基于Focal Loss和卷积神经网络的入侵检测

摘要/Abstract

摘要： 入侵检测是信息安全防护领域中的一个重要环节。随着网络技术的发展，主动防御网络入侵变得越来越重要，同时入侵数据变得更加海量、复杂和不平衡，这导致传统的入侵检测技术的检测性能比较低，因此如何提高入侵检测系统的性能对于不平衡数据集的检测性能是一项巨大的挑战。传统的CNN模型对于处理复杂的数据具有很好的性能，但是在处理不平衡数据集上的效果不是很好。为了解决这个问题，提出一种基于Focal Loss和卷积神经网络的入侵检测方法。与传统的卷积神经网络不同，该模型利用Focal Loss损失函数来解决数据不平衡问题，并在卷积层加入正则化方法（DropBlock）用来提高模型的泛化能力。采用KDD 99数据集进行的实验表明，该模型入侵检测的准确率和精确率比传统的入侵检测模型有所提高。

关键词: 入侵检测, 网络安全, 卷积神经网络, 正则化, 不平衡数据集, Focal Loss

Abstract: Intrusion detection is an important link in the field of information security protection. With the development of network technology, the active defense against network intrusions becomes more and more important, and intrusion data becomes more massive, complex, and unbalanced, which leads to the detection performance of the traditional intrusion detection technology is relatively low, so how to improve the detection performance of the intrusion detection system for unbalanced data sets is a huge challenge. The traditional CNN model has a good performance for processing complex data, but its effect of dealing with imbalanced data set is not very good. In order to solve this problem, an intrusion detection method based on Focal Loss and convolutional neural network is proposed. Different from traditional convolutional neural network, this model uses the Focal Loss function to solve the data imbalance problem, and in the convolutional layer, a regularization method (DropBlock) is added to improve the generalization ability of the model. Experiments of using KDD 99 data set show that the accuracy and precision of intrusion detection of this model are improved compared with the traditional intrusion detection model.

Key words: intrusion detection, network security, convolutional neural network, regularization, imbalanced data set, Focal Loss

闫芮铵, 张立臣. 基于Focal Loss和卷积神经网络的入侵检测[J]. 计算机与现代化, 2021, 0(01): 65-69.

YAN Rui-an, ZHANG Li-chen. Intrusion Detection Based on Focal Loss and Convolutional Neural Network[J]. Computer and Modernization, 2021, 0(01): 65-69.

参考文献［25］

［1］	池亚平,凌志婷,王志强,等. 基于支持向量机与Adaboost的入侵检测系统［J］. 计算机工程, 2019,45(10):183-188.
［2］	ANDERSON J P. Computer Security Threat Monitoring and Surveillance［R］. Technical Report James P Anderson Co Fort Washington Pa, 1980.
［3］	李鹏,周文欢. 基于K-means和决策树的混合入侵检测算法［J］. 计算机与现代化, 2017(12):12-16.
［4］	ZHENG K, CAI Z P, ZHANG X, et al. Algorithms to speedup pattern matching for network intrusion detection systems［J］. Computer Communications, 2015,62:47-58.
［5］	TAO P Y, SUN Z, SUN Z X. An improved intrusion detection algorithm based on GA and SVM［J］. IEEE Access, 2018,6:13624-13631.
［6］	KUANG F J, XU W H, ZHANG S Y. A novel hybrid KPCA and SVM with GA model for intrusion detection［J］. Applied Soft Computing, 2014,18:178-184.
［7］	董超，周刚，刘玉娇等. 基于改进的Adaboost算法在网络入侵检测中的应用［J］. 四川大学学报（自然科学版）, 2015,52(6):1225-1229.
［8］	刘明川,彭长生. 基于机器学习的入侵检测研究［J］. 计算机工程与设计, 2008,29(11):2736-2738.
［9］	SALAMA M A, EID H F, RAMADAN R A, et al. Hybrid intelligent intrusion detection scheme［M］// Soft Computing in Industrial Applications. springer, 2011:293-303.
［10］	JIA Y, WANG M, WANG Y G. Network intrusion detection algorithm based on deep neural network［J］. IET Information Security, 2019,13(1):48-53.
［11］	LECUN Y, BOSER B, DENKER J S, et al. Backpropagation applied to handwritten zip code recognition［J］. Neural Computation, 1989,1(4):541-551.
［12］	LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-based learning applied to document recognition［J］. Proceedings of the IEEE, 1998,86(11):2278-2324.
［13］	BOUVRIE J. Notes on Convolutional Neural Networks［DB/OL］. (2006-11-22)［2020-03-30］.http://cogprints.org/5869/1/cnn_tutorial.pdf.
［14］	SZEGEDY C, LIU W, JIA Y Q, et al. Going deeper with convolutions［C］// Proceedings of the 2015 IEEE Conference on Computer Vision and Pattern Recognition. 2015:1-9.
［15］	HE K M, ZHANG X Y, REN S Q, et al. Deep residual learning for image recognition［C］// Proceedings of the 2016 IEEE Conference on Computer Vision and Pattern Recognition. 2016:770-778.
［16］	GIRSHICK R, DONAHUE J, DARRELL T, et al. Rich feature hierarchies for accurate object detection and semantic segmentation［C］// Proceedings of the 2014 IEEE Conference on Computer Vision and Pattern Recognition. 2014:580-587.
［17］	GIRSHICK R. Fast R-CNN［C］// Proceedings of the 2015 IEEE International Conference on Computer Vision. 2015:1440-1448.
［18］	REN S Q, HE K M, GIRSHICK R, et al. Faster R-CNN: Towards real-time object detection with region proposal networks［J］. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2017,39(6):1137-1149.
［19］	王明,李剑. 基于卷积神经网络的网络入侵检测系统［J］. 信息安全研究， 2017,3(11):990-994.
［20］	KWON D, NATARAJAN K, SUH S C, et al. An empirical study on network anomaly detection using convolutional neural networks［C］// Proceedings of the 2018 IEEE 38th International Conference on Distributed Computing Systems. 2018:1595-1598.
［21］	KIM J, SHIN N, JO S Y, et al. Method of intrusion detection using deep neural network［C］// Proceedings of the 2017 IEEE International Conference on Big Data and Smart Computing. 2017:313-316.
［22］	张思聪,谢晓尧,徐洋. 基于dCNN的入侵检测方法［J］. 清华大学学报(自然科学版), 2019,59(1):44-52.
［23］	LIN T Y, GOYAL P, GIRSHICK R, et al. Focal Loss for dense object detection［C］// Proceedings of the IEEE International Conference on Computer Vision. 2017:2999-3007.
［24］	SRIVASTAVA N, HINTON G, KRIZHEVSKY A, et al. Dropout: A simple way to prevent neural networks from overfitting［J］. The Journal of Machine Learning Research, 2014,15(1):1929-1958.
［25］	GHIASI G, LIN T Y, LE Q V. DropBlock: A regularization method for convolutional networks［C］// Proceedings of the 32nd Conference on Neural Information Processing Systems. 2018:10750-10760.

[1]	周成诚, 曾庆军, 杨康, 胡家铭, 韩春伟. 基于高效通道注意力模块的运动想象脑电识别[J]. 计算机与现代化, 2023, 0(12): 19-23.
[2]	刘付琪, 张达, 宋建华, 王海东. 基于CNN-BiLSTM的液压系统故障诊断[J]. 计算机与现代化, 2023, 0(09): 10-19.
[3]	吴甜, 刘海华, 童顺延. 基于深度反馈的卷积神经网络的图像分类[J]. 计算机与现代化, 2023, 0(09): 82-86.
[4]	孙子雨, 任燃, 魏曦哲. 基于DTW-TCN的股票分类及预测研究[J]. 计算机与现代化, 2023, 0(08): 31-37.
[5]	江蕾, 唐建, 杨超越, 吕婷婷. 基于CWGAN-GP与CNN的轴承故障诊断方法[J]. 计算机与现代化, 2023, 0(07): 1-6.
[6]	许叶彤, 耿信哲, 赵伟强, 张月, 宁海龙, 雷涛. 基于CNN-Transformer混合结构的遥感影像变化检测模型[J]. 计算机与现代化, 2023, 0(07): 79-85.
[7]	朱剑波, 葛明锋, 董文飞. 基于改进EfficientNet的阿尔兹海默症图像分类[J]. 计算机与现代化, 2023, 0(06): 56-61.
[8]	刘甲甲, 胡旭欣, 余萍. 聚合多维注意力特征的单目深度估计方法[J]. 计算机与现代化, 2023, 0(06): 76-81.
[9]	刘静, 陈金广. 基于通道注意力和Transformer的图像标题生成方法[J]. 计算机与现代化, 2023, 0(05): 8-12.
[10]	王欣怡, 尹四清, 洪军. 融合注意力机制的非对称深度监督哈希[J]. 计算机与现代化, 2023, 0(05): 26-31.
[11]	苏金库, 桂智明. 基于时空特征的短时出租车流量预测[J]. 计算机与现代化, 2023, 0(05): 32-38.
[12]	杨骏, 王劲林, 倪宏, 盛益强, . 工控网络异常检测中基于灵敏度的动态迁移算法[J]. 计算机与现代化, 2023, 0(05): 46-51.
[13]	王娟, 李传庚, 张卿源, 夏承遗. 基于Multiscale-Net的膝关节半月板分割方法[J]. 计算机与现代化, 2023, 0(05): 111-116.
[14]	王磊, 张晓东, 戴欢. 基于1D-CNN-LSTM注意力网络的抽油机井故障诊断[J]. 计算机与现代化, 2023, 0(04): 1-6.
[15]	徐涯昕, 何泽恩, 徐绪堪. 基于CNN-BiLSTM网络的数控机床故障文本自动分类[J]. 计算机与现代化, 2023, 0(04): 7-14.