北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2021, Vol. 44 ›› Issue (5): 94-100.doi: 10.13190/j.jbupt.2021-007

• 研究报告 • 上一篇    下一篇

基于内外卷积网络的网络入侵检测

王艺霏1, 莫爽2, 吴文睿2, 范少华2, 肖丁2   

  1. 1. 国网冀北电力有限公司信息通信分公司, 北京 100054;
    2. 北京邮电大学 计算机学院(国家示范性软件学院), 北京 100876
  • 收稿日期:2021-07-07 出版日期:2021-10-28 发布日期:2021-09-06
  • 通讯作者: 肖丁(1966-),男,讲师,dxiao@bupt.edu.cn. E-mail:dxiao@bupt.edu.cn
  • 作者简介:王艺霏(1988-),女,工程师.
  • 基金资助:
    基于全业务统一数据中心的数据融合及可视化关键技术研究项目(52018E18006N)

Internal-External Convolutional Networks for Network Intrusion Detection

WANG Yi-fei1, MO Shuang2, WU Wen-rui2, FAN Shao-hua2, XIAO Ding2   

  1. 1. State Grid Jibei Information and Telecommunication Company, Beijing 100054, China;
    2. School of Computer Science (National Pilot Software Engineering School), Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:2021-07-07 Online:2021-10-28 Published:2021-09-06

摘要: 网络入侵检测通过分析流量特征来区分正常和异常的网络行为以实现入侵流量的检测,是网络安全领域的重要研究课题.针对已有入侵检测模型特征提取过程复杂、信息提取不足等问题,提出了一种基于内外卷积网络的入侵检测模型.首先使用一维卷积神经网络提取流量数据的内部特征,然后通过对内部特征计算相似度建模得到无向同质图,此外将流量在外部网络侧的通信行为建模为有向异质图,并对两图使用图卷积网络学习包含网络流量多种交互行为的嵌入向量,最后将学习到的流量嵌入向量输入到分类器中用于最终的分类.实验结果表明,所提模型的检测准确率和误报率均优于对比模型.

关键词: 入侵检测, 深度学习, 图卷积网络, 卷积神经网络

Abstract: Network intrusion detection is an important research topic in the field of network security which is used to distinguish normal and abnormal network behaviors by analyzing traffic characteristics to realize intrusion traffic detection. To solve the problems of the complex feature extraction process,and insufficient information extraction in existing intrusion detection models,an intrusion detection model based on internal and external convolutional networks is proposed. Firstly,an one-dimensional convolutional neural network is used to extract the internal features of the traffic data. Then, an undirected homogeneous graph is obtained by calculating the similarity of the internal features. In addition the communication behavior of the traffic on the external network side is modeled as a directed heterogeneous graph,and graph convolutional network is used to learn embedding containing multiple interactive behaviors of network traffic from two graghs. Finally, the learned flow embedding is input into the classifier for final classification. Experimental results show that compared with existing methods,the detection accuracy and false alarm rate of the proposed model are better than those of the compared models.

Key words: intrusion detection, deep learning, graph convolutional network, convolutional neural network

中图分类号: