当前位置:
X-MOL 学术
›
IEEE Access
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Multi-Channel Deep Feature Learning for Intrusion Detection
IEEE Access ( IF 3.9 ) Pub Date : 2020-01-01 , DOI: 10.1109/access.2020.2980937 Giuseppina Andresini , Annalisa Appice , Nicola Di Mauro , Corrado Loglisci , Donato Malerba
IEEE Access ( IF 3.9 ) Pub Date : 2020-01-01 , DOI: 10.1109/access.2020.2980937 Giuseppina Andresini , Annalisa Appice , Nicola Di Mauro , Corrado Loglisci , Donato Malerba
Networks had an increasing impact on modern life since network cybersecurity has become an important research field. Several machine learning techniques have been developed to build network intrusion detection systems for correctly detecting unforeseen cyber-attacks at the network-level. For example, deep artificial neural network architectures have recently achieved state-of-the-art results. In this paper a novel deep neural network architecture is defined, in order to learn flexible and effective intrusion detection models, by combining an unsupervised stage for multi-channel feature learning with a supervised one exploiting feature dependencies on cross channels. The aim is to investigate whether class-specific features of the network flows could be learned and added to the original ones in order to increase the model accuracy. In particular, in the unsupervised stage, two autoencoders are separately learned on normal and attack flows, respectively. As the top layer in the decoder of these autoencoders reconstructs samples in the same space as the input one, they could be used to define two new feature vectors allowing the representation of each network flow as a multi-channel sample. In the supervised stage, a multi-channel parametric convolution is adopted, in order to learn the effect of each channel on the others. In particular, as the samples belong to two different distributions (normal and attack flows), the samples labelled as normal should be more similar to the representation reconstructed with the normal autoencoder than that of the attack one, and viceversa. This expected dependency will be exploited to better disentangle the differences between normal and attack flows. The proposed neural network architecture leads to better predictive accuracy when compared to competitive intrusion detection architectures on three benchmark datasets.
中文翻译:
用于入侵检测的多通道深度特征学习
由于网络网络安全已成为一个重要的研究领域,网络对现代生活的影响越来越大。已经开发了几种机器学习技术来构建网络入侵检测系统,以便在网络级别正确检测不可预见的网络攻击。例如,深度人工神经网络架构最近取得了最先进的结果。在本文中,通过将多通道特征学习的无监督阶段与利用跨通道特征依赖的监督阶段相结合,定义了一种新颖的深度神经网络架构,以学习灵活有效的入侵检测模型。目的是研究是否可以学习网络流的特定于类的特征并将其添加到原始特征中以提高模型准确性。特别是,在无监督阶段,两个自动编码器分别在正常和攻击流上学习。由于这些自动编码器解码器的顶层在与输入相同的空间中重建样本,因此它们可用于定义两个新的特征向量,允许将每个网络流表示为多通道样本。在监督阶段,采用多通道参数卷积,以了解每个通道对其他通道的影响。特别是,由于样本属于两个不同的分布(正常和攻击流),标记为正常的样本应该更类似于使用正常自动编码器重建的表示而不是攻击的表示,反之亦然。将利用这种预期的依赖性来更好地解决正常流和攻击流之间的差异。
更新日期:2020-01-01
中文翻译:
用于入侵检测的多通道深度特征学习
由于网络网络安全已成为一个重要的研究领域,网络对现代生活的影响越来越大。已经开发了几种机器学习技术来构建网络入侵检测系统,以便在网络级别正确检测不可预见的网络攻击。例如,深度人工神经网络架构最近取得了最先进的结果。在本文中,通过将多通道特征学习的无监督阶段与利用跨通道特征依赖的监督阶段相结合,定义了一种新颖的深度神经网络架构,以学习灵活有效的入侵检测模型。目的是研究是否可以学习网络流的特定于类的特征并将其添加到原始特征中以提高模型准确性。特别是,在无监督阶段,两个自动编码器分别在正常和攻击流上学习。由于这些自动编码器解码器的顶层在与输入相同的空间中重建样本,因此它们可用于定义两个新的特征向量,允许将每个网络流表示为多通道样本。在监督阶段,采用多通道参数卷积,以了解每个通道对其他通道的影响。特别是,由于样本属于两个不同的分布(正常和攻击流),标记为正常的样本应该更类似于使用正常自动编码器重建的表示而不是攻击的表示,反之亦然。将利用这种预期的依赖性来更好地解决正常流和攻击流之间的差异。
京公网安备 11010802027423号