融合GRU和CNN的轻量级网络入侵检测模型

当前网络流量数据呈现出高维、多态、海量的特点, 这对入侵检测是一个新挑战. 针对传统入侵检测模型中检测效率低、缺乏轻量化考虑等局限性, 提出了一种融合GRU和CNN的轻量级网络入侵检测模型. 首先使用极度随机树删除数据集中的冗余特征; 其次使用GRU进行特征提取. 考虑到数据中的长短期依赖关系, 将所有隐藏层输出作为序列特征信息进行下一步处理; 再通过带有逆残差、深度可分离卷积、空洞卷积等结构的轻量化CNN模型进行空间特征提取; 为了加速模型收敛加入了通道注意力机制. 最后在CIC-IDS2017数据集上的实验表明, 该方法具有优秀的检测性能, 同时也具有模型参数量少、模型体积小、训练时间短、检测时间短等优点, 适用于网络流量的入侵检测工作.

Integrating GRU and CNN for Light-weighted Model in Network Intrusion Detection

Current network traffic data show high-dimensional, polymorphic, and massive characteristics, which is a new challenge for intrusion detection. In order to address the limitations of low detection efficiency and lack of lightweight consideration in traditional intrusion detection models, a lightweight network intrusion detection model incorporating GRU and CNN is proposed. Firstly, redundant features in the dataset are removed by using extremely randomized trees. Secondly, feature extraction is performed by using GRU. By taking into account the long and short-term dependencies in the data, all hidden layer outputs are treated as sequence feature information for the next step; then a lightweight CNN model with structures such as inverse residual, depthwise separable convolution, and dilated convolution are used for spatial feature extraction; a channel attention mechanism is added to accelerate model convergence. Finally, experiments on the CIC-IDS2017 dataset show that the method has excellent detection performance, as well as the advantages of few model parameters, small model size, short training time, and short detection time, which is suitable for intrusion detection of network traffic.