【作者】 王杰；

【导师】 林云；

【作者基本信息】 哈尔滨工程大学 ， 信息与通信工程， 2020， 硕士

【摘要】 互联网科技的飞速发展,极大地改变了人们的生活,促进了社会的进步。随着“互联网+”战略的推进以及“AIo T”概念和应用的成熟,互联网相关的设备和技术也逐步融入到各行各业。然而,网络入侵行为日益复杂化,攻击手段更加多样化,网络安全问题得到了更多的关注。入侵检测是网络安全防护中的一个重要手段,能够主动对网络中潜在的入侵行为进行检测。但传统入侵检测系统已然无法应对当前复杂的网络环境,逐渐出现了包括较低的检测准确率、实时性差、自适应能力不足在内的诸多问题。为了提升检测准确率,减少漏检和错检的情况,本课题提出了基于循环神经网络和注意力机制的有线网络入侵检测方法,主要内容如下:(1)研究了一种堆叠稀疏自动编码器-循环神经网络检测模型。针对网络流量数据维度高、特征冗余等问题,利用堆叠稀疏自动编码器降低数据维度,通过稀疏性表达提升模型泛化能力。然后,利用不同的循环神经单元变体对降维数据进行处理,研究了在不同时间步下不同模型性能的差异。在UNSW-NB15数据集上,8个时间步的双向门控循环单元网络方法的检测准确率达到了98.17%,要优于基于梯度提升树、深度前馈神经网络等主流检测模型,相比于经典的双向长短时记忆网络提升了2.46%,证明了所提模型的有效性和前沿性。(2)研究了一种基于分层注意力机制的入侵检测模型。基于前文研究,选用了门控循环单元,在其基础之上增加了特征级注意力层和切片级注意力层。其中,特征级注意力机制有助于解决样本中不同特征贡献度的问题,切片级注意力则能有效利用多个时间步数据。在UNSW-NB15数据集上,该分层注意力机制检测模型的检测准确率在10个时间步时达到了98.76%,优于自动编码器、深度前馈神经网络和单类支持向量机等主流方法,相比于经典的双向长短时记忆网络提升了3.05%。(3)利用注意力概率对特征和时间步权重进行了可视化工作。当前流量在进行入侵检测时,对不同特征和不同时间步数据的权重进行了可视化分析,有助于加深对数据的理解和掌握。综上所述,本课题采用了基于循环神经网络和注意力机制的有线网络入侵检测方法,提升了入侵检测的准确率,具有十分重要的意义。更多还原

【Abstract】 The rapid development of Internet technology has greatly changed people’s lives and promoted social progress.In addition,under the strategy of the "Internet Plus",Internet-related equipment and technologies have gradually been integrated into different fields.However,the use of new technologies to conduct intrusion attacks has become increasingly complex and diversified,resulting in network security issues more and more serious.Intrusion Detection System is a powerful tool for network security protection,and can actively detect potential intrusions in the network.Unfortunately,traditional intrusion detection systems cannot effectively deal with the current complex network environment.Problems that are gradually exposed including the low detection accuracy,high latency,and poor adaptability.An intrusion detection model with excellent performance is an urgent need.This paper intends to build an intrusion detection model based on deep recurrent neural network and attention mechanism.The main contents are as follows:(1)An SSAE-RNN intrusion detection model is presented.In order to solve the problem of high dimension of data,the Stacked Sparse Autoencoder(SSAE)was applied for data preprocessing.After that,different recurrent neuron variants were adopted for further feature extraction.And the influence of different timesteps was studied.Experiments are conducted on the UNSW-NB15 dataset and the detection accuracy of our SSAE-RNN model can reach 98.17%,which is 2.46% improvement over traditional Bi LSTM network.Besides,the proposed model is better than than mainstream detection models such as gradient boosted trees and deep feedforward neural networks,which proved the effectiveness and cutting-edge of the proposed model.(2)With the help of former experiments,the Bi GRU could be a proper baseline model for further research.The attention mechanism is introduced to the former model and an intrusion detection model named HABG was built based on hierarchical attention mechanism.Two different kinds of attention mechanism are adopted,where the feature-based attention can help make sense of contribution of different features and the slice-based attention can help to make good use of different data at different timesteps.As a result,HABG model can reach 98.76% of detection accuracy rate on the UNSW-NB15 dataset with an improvement of 3.05% over the traditional Bi LSTM model.Besides,the HABG outperforms than the mainstream methods such as autoencoder,GBT,and OCSVM.(3)Visualization of attention probability is finished.With the help of feature-based and slice-based attention mechanism,the attention probabilities are plot on a map,which shows the different contribution of features and the different importance of each timestep.Visualization analysis can help to better understand the characteristic of features and make good use of data.All in all,the work in this paper is of great meaning for the current intrusion detection problem.Based on deep recurrent neural network and attention mechanism,the proposed approaches can strengthen the ability to detect anomaly traffic data.更多还原