目前,网络对抗对入侵检测智能化和自主性的需求不断提高,基于深度学习的方法通过训练和学习来区分复杂攻击模式和行为,但有监督的学习方法需要专家知识和大量人工开销.针对上述问题,文章提出一种基于集成学习的无监督网络入侵检测方法,并使用基于3种不同异常检测理念的深度学习检测器,在3种不同集成逻辑下对各单检测器的检测结果进行检测判定.该方法可以综合分析时间序列数据中不同类型的异常数据,降低无监督异常检测模型由于过度拟合所造成的影响,并以一种高效的在线方式检测可能存在的网络攻击数据流.在KDD CUP 1999和CSE-CIC-IDS 2018数据集上进行验证,实验结果表明,与其他单一的无监督异常检测模型相比,文章提出的集成方法结合了不同无监督检测模型的优势,适用于对多种网络入侵引起的异常进行检测.
Unsupervised Network Intrusion Detection Method Based on Ensemble Learning
With the increasing demand for intelligent and autonomous intrusion detection in network counter,deep learning-based methods can distinguish complex attack patterns and behaviors through training and learning.However,supervised learning requires professional expert knowledge and the overhead of a large amount of manually annotated data.In response to the above issues,this paper proposed an unsupervised network intrusion detection method based on ensemble learning,which used deep learning detectors based on three different anomaly detection concepts in parallel to detect,and the results of individual detectors were combined under three different integration logics to provide the final detection decision.This method could comprehensively analyze the different types of anomalies in time series data,reduce the impact of unsupervised anomaly detection models caused by overfitting,and detect potential new attack data streams in an efficient online manner.Experiments are conducted on the KDDCUP 99 and the CSE-CIC-IDS 2018 datasets,and the results show that compared to other single unsupervised anomaly detection models,the integrated method proposed in the article combines the advantages of different unsupervised detectors and is suitable for anomaly detection situations caused by multiple network intrusions.
intrusion detection systemanomaly detectionunsupervised deep learningensemble learning
NETL
NSTL
万方数据
