系统工程与电子技术 ›› 2022, Vol. 44 ›› Issue (12): 3850-3862.doi: 10.12305/j.issn.1001-506X.2022.12.31

• 通信与网络 • 上一篇    

基于ADASYN与改进残差网络的入侵流量检测识别

唐玺博1, 张立民1, 钟兆根2,*   

  1. 1. 海军航空大学信息融合研究所, 山东 烟台 264001
    2. 海军航空大学航空基础学院, 山东 烟台 264001
  • 收稿日期:2021-08-30 出版日期:2022-11-14 发布日期:2022-11-24
  • 通讯作者: 钟兆根
  • 作者简介:唐玺博(1998—), 男, 硕士研究生, 主要研究方向为协议分析技术|张立民(1966—), 男, 教授, 博士, 主要研究方向为卫星信号处理及应用|钟兆根(1984—), 男, 副教授, 博士, 主要研究方向为扩频信号处理、信道编码识别技术
  • 基金资助:
    国家自然科学基金重大研究计划(91538201);泰山学者工程专项经费(Ts201511020);信息系统安全技术重点实验室基金(6142111190404)

Intrusion traffic detection and identification based on ADASYN and improved residual network

Xibo TANG1, Limin ZHANG1, Zhaogen ZHONG2,*   

  1. 1. Department of Information Fusion, Naval Aviation University, Yantai 264001, China
    2. School of Aviation Basis, Naval Aviation University, Yantai 264001, China
  • Received:2021-08-30 Online:2022-11-14 Published:2022-11-24
  • Contact: Zhaogen ZHONG

摘要:

针对现有入侵流量检测模型分类准确率低、小样本特征提取不足等问题, 提出了一种基于自适应合成采样和Inception-Resnet模块的改进残差网络算法。该算法能够对不平衡数据集进行采样优化, 有效提升模型的小样本特征提取能力。首先, 通过对不平衡的数据训练集进行过采样改善数据分布, 然后对非数据部分进行独热编码处理并与数据部分整合, 降低预处理复杂度, 最后利用改进残差网络模型进行数据训练, 并进行性能评估和算法效能对比。实验结果表明, 改进残差网络模型对入侵流量的检测准确率在多分类和二分类情况下分别达到89.40%和91.88%。相比于经典深度学习算法, 改进残差网络模型的准确率更高, 误报率更低, 具备较高的可靠性和工程应用价值。

关键词: 入侵流量检测, 残差神经网络, 自适应合成采样, 不平衡数据集

Abstract:

To solve the problems of low classification accuracy and insufficient feature extraction of small samples in existing intrusion traffic detection models, an improved residual network algorithm based on adaptive synthetic (ADASYN) sampling and Inception-Resnet modules is proposed. The algorithm can optimize the unbalanced data set and improve the feature extraction ability of small sample effectively. Firstly, the unbalanced data training set is oversampled to improve the data distribution, and then the non-data part is processed and integrated with the data part to reduce the complexity of pretreatment. Finally, the improved residual network model is used to train the data, and the performance evaluation and algorithm efficiency comparison are carried out. The experimental results show that the detection accuracy of intrusion traffic by the improved residual network model reaches 89.40% and 91.88% respectively in the case of multi-classification and binary classification. Compared with the classical deep learning algorithm, the improved residual network model has higher accuracy and lower false alarm rate, which has higher reliability and engineering application value.

Key words: intrusion traffic detection, residual neural network, adaptive synthetic sampling, unbalanced dataset

中图分类号: