本文已被:浏览 2290次 下载 2508次
Received:February 25, 2018 Revised:March 19, 2018
Received:February 25, 2018 Revised:March 19, 2018
中文摘要: 目前提出的误用检测和异常检测相结合的算法,大多采用复合模型或组合模型来实现,这些方法通常需要训练不止一个基本模型,学习过程复杂.本文提出一种基于端到端记忆神经网络的入侵检测模型,能够在利用领域知识辅助网络行为数据分类的同时,使用端到端的方式训练模型以降低学习复杂度.模型设计了匹配模块和融合模块,使相关攻击知识项能够在分类模块发挥辅助作用.除检测结果外,模型还能够输出关于检测结果的可解释信息.本文对数据集进行归一化处理,并从数据集中提取出攻击知识项用于辅助分类.实验结果表明,本文方法中领域知识起到了较好的辅助分类作用,模型最终取得较高的检测精度.
Abstract:There are different methods combining misuse and anomaly detection for intrusion detection. However, most of them consist of more than one basic models which complicate the learning process. In this paper, we present an effective intrusion detection method with low complexity on the basis of the end-to-end memory network to classify the network behavior data by taking advantage of domain knowledge. A matching module and a blending module are designed in our model to ensure that relevant knowledge items take effect in the classify module. Furthermore, additional output are provided with the detecting result as explainable reference information. Data pre-processing is done using data normalization and knowledge items about attacks are selected from the dataset. Experimental results show that the domain knowledge plays a positive role in the model and the proposed method has good performance on intrusion detecting..
文章编号: 中图分类号: 文献标志码:
基金项目:
引用文本:
高筱娴,龙春,魏金侠,赵静,宋丹劼.基于端到端记忆神经网络的可解释入侵检测模型.计算机系统应用,2018,27(10):170-176
GAO Xiao-Xian,LONG Chun,WEI Jin-Xia,ZHAO Jing,SONG Dan-Jie.Explainable Intrusion Detecion Model Based on End-to-End Memory Network.COMPUTER SYSTEMS APPLICATIONS,2018,27(10):170-176
高筱娴,龙春,魏金侠,赵静,宋丹劼.基于端到端记忆神经网络的可解释入侵检测模型.计算机系统应用,2018,27(10):170-176
GAO Xiao-Xian,LONG Chun,WEI Jin-Xia,ZHAO Jing,SONG Dan-Jie.Explainable Intrusion Detecion Model Based on End-to-End Memory Network.COMPUTER SYSTEMS APPLICATIONS,2018,27(10):170-176