|
|
基于LSTM-DDPG的网络入侵检测方法研究
|
Abstract:
针对传统入侵检测系统在动态环境下时序特征捕捉不足、小样本攻击检测效果差的问题,本文提出基于LSTM-DDPG的入侵检测方法。通过将长短期记忆网络(LSTM)融入深度确定性策略梯度(DDPG)框架,构建具备时序建模与动态策略优化能力的检测模型。结合TON-IoT数据集进行实验验证。实验表明,融合模型较单一DDPG和LSTM在准确率(+13.07%/+21.58%)、精确率(+34.75%/+9.55%)、召回率(+29.43%/+99.13%)及F1值(+31.89%/+49.93%)上均显著提升,其中小样本攻击MITM的召回率提升3.29%。该方法验证了时序特征与强化学习融合的有效性,为动态网络安全防护提供新思路,未来将重点优化模型在小样本与大样本检测中的平衡性。
Aiming at the problems that the traditional intrusion detection system lacks time series feature capture and the detection effect of small sample attack is poor in dynamic environment, this paper proposes an intrusion detection method based on LSTM-DDPG. By integrating Long Short-Term Memory (LSTM) network into the Deep Deterministic Policy Gradient (DDPG) framework, a detection model with the ability of time series modeling and dynamic policy optimization was constructed. The TON-IoT dataset was used for experimental verification. The experimental results show that the fusion model significantly improves the accuracy (+13.07%/+21.58%), precision (+34.75%/+9.55%), recall (+29.43%/+99.13%) and F1 value (+31.89%/+49.93%) compared with single DDPG and LSTM. The recall rate of small sample attack MITM is increased by 3.29%. This method verifies the effectiveness of the fusion of time series features and reinforcement learning, and provides new ideas for dynamic network security protection. In the future, the balance between small sample and large sample detection of the model will be optimized.
| [1] | 麻文刚, 张亚东, 郭进. 基于LSTM与改进残差网络优化的异常流量检测方法[J]. 通信学报, 2021, 42(5): 23-40. |
| [2] | Kober, J., Bagnell, J.A. and Peters, J. (2013) Reinforcement Learning in Robotics: A Survey. The International Journal of Robotics Research, 32, 1238-1274. https://doi.org/10.1177/0278364913495721 |
| [3] | Xu, X. and Xie, T. (2005) A Reinforcement Learning Approach for Host-Based Intrusion Detection Using Sequences of System Calls. In: Huang, D.S., Zhang, X.P. and Huang, G.B., Eds., Advances in Intelligent Computing, Springer, 995-1003. https://doi.org/10.1007/11538059_103 |
| [4] | Di, C., Su, Y., Han, Z. and Li, S. (2018) Learning Automata Based SVM for Intrusion Detection. In: Liang, Q., Mu, J., Jia, M., Wang, W., Feng, X. and Zhang, B., Eds., Communications, Signal Processing, and Systems, Springer, 2067-2074. https://doi.org/10.1007/978-981-10-6571-2_252 |
| [5] | Servin, A. and Kudenko, D. (2008) Multi-Agent Reinforcement Learning for Intrusion Detection. In: Tuyls, K., Nowe, A., Guessoum, Z. and Kudenko, D., Eds., Adaptive Agents and Multi-Agent Systems III, Springer, 211-223. https://doi.org/10.1007/978-3-540-77949-0_15 |
| [6] | Servin, A. and Kudenko, D. (2008) Multi-Agent Reinforcement Learning for Intrusion Detection: A Case Study and Evaluation. In: Bergmann, R., Lindemann, G., Kirn, S. and Pěchouček, M., Eds., Multiagent System Technologies, Springer, 159-170. https://doi.org/10.1007/978-3-540-87805-6_15 |
| [7] | Cao, H. (2024) The Detection of Abnormal Behavior by Artificial Intelligence Algorithms under Network Security. IEEE Access, 12, 118605-118617. https://doi.org/10.1109/access.2024.3436541 |
