摘要
入侵检测是主动防御网络中攻击行为的技术,以往入侵检测模型因正常网络流量与未知攻击内在特征区分度不足,导致对未知攻击识别率不够高,本文设计基于判别条件变分自编码器与密度峰值聚类算法的入侵检测模型(DCVAE-DPC).利用判别条件变分自编码器能够生成指定类别样本的能力,学习正常网络流量特征的隐空间表示并计算其重建误差,增加其与未知攻击间的特征区分度,并使用密度峰值聚类算法求出正常网络流量重建误差的分布,提高未知攻击识别率.实验结果表明,在NSL-KDD数据集中与当前流行的入侵检测模型相比,模型的分类准确率可以达到97.08%,具有更高的未知攻击检测能力,面对当前复杂网络环境,有更强的入侵检测性能.
Intrusion detection is a technology that actively defends malicious attacks in the network.In the past,intrusion detection model had an insufficient recognition rate of unknown attack because of the insufficient feature discrimination between normal network traffics and unknown attacks.In this paper,an intrusion detection model(DCVAE-DPC)based on discriminative conditional variational autoencoder and density peak clustering algorithm is designed.Using the ability of discriminative conditional variational autoencoder to generate samples of specific categories,learn the latent space representation of normal network traffic features and calculate their reconstruction errors,increase the feature discrimination between normal network traffics and unknown attacks,and then use density peak clustering algorithm to find the distribution of the reconstruction errors of normal network traffic and improve the recognition rate of unknown attacks.The experimental results show that in NSL-KDD dataset,compared with the state-of-art intrusion detection system,the classification accuracy of the model can reach 97.08%,and it has higher unknown attacks detection ability.Facing current complex network environment,it has higher intrusion detection performance.
作者
李登辉
葛丽娜
王哲
樊景威
张壕
LI Denghui;GE Lina;WANG Zhe;FAN Jingwei;ZHANG Hao(School of Artificial Intelligence,Guangxi Minzu University,Nanning 530006,China;Guangxi Key Laboratory of Hybrid Computation and IC Design Analysis,Nanning 530006,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2024年第4期998-1006,共9页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(61862007)资助
广西自然科学基金项目(t 2020GXNSFBA297103)资助.
关键词
入侵检测
判别条件变分自编码器
密度峰值聚类算法
未知攻击识别
细粒度攻击分类
intrusion detection
discriminative conditional variational autoencoder
density peak clustering algorithm
identifying unknown type attacks
fine-grained attack classification