高级搜索

基于深度堆栈编码器和反向传播算法的网络安全态势要素识别

寇广 王硕 张达

引用本文: 寇广, 王硕, 张达. 基于深度堆栈编码器和反向传播算法的网络安全态势要素识别[J]. 电子与信息学报, 2019, 41(9): 2187-2193. doi: 10.11999/JEIT181014 shu
Citation:  Guang KOU, Shuo WANG, Da ZHANG. Recognition of Network Security Situation Elements Based on Depth Stack Encoder and Back Propagation Algorithm[J]. Journal of Electronics and Information Technology, 2019, 41(9): 2187-2193. doi: 10.11999/JEIT181014 shu

基于深度堆栈编码器和反向传播算法的网络安全态势要素识别

    作者简介: 寇广: 男,1983年生,博士,副研究员,硕士生导师,研究方向为智能安全、智能算法等;
    王硕: 男,1991年生,博士生,研究方向为网络安全;
    张达: 男,1994年生,硕士生,研究方向为网络安全
    通讯作者: 寇广,kg5188@163.com
  • 基金项目: 国家自然科学基金(61303074)

摘要: 网络安全态势要素识别的基础是对态势数据集进行有效的特征提取。针对反向传播(BP)神经网络对海量安全态势信息数据学习时过度依赖数据标签的问题,该文提出一种结合深度堆栈编码器和反向传播算法的网络安全态势要素识别方法,通过无监督学习算法逐层训练网络,在此基础上堆叠得到深度堆栈编码器,利用编码器提取数据集特征,实现了网络的无监督训练。仿真实验验证了该方法能有效提升安全态势感知的效能和准确度。

English

    1. [1]

      国家计算机网络应急技术处理协调中心. 2017年我国互联网网络安全态势综述[EB/OL]. http://www.cert.org.cn/publish/main/upload/File/situation.pdf, 2018.
      National Internet Emergency Center. Summary of China’s Internet security situation in 2018[EB/OL]. http://www.cert.org.cn/publish/main/upload/File/situation.pdf, 2018.

    2. [2]

      SRIHARI R K. Situation awareness through concept-based information extraction[EB/OL]. http://www.dawnbreaker.com/vas05, 2015.

    3. [3]

      ZHANG Songmei, YAO Shan, YE Xin'en, et al. A network security situation analysis framework based on information fusion[C]. The 6th IEEE Joint International Information Technology and Artificial Intelligence Conference, Chongqing, China, 2011: 326-332. doi: 10.1109/ITAIC.2011.6030216.

    4. [4]

      韦勇, 连一峰, 冯登国. 基于信息融合的网络安全态势评估模型[J]. 计算机研究与发展, 2009, 46(3): 353–362.
      WEI Yong, LIAN Yifeng, and FENG Dengguo. A network security situational awareness model based on information fusion[J]. Journal of Computer Research and Development, 2009, 46(3): 353–362.

    5. [5]

      陈秀真, 郑庆华, 管晓宏, 等. 层次化网络安全威胁态势量化评估方法[J]. 软件学报, 2006, 17(4): 885–897.
      CHEN Xiuzhen, ZHENG Qinghua, GUAN Xiaohong, et al. Quantitative hierarchical threat evaluation model for network security[J]. Journal of Software, 2006, 17(4): 885–897.

    6. [6]

      LIU Zhiming, LI Sheng, HE Jin, et al. Complex network security analysis based on attack graph model[C]. The 2nd International Conference on Instrumentation, Measurement, Computer, Communication and Control, Harbin, China, 2012: 183–186. doi: 10.1109/IMCCC.2012.50.

    7. [7]

      HINTON G E, OSINDERO S, and TEH Y W. A fast learning algorithm for deep belief nets[J]. Neural Computation, 2006, 18(7): 1527–1554. doi: 10.1162/neco.2006.18.7.1527

    8. [8]

      ERHAN D, BENGIO Y, COURVILLE A, et al. Why does unsupervised pre-training help deep learning?[J]. The Journal of Machine Learning Research, 2010, 11: 625–660.

    9. [9]

      BENGIO Y. Learning deep architectures for AI[J]. Foundations and Trends in Machine Learning, 2009, 2(1): 1–127. doi: 10.1561/2200000006

    10. [10]

      VINCENT P, LAROCHELLE H, LAJOIE I, et al. Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion[J]. The Journal of Machine Learning Research, 2010, 11: 3371–3408.

    11. [11]

      RIFAI S, VINCENT P, MULLER X, et al. Contractive auto-encoders: Explicit invariance during feature extraction[C]. The 28th International Conference on Machine Learning, New York, USA, 2011: 122-132.

    12. [12]

      EVANS R and GREFENSTETTE E. Learning explanatory rules from noisy data[J]. Journal of Artificial Intelligence Research, 2018, 61: 1–64. doi: 10.1613/jair.5714

    13. [13]

      BRONSTEIN M M, BRUNA J, LECUN Y, et al. Geometric deep learning: Going beyond Euclidean data[J]. IEEE Signal Processing Magazine, 2017, 34(4): 18–42. doi: 10.1109/MSP.2017.2693418

    14. [14]

      LIPPMANN R, HAINES J W, FRIED D J, et al. The 1999 DARPA off-line intrusion detection evaluation[J]. Computer Networks, 2000, 34(4): 579–595. doi: 10.1016/S1389-1286(00)00139-0

    15. [15]

      SHIRAVI A, SHIRAVI H, TAVALLAEE M, et al. Toward developing a systematic approach to generate benchmark datasets for intrusion detection[J]. Computers& Security, 2012, 31(3): 357–374. doi: 10.1016/j.cose.2011.12.012

    16. [16]

      KONIDARIS G, KAELBLING L P, and LOZANO-PEREZ T. From skills to symbols: Learning symbolic representations for abstract high-level planning[J]. Journal of Artificial Intelligence Research, 2018, 61: 215–289. doi: 10.1613/jair.5575

    1. [1]

      缪祥华, 单小撤. 基于密集连接卷积神经网络的入侵检测技术研究. 电子与信息学报, 2020, 41(0): 1-7.

    2. [2]

      游凌, 李伟浩, 张文林, 王科人. 基于深度神经网络的Morse码自动译码算法. 电子与信息学报, 2020, 41(0): 1-6.

  • 图 1  自动编码器的形象化表示

    图 2  AE网络结构图

    图 3  改进型神经网络形成图

    图 4  改进型BP神经网络的两种监督学习微调

    图 5  改进型BP神经网络训练算法流程

    图 6  识别正确率比较

    图 7  不同标签占比下两种算法识别率比较

    表 1  不同样本数量下的BP神经网络和改进型BP神经网络识别率结果

    样本数量识别率
    BP改进BP
    10000.8930.940
    30000.9190.954
    50000.9240.953
    70000.8920.954
    90000.9600.972
    110000.9570.970
    130000.9010.987
    150000.9520.982
    170000.9630.965
    190000.9590.986
    210000.9640.972
    230000.9660.980
    250000.9580.989
    270000.9590.979
    290000.9650.984
    310000.9650.988
    330000.9610.988
    350000.9720.978
    370000.9720.992
    400000.9750.993
    下载: 导出CSV

    表 2  不同标签占比下的BP神经网络和改进型BP神经网络识别率结果

    训练集中标签占比(%)识别率(DARPA1999)识别率(ISCX 2012)
    BP改进BPBP改进BP
    100.8990.9510.8540.926
    300.9250.9590.8620.934
    500.9360.9650.8770.936
    700.9390.9670.8790.944
    900.9420.9710.8920.949
    1000.9510.9730.9050.952
    下载: 导出CSV
  • 加载中
图(7)表(2)
计量
  • PDF下载量:  38
  • 文章访问数:  1717
  • HTML全文浏览量:  650
文章相关
  • 通讯作者:  寇广, kg5188@163.com
  • 收稿日期:  2018-11-05
  • 录用日期:  2019-03-18
  • 网络出版日期:  2019-04-16
  • 刊出日期:  2019-09-01
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

/

返回文章