时空感知入侵检测模型

2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) Pub Date : 2020-12-01 DOI:10.1109/TrustCom50675.2020.00058

Xueying Han, Rongchao Yin, Zhigang Lu, Bo Jiang, Yuling Liu, Song Liu, Chonghua Wang, Ning Li

{"title":"时空感知入侵检测模型","authors":"Xueying Han, Rongchao Yin, Zhigang Lu, Bo Jiang, Yuling Liu, Song Liu, Chonghua Wang, Ning Li","doi":"10.1109/TrustCom50675.2020.00058","DOIUrl":null,"url":null,"abstract":"Network intrusion detection plays a critical role in cyberspace security. Most existing conventional detection methods mostly rely on manually-designed features to detect intrusion behaviours from large-scale flow data. Recent studies show that deep learning-based methods are effective for network intrusion detection due to the ability to learn discriminative features from data automatically. However, these models ignore the problem of the irregular time intervals between packets in a flow, causing the degradation of detection performance. To this end, we propose a Spatial and Temporal Aware Intrusion Detection model (STIDM). The proposed STIDM model first uses a one-dimensional Convolutional Neural Network (1D-CNN) to extract spatial features based on the nature of flow and packet. Then we design a Time and Length sensitive LSTM (TL-LSTM) method to learn richer temporal features from the irregular flows. The two parts are trained simultaneously to achieve global optimum. Through extensive experiments on the ISCX2012 dataset and the CICIDS2017 dataset, we demonstrate that STIDM outperforms state-of-the-art models.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"STIDM: A Spatial and Temporal Aware Intrusion Detection Model\",\"authors\":\"Xueying Han, Rongchao Yin, Zhigang Lu, Bo Jiang, Yuling Liu, Song Liu, Chonghua Wang, Ning Li\",\"doi\":\"10.1109/TrustCom50675.2020.00058\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network intrusion detection plays a critical role in cyberspace security. Most existing conventional detection methods mostly rely on manually-designed features to detect intrusion behaviours from large-scale flow data. Recent studies show that deep learning-based methods are effective for network intrusion detection due to the ability to learn discriminative features from data automatically. However, these models ignore the problem of the irregular time intervals between packets in a flow, causing the degradation of detection performance. To this end, we propose a Spatial and Temporal Aware Intrusion Detection model (STIDM). The proposed STIDM model first uses a one-dimensional Convolutional Neural Network (1D-CNN) to extract spatial features based on the nature of flow and packet. Then we design a Time and Length sensitive LSTM (TL-LSTM) method to learn richer temporal features from the irregular flows. The two parts are trained simultaneously to achieve global optimum. Through extensive experiments on the ISCX2012 dataset and the CICIDS2017 dataset, we demonstrate that STIDM outperforms state-of-the-art models.\",\"PeriodicalId\":221956,\"journal\":{\"name\":\"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TrustCom50675.2020.00058\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom50675.2020.00058","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

摘要

网络入侵检测在网络空间安全中起着至关重要的作用。现有的传统检测方法大多依靠人工设计特征来检测大规模流量数据中的入侵行为。近年来的研究表明，基于深度学习的方法能够自动从数据中学习判别特征，是有效的网络入侵检测方法。然而，这些模型忽略了流中数据包之间的不规则时间间隔问题，导致检测性能下降。为此，我们提出了一个时空感知入侵检测模型(STIDM)。提出的STIDM模型首先使用一维卷积神经网络(1D-CNN)根据流和包的性质提取空间特征。然后，我们设计了一种时间和长度敏感LSTM (TL-LSTM)方法，从不规则流中学习更丰富的时间特征。同时训练两个部分以达到全局最优。通过对ISCX2012数据集和CICIDS2017数据集的大量实验，我们证明了STIDM优于最先进的模型。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

STIDM: A Spatial and Temporal Aware Intrusion Detection Model

Network intrusion detection plays a critical role in cyberspace security. Most existing conventional detection methods mostly rely on manually-designed features to detect intrusion behaviours from large-scale flow data. Recent studies show that deep learning-based methods are effective for network intrusion detection due to the ability to learn discriminative features from data automatically. However, these models ignore the problem of the irregular time intervals between packets in a flow, causing the degradation of detection performance. To this end, we propose a Spatial and Temporal Aware Intrusion Detection model (STIDM). The proposed STIDM model first uses a one-dimensional Convolutional Neural Network (1D-CNN) to extract spatial features based on the nature of flow and packet. Then we design a Time and Length sensitive LSTM (TL-LSTM) method to learn richer temporal features from the irregular flows. The two parts are trained simultaneously to achieve global optimum. Through extensive experiments on the ISCX2012 dataset and the CICIDS2017 dataset, we demonstrate that STIDM outperforms state-of-the-art models.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

自引率

0.00%

发文量