S.A.R., Ghogho M. Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks[C]. In: Proceedings of the 2018 4th IEEE Conference on Network Softwari-zation and Workshops (NetSoft), 2018: 202-206. |
[30] | Suda H., Natsui M., Hanyu T. Systematic Intrusion Detection Technique for an In-vehicle Network Based on Time-Series Feature Extraction. In: Proceedings of the 2018 IEEE 48th International Symposium on Multiple-Valued Logic (ISMVL), 2018: 56-61. |
[31] | 燕昺昊, 韩国栋. 基于深度循环神经网络和改进SMOTE算法的组合式入侵检测模型[J]. 网络与信息安全学报, 2018, 4(07):48-59. |
[32] |
Hochreiter S., Schmidhuber J. Long short-term memory[J]. Neural Computation, 1997, 9(8):1735-1780.
pmid: 9377276 |
[33] |
Hou H.X., Xu Y.Y., Chen M.H., Liu Z., Guo W., Gao M.C., et al. Hierarchical Long Short-Term Memory Network for Cyberattack Detection[J]. IEEE Access, 2020, 8:90907-90913.
doi: 10.1109/Access.6287639 |
[34] | Roy B., Cheung H. A Deep Learning Approach for Intrusion Detection in Internet of Things using Bi-Directional Long Short-Term Memory Recurrent Neural Network[C]. In: Proceedings of the 2018 28th International Telecommunication Networks and Applications Confer-ence, 2018: 57-62. |
[35] |
Xu C., Shen J., Du X., Zhang F. An Intrusion Detection System Using a Deep Neural Network With Gated Recurrent Units[J]. IEEE Access, 2018, 6:48697-48707.
doi: 10.1109/ACCESS.2018.2867564 |
[36] | Shone N., Ngoc T.N., Phai V.D., Shi Q. A Deep Learning Approach to Network Intrusion Detection[J]. IEEE Trans-actions on Emerging Topics in Computational Intelligence, 2018, 2(1):41-50. |
[37] |
Li X.K., Chen W., Zhang Q.R., Wu L.F. Building Auto-Encoder Intrusion Detection System based on random forest feature selection[J]. Computers & Security, 2020, 95:101851.
doi: 10.1016/j.cose.2020.101851 |
[38] | Vartouni A.M., Kashi S.S., Teshnehlab M. An Anomaly Detection Method to Detect Web Attacks Using Stacked Auto-Encoder[C]. In: Proceedings of the 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems, 2018: 131-134. |
[39] | Farahnakian F., Heikkonen J. A Deep Auto-Encoder based Approach for Intrusion Detection System[C]. In: Proceedings of the 2018 20th International Conference on Advanced Communication Technology, 2018: 178-183. |
[40] |
Yang Y.Q., Zheng K.F., Wu B., Yang Y.X., Wang X.J. Network Intrusion Detection Based on Supervised Adversarial Variational Auto-Encoder With Regulariza-tion[J]. IEEE Access, 2020, 8:42169-42184.
doi: 10.1109/Access.6287639 |
[41] |
Fiore U., Palmieri F., Castiglione A., De Santis A. Net-work anomaly detection with the restricted Boltzmann machine[J]. Neurocomputing, 2013, 122:13-23.
doi: 10.1016/j.neucom.2012.11.050 |
[42] |
Aldwairi T., Perera D., Novotny M.A. An evaluation of the performance of Restricted Boltzmann Machines as a model for anomaly network intrusion detection[J]. Computer Networks, 2018, 144:111-119.
doi: 10.1016/j.comnet.2018.07.025 |
[43] | Elsaeidy A., Munasinghe K.S., Sharma D., Jamalipour A. Intrusion detection in smart cities using Restricted Boltzmann Machines[J]. Journal of Network and Com-puter Applications, 2019, 135:76-83. |
[44] | Gao N., Gao L., Gao Q., Wang H. An Intrusion Detection Model Based on Deep Belief Networks[C]. In: Proceedings of the 2014 Second International Conference on Advanced Cloud and Big Data, 2014: 247-252. |
[45] |
Zhang Y., Li P.S., Wang X.H. Intrusion Detection for IoT Based on Improved Genetic Algorithm and Deep Belief Network[J]. IEEE Access, 2019, 7:31711-31722.
doi: 10.1109/ACCESS.2019.2903723 |
[46] |
Xiao Y.H., Xing C., Zhang T.N., Zhao Z.K. An Intrusion Detection Model Based on Feature Reduction and Convolutional Neural Networks[J]. IEEE Access, 2019, 7:42210-42219.
doi: 10.1109/Access.6287639 |
[47] |
Naseer S., Saleem Y., Khalid S., Bashir M.K., Han J.H, Iqbal M.M., et al. Enhanced Network Anomaly Detection Based on Deep Neural Networks[J]. IEEE Access, 2018, 6:48231-48246.
doi: 10.1109/ACCESS.2018.2863036 |
[48] |
Wu KH, Chen ZG, Li W. A Novel Intrusion Detection Model for a Massive Network Using Convolutional Neural Networks[J]. IEEE Access, 2018, 6:50850-50859.
doi: 10.1109/ACCESS.2018.2868993 |
[49] | Blanco R., Malagón P., Cilla J.J., Moya J.M. Multiclass Network Attack Classifier Using CNN Tuned with Genetic Algorithms[C]. In: Proceedings of the 2018 28th International Symposium on Power and Timing Modeling, Optimization and Simulation (PATMOS), 2018: 177-182. |
[50] | 张阳玉, 吕光宏, 李鹏飞. SDN网络入侵检测系统的深度学习方法综述[J]. 计算机应用, 2019, 39(S2):147-151. |
[51] | Goodfellow I., Pouget-Abadie J., Mirza M., Xu B., Warde-Farley D., Ozair S., et al. Generative Adversarial Nets[C]. Advances in Neural Information Processing Systems, 2014: 2672-2680. |
[52] | Salem M., Taheri S., Yuan J.S. Anomaly Generation Using Generative Adversarial Networks in Host-Based Intrusion Detection[C]. In: Proceedings of the 2018 9th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), 2018: 683-687. |
[53] | Lin Z., Shi Y., Xue Z. IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection[J]. ArXiv Preprint ArXiv: 1809. 02077, 2018. |
[54] | Usama M., Asim M., Latif S., Qadir J., Ala Al F. Gen-erative Adversarial Networks For Launching and Th-warting Adversarial Attacks on Network Intrusion Detec-tion Systems[C]. In: Proceedings of the 2019 15th International Wireless Communications & Mobile Computing Confer-ence, 2019: 78-83. |
[55] | Javaid A, Niyaz Q, Sun W, Alam M. A Deep Learning Approach for Network Intrusion Detection System[J]. EAI Endorsed Transactions on Security and Safety, 2016, 3(9):21-26. |
[56] | Cordero CG, Hauke S, Mühlhäuser M, Fischer M. Analyzing flow-based anomaly intrusion detection using Replicator Neural Networks[C]. In: Proceedings of the 2016 14th Annual Conference on Privacy, Security and Trust (PST), 2016: 317-324. |
[57] |
Li D, Deng L, Lee M, Wang H. IoT data feature extrac-tion and intrusion detection system for smart cities based on deep migration learning[J]. International Journal of Information Management, 2019, 49:533-545.
doi: 10.1016/j.ijinfomgt.2019.04.006 |
[58] | Servin A., Kudenko D. Multi-agent Reinforcement Learning for Intrusion Detection[C]. In: Proceedings of the 7th European Symposium on Adaptive Agents and Multi-Agent Systems, 2007: 211-223. |
[1] | XU Songyuan,LIU Feng. ESDRec: A Data Recommendation Model for Earth Big Data Platform [J]. Frontiers of Data and Computing, 2023, 5(1): 55-64. |
[2] | ZHAO Zhongbin,CAI Manchun,LU Tianliang. Network Malicious Traffic Detection Incorporating Multi-Head Attention Mechanism [J]. Frontiers of Data and Computing, 2022, 4(5): 60-67. |
[3] | WEI Ting,ZHANG Honghai,LIN Xiaoli,ZHANG Leilei,WANG Yan,JIA Jinfeng. Predictive Model of the Revisit Behavior of Cloud Service Site Users [J]. Frontiers of Data and Computing, 2022, 4(3): 124-130. |
[4] | SUN Yongqian,ZHANG Ruru,LIN Zihan,ZHANG Shenglin,TAN Zhiyuan,ZHANG Yuzhi. Evaluation of KPI Anomaly Detection Methods [J]. Frontiers of Data and Computing, 2022, 4(3): 46-65. |
[5] | CHEN Qiong,YANG Yong,HUANG Tianlin,FENG Yuan. A Survey on Few-Shot Image Semantic Segmentation [J]. Frontiers of Data and Computing, 2021, 3(6): 17-34. |
[6] | PU Xiaorong,HUANG Jiaxin,LIU Junchi,SUN Jiayu,LUO Jixiang,ZHAO Yue,CHEN Kecheng,REN Yazhou. A Survey on Clinical Oriented CT Image Denoising [J]. Frontiers of Data and Computing, 2021, 3(6): 35-49. |
[7] | HE Tao,WANG Guifang,MA Tingcan. Discovering Interdisciplinary Research Based on Word Embedding [J]. Frontiers of Data and Computing, 2021, 3(6): 50-59. |
[8] | ZHANG Yining,HE Hongbo,WANG Runqiang. A Survey on Popular Digital Audio Prediction Techniques [J]. Frontiers of Data and Computing, 2021, 3(4): 81-92. |
[9] | PU Jiansu,ZHU Zhengguo,SHAO Hui,GAO Boyang,ZHU Yanlin,YAN Zongkai,XIANG Yong. Screening and Predication of Solid Electrolyte Based on Visualization [J]. Frontiers of Data and Computing, 2021, 3(4): 18-29. |
[10] | ZHANG Shuying,HAN Xinyin,HE Xiaoyu,YUAN Danyang,LUAN Haijing,LI Ruilin,HE Jiayin,NIU Beifang. Review of Genomic Microsatellite Status Detection Based on Machine Learning [J]. Frontiers of Data and Computing, 2021, 3(3): 126-135. |
[11] | CHEN Zijian,LI Jun,YUE Zhaojuan,ZHAO Zefang. Hybrid Recommendation Model Based on Autoencoder and Attribute Information [J]. Frontiers of Data and Computing, 2021, 3(3): 148-155. |
[12] | LI Xu,LIAN Yifeng,ZHANG Haixia,HUANG kezhen. Key Technologies of Cyber Security Knowledge Graph [J]. Frontiers of Data and Computing, 2021, 3(3): 9-18. |
[13] | GUO Jialong,WANG Zongguo,WANG Yangang,ZHAO Xushan,SU Yanjing,LIU Zhiwei. A Review of Material Research and Development Methods Based on Computer Technology [J]. Frontiers of Data and Computing, 2021, 3(2): 120-132. |
[14] | ZHAO Weiyu,ZHANG Honghai,ZHONG Bo. A Deep Learning Based Method for Remote Sensing Image Parcel Segmentation [J]. Frontiers of Data and Computing, 2021, 3(2): 133-141. |
[15] | SHEN Biao,CHEN Yang,YANG Chen,LIU Bowen. Computer Vision Detection and Analysis of Mesoscale Eddies in Marine Science [J]. Frontiers of Data and Computing, 2020, 2(6): 30-41. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||