工程科学学报2024,Vol.46Issue(12):2238-2245,8.DOI:10.13374/j.issn2095-9389.2024.03.01.002
基于DeepInsight和迁移学习的入侵检测技术
Network intrusion detection technology based on DeepInsight and transfer learning
摘要
Abstract
In the dynamic field of the internet in modern life,networks are increasingly vulnerable to a diverse range of cyberattacks.Conventional intrusion detection systems based on machine learning techniques require a large number of samples for training.However,in some scenarios,only a limited number of malicious samples can be collected.To address the issue of insufficient training samples and unbalanced sample classes for intrusion detection system in real network environments,this paper proposes an intrusion detection method named DeepInsight-transfer learning-convolutional neural network(DI-TL-CNN),which is based on DI and TL.First,the DI method is used to convert the intrusion dataset into an image form suitable for CNN model input.The DI method can transform text while maintaining the semantic relationships between data points,thereby providing high-quality images.In this step,we map the 1D feature vector representation of the input data onto the 2D image representation using T-SNE and construct 2D grayscale images.In the second step,we train and optimize the VGG16 model through TL and fine-tuning,enhancing the model's adaptability and performance.We propose six TL schemes by freezing and fine-tuning the parameters of different modules in the CNN model to enhance intrusion detection performance.In the TL process,the VGG16 model,pretrained on the ImageNet dataset,demonstrates promising results for generic image classification tasks.The bottom layers of CNN models often learn basic feature patterns that are applicable to various tasks,while the features acquired by the top layers of the model are specific to the target domain intrusion dataset.Fine-tuning allows the model to adjust the pretrained architecture's higher-order features to better match the targeted dataset.During the training process,the bottom layers of the pretrained architecture are frozen,whereas the top layers are unfrozen for fine-tuning.The optimal intrusion detection model is determined through a comparison of the performance of the six TL schemes.Finally,the correctness and effectiveness of the proposed DI-TL-CNN method are validated on a dataset with insufficient training samples,using metrics such as accuracy,precision,recall,and F1-score.In the experiments,compared with existing state-of-the-art models for intrusion detection,the proposed method considerably enhances accuracy in the detection of network traffic data.The experimental results show that the DI-TL-CNN method is suitable for intrusion detection with small samples and unbalanced data,demonstrating the good application prospects of the method in complex networks.关键词
入侵检测/DeepInsight/迁移学习/迁移方案/卷积神经网络Key words
intrusion detection/DeepInsight/transfer learning/transfer learning schemes/convolutional neural network分类
信息技术与安全科学引用本文复制引用
刘文琪,胡涛,闫洁,李煌,李诗佳,葛红娟..基于DeepInsight和迁移学习的入侵检测技术[J].工程科学学报,2024,46(12):2238-2245,8.基金项目
国家自然科学基金民航联合基金重点资助项目(U2133203,U2233205) (U2133203,U2233205)
