SAGB: self-attention with gate and BiGRU network for intrusion detection

IF 5 2区 计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE Complex & Intelligent Systems Pub Date : 2024-09-09 DOI:10.1007/s40747-024-01577-y
Zhanhui Hu, Guangzhong Liu, Yanping Li, Siqing Zhuang
{"title":"SAGB: self-attention with gate and BiGRU network for intrusion detection","authors":"Zhanhui Hu, Guangzhong Liu, Yanping Li, Siqing Zhuang","doi":"10.1007/s40747-024-01577-y","DOIUrl":null,"url":null,"abstract":"<p>Network traffic intrusion detection technology plays an important role in host and platform security. At present, machine learning and deep learning methods are often used for network traffic intrusion detection. However, the imbalance of relevant data sets will cause the model algorithm to learn the features of the majority categories and ignore the features of the minority categories, which will seriously affect the precision of network intrusion detection models. The number of samples of the attacks is much less than the number of normal samples. The classification performance on unbalanced data sets is poor and can not identify the minority attack samples well. To solve these problems, this paper proposed the resampling mechanism, which used random undersampling for the majority categories samples and K-Smote oversampling for the minority categories samples, so as to generate a more balanced data set and improve the model's detection rate for the minority categories. This paper proposed the Self-Attention with Gate (SAG) and BiGRU network model for intrusion detection on the CICIDS2017 data set, which can fully extract high-dimensional information from data samples and improve the detection rate of network attacks. The Self-Attention with Gate mechanism (SAG) based on the Transformer performed the feature extraction, filtered the irrelevant noise information, then extracted the long-distance dependency temporal sequence features by the BiGRU network, and obtained the classification results through the SoftMax classifier. Compared to the experimental results of other algorithms, such as Random Forest (RF) and BiGRU, it can be found that the overall classification precision for the SAG-BiGRU model in this paper is much higher and also has a good effect on the NSL-KDD data set.</p>","PeriodicalId":10524,"journal":{"name":"Complex & Intelligent Systems","volume":"15 1","pages":""},"PeriodicalIF":5.0000,"publicationDate":"2024-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Complex & Intelligent Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s40747-024-01577-y","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0

Abstract

Network traffic intrusion detection technology plays an important role in host and platform security. At present, machine learning and deep learning methods are often used for network traffic intrusion detection. However, the imbalance of relevant data sets will cause the model algorithm to learn the features of the majority categories and ignore the features of the minority categories, which will seriously affect the precision of network intrusion detection models. The number of samples of the attacks is much less than the number of normal samples. The classification performance on unbalanced data sets is poor and can not identify the minority attack samples well. To solve these problems, this paper proposed the resampling mechanism, which used random undersampling for the majority categories samples and K-Smote oversampling for the minority categories samples, so as to generate a more balanced data set and improve the model's detection rate for the minority categories. This paper proposed the Self-Attention with Gate (SAG) and BiGRU network model for intrusion detection on the CICIDS2017 data set, which can fully extract high-dimensional information from data samples and improve the detection rate of network attacks. The Self-Attention with Gate mechanism (SAG) based on the Transformer performed the feature extraction, filtered the irrelevant noise information, then extracted the long-distance dependency temporal sequence features by the BiGRU network, and obtained the classification results through the SoftMax classifier. Compared to the experimental results of other algorithms, such as Random Forest (RF) and BiGRU, it can be found that the overall classification precision for the SAG-BiGRU model in this paper is much higher and also has a good effect on the NSL-KDD data set.

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
SAGB:利用门和 BiGRU 网络进行自注意入侵检测
网络流量入侵检测技术在主机和平台安全方面发挥着重要作用。目前,机器学习和深度学习方法常被用于网络流量入侵检测。然而,相关数据集的不平衡性会导致模型算法学习多数类别的特征而忽略少数类别的特征,严重影响网络入侵检测模型的精度。攻击样本的数量远远少于正常样本的数量。在不平衡数据集上的分类性能较差,不能很好地识别少数攻击样本。为了解决这些问题,本文提出了重采样机制,即对多数类样本采用随机欠采样,对少数类样本采用 K-Smote 超采样,从而生成更均衡的数据集,提高模型对少数类样本的检测率。本文在 CICIDS2017 数据集上提出了用于入侵检测的带门自注意(SAG)和 BiGRU 网络模型,可以充分提取数据样本的高维信息,提高网络攻击的检测率。基于Transformer的Self-Attention with Gate机制(SAG)进行特征提取,过滤无关噪声信息,然后通过BiGRU网络提取长距离依赖时序特征,并通过SoftMax分类器得到分类结果。与随机森林(RF)和 BiGRU 等其他算法的实验结果相比,可以发现本文中的 SAG-BiGRU 模型的整体分类精度要高得多,而且在 NSL-KDD 数据集上也有很好的效果。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Complex & Intelligent Systems
Complex & Intelligent Systems COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE-
CiteScore
9.60
自引率
10.30%
发文量
297
期刊介绍: Complex & Intelligent Systems aims to provide a forum for presenting and discussing novel approaches, tools and techniques meant for attaining a cross-fertilization between the broad fields of complex systems, computational simulation, and intelligent analytics and visualization. The transdisciplinary research that the journal focuses on will expand the boundaries of our understanding by investigating the principles and processes that underlie many of the most profound problems facing society today.
期刊最新文献
Large-scale multiobjective competitive swarm optimizer algorithm based on regional multidirectional search Towards fairness-aware multi-objective optimization Low-frequency spectral graph convolution networks with one-hop connections information for personalized tag recommendation A decentralized feedback-based consensus model considering the consistency maintenance and readability of probabilistic linguistic preference relations for large-scale group decision-making A dynamic preference recommendation model based on spatiotemporal knowledge graphs
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1