【摘要】 为使得网络入侵检测模型在不破坏已学样本知识的情况下,具有对新增网络流量数据自适应学习的能力,提出一种基于增量式多核卷积神经网络的(iMSCNN)的入侵检测方法。该方法首先完成多核卷积神经网络(MSCNN)模型的训练,实现对原始网络流量数据局部特征的提取与拼接;然后,对模型进行受控处理,冻结受控单元中参数的更新;接着,为模型中每个卷积层设置线性转化器(LC)作为增量学习过程中的可训练参数,通过线性转化器中较少的参数完成对新增网络流量的学习,实现入侵检测模型的更新;最后,利用所得的增量式入侵检测模型完成对异常网络流量的识别与检测。实验结果验证了此入侵检测方法的有效性,表明此增量式卷积神经网络模型能够保留所学旧知识的同时,提高学习新增知识的效率。更多还原

【Abstract】 In order to make the network intrusion detection model have the ability of self-adaptive learning for new network traffic data without destroying the learned performance,this paper proposed an intrusion detection method based on incremental Multi-Scale Convolution Neural Network(iMSCNN). Firstly,by training the parameters in the Multi-Scale Convolution Neural Network(MSCNN)model,the local features of the original network traffic data were extracted and spliced. Then the model was controlled,and the update of parameters in the controlled element was frozen. Next,the Linear Converter(LC)was set for each convolution layer as the trainable parameter in the incremental learning process,and the new network traffic was learned by the fewer parameters in the LC,so that the intrusion detection model was updated.Finally,the abnormal network traffic was identified and detected by the iMSCNN intrusion detection model. The experimental results verify the effectiveness of the proposed method,and show that this incremental intrusion detection method can retain the performance to learned knowledge and improve the efficiency of learning new knowledge.更多还原