摘要
入侵检测是车联网安全关键的防护措施,但仍面对两大局限:一是在实际中网络攻击是不断变化的,导致训练好的模型难以检测最新的未知攻击,二是网络流量中的良性数据与攻击数据是不平衡的;鉴于此提出了ATGCB入侵检测模型,引入自适应模块和多生成器对抗网络;自适应模块是以无监督的方式检测数据漂移的聚类模型,经过聚类识别异常分布样本,触发生成模块生成对应伪数据,进而增量更新分类器提高泛化性;多生成器对抗网络采用高维特征提取器与并行多个生成器同时生成多类型样本重叠低的伪数据,扩充少数类进而平衡数据集;经过在数据集CICIDS-2017和CSE-CICIDS-2018进行实验的结果表明,方法在平衡数据后模型命中率达到97.56%,在面对漂移数据后命中率达到91.12%,由此证明方法在车联网入侵检测中更加适用。
Intrusion detection is a critical security measure for the Internet of Vehicles(IoV).However,it still faces two major limitations:first,network attacks are constantly evolving in practice,making it difficult for pre-trained models to detect the latest unknown attacks;second,there is an imbalance between benign data and attack data in network traffic.To address these issues,this paper proposes an intrusion detection model named ATGCB(Adaptive and Tmg-GAN-based Clustering for Intrusion Detection),which incorporates an adaptive module and a multi-generator adversarial network.The adaptive module is a clustering model that detects data drift in an unsupervised manner.It identifies abnormally distributed samples through clustering,triggers the generation module to produce corresponding pseudo-data,and then incrementally updates the classifier to improve generalization performance.The multi-generator adversarial network adopts a high-dimensional feature extractor and multiple parallel generators to simultaneously generate multiple types of pseudo-data with low sample overlap,thereby expanding minority classes and balancing the dataset.Experimental results on the CICIDS-2017 and CSE-CICIDS-2018 datasets show that the proposed method achieves a model hit rate of 97.56%after data balancing and 91.12%when dealing with drifted data,which demonstrates that this method is more applicable to intrusion detection in the IoV.
作者
王荔
何立明
李茹
WANG Li;HE Liming;LI Ru(School of Information Engineering,Chang an University,Xi'an 710064,China)
出处
《计算机测量与控制》
2025年第12期51-57,66,共8页
Computer Measurement & Control
基金
国家自然科学基金项目(51308058)。
关键词
漂移数据
多生成器对抗网络
入侵检测
平衡数据集
注意力机制
drifting data
multi-generator adversarial network
intrusion detection
balance the dataset
attention mechanism
