摘要
随着新型网络攻击的不断涌现,网络入侵检测系统(network-based intrusion detection system,NIDS)已成为网络安全中不可或缺的保护机制。为提高入侵检测的准确性和实时性,文章提出一种基于分组序列特征和深度学习模型的NIDS。首先,利用分组解析算法分析分组报头和有效载荷数据,提取分组序列特征;其后,通过图像构建算法对特征集中分组的时序关系进行编码,由此为同一流量的前向和后向特征创建RGB图像,这样通过考虑分组特征的方向性和时间关联,识别异常通信模式,实现网络入侵的早期检测;最后,开发基于视觉Transformer(ViT)的入侵检测模型,通过自注意力机制进行图块关联,并使用改进分层焦点损失函数解决数据不平衡问题,减少离群值对模型的影响,进一步提高检测性能。在NIDS公开数据集上的实验结果表明:在不同攻击类型下,所提方法的恶意流量检测准确率均超过98%(最高达100%);与已有NIDS相比,该方法的检测性能均优于其他比较方法。在当前网络入侵的复杂性和多样性不断增加的情况下,所提方法具有更好的性能和更高的检测准确率,将有助于进一步提升网络安全。
With the continuous emergence of new network attacks,network-based intrusion detection systems(NIDS)have become an indispensable protection mechanism in network security.To enhance the accuracy and real-time performance of intrusion detection,a NIDS based on packet sequence representation and deep learning model is proposed.Firstly,packet headers and payload data were analyzed using a packet parsing algorithm to effectively extract packet sequence features.Subsequently,an image construction algorithm was employed to encode the temporal relationships within the feature set of packets,creating RGB images for the forward and backward features of the same flow.Finally,an intrusion detection model based on ViT was developed to perform intrusion detection based on image classification results,and the layered focal loss function was employed within the ViT model to improve classification performance and address data imbalance issues.Experimental results on public NIDS datasets demonstrate that the proposed system significantly enhances intrusion detection performance compared to existing NIDS,achieving a high detection rate of 98%(up to 100%).Given the increasing complexity and diversity of current network intrusions,the proposed method will contribute to improved network security.
作者
丁永红
王晓勇
DING Yonghong;WANG Xiaoyong(School of Information Engineering,Huainan Union University,Huainan 232038 China)
出处
《西华大学学报(自然科学版)》
2025年第5期39-47,69,共10页
Journal of Xihua University:Natural Science Edition
基金
安徽省高等学校省级质量工程项目(2021cjrh044)。
