摘要
针对医疗物联网(IoMT)入侵检测方法依赖数据样本的平衡性,采用有监督学习的误用检测无法应对未知攻击,而采用无监督学习的异常检测误报率高的问题,提出一种多阶段融合的IoMT入侵检测方法。首先,采用双向流特征中加入包头信息和有效载荷的特征提取方法,减少对数据样本平衡性的依赖;其次,结合有监督和无监督学习方法设计一个三阶段的入侵检测框架,即通过无监督学习的自编码器(AE)模型过滤出良性流量并检测未知攻击,而通过有监督学习的卷积神经网络(CNN)、门控循环单元(GRU)和注意力机制(Attention)的混合模型检测已知攻击减少误报,从而提高检测性能。实验结果表明,所提方法构建的多阶段医疗物联网入侵检测系统(MTIDS)在CICIoMT2024和CICIoT2023数据集上实现了99.96%的检测准确率和93.78%的F1值,相较于AE等单一有监督或无监督学习方法的入侵检测模型,均有提高,其中,MTIDS在准确率和F1值上比对比模型中最优的AE分别提升了0.82和5.58个百分点,验证了所提方法在已知和未知攻击检测方面的准确性。
Aiming at the problems that the intrusion detection methods of Internet of Medical Things(IoMT)rely on the balance of data samples,the misuse detection based on supervised learning cannot cope with unknown attacks,and the false alarm rate of anomaly detection based on unsupervised learning is high,an intrusion detection method with multi-stage fusion for IoMT was proposed.Firstly,a feature extraction method that added header information and payload to the bidirectional flow features was adopted to reduce the dependence on the balance of data samples.Then,a three-stage intrusion detection framework was designed by combining supervised and unsupervised learning methods.In the framework,the unsupervised learning AutoEncoder(AE)model was used to filter benign traffic and detect unknown attacks,and the supervised learning hybrid model of Convolutional Neural Network(CNN),Gated Recurrent Unit(GRU),and Attention mechanism(Attention)was used to detect known attacks and reduce false alarms,so as to improve the detection performance.Experimental results show that Multi-stage fusion for IoMT Intrusion Detection System(MTIDS)constructed by the proposed method achieves 99.96%detection accuracy and 93.78%F1 value on the CICIoMT2024 and CICIoT2023 datasets,which are higher than those of intrusion detection models of single supervised or unsupervised learning methods such as AE.Specifically,MTIDS has an improvement of 0.82 percentage points in accuracy and 5.58 percentage points in F1 value compared to the best comparison model AE,which validates the accuracy of the proposed method in detecting known and unknown attacks.
作者
郑浩群
蔡立志
杨康
王晓宇
ZHENG Haoqun;CAI Lizhi;YANG Kang;WANG Xiaoyu(School of Information Science and Engineering,East China University of Science and Technology,Shanghai 200237,China;Shanghai Key Laboratory of Computer Software Testing Evaluating,Shanghai Development Center of Computer Software Technology,Shanghai 201112,China)
出处
《计算机应用》
北大核心
2025年第12期3909-3915,共7页
journal of Computer Applications
基金
上海市青年科技英才扬帆专项(24YF720000)。
关键词
医疗物联网
入侵检测
深度学习
异常检测
未知攻击
Internet of Medical Things(IoMT)
intrusion detection
deep learning
anomaly detection
unknown attack
