ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2020, Vol. 57 ›› Issue (4): 791-802.doi: 10.7544/issn1000-1239.2020.20190880

所属专题: 2020数据驱动网络专题

• 网络技术 • 上一篇    下一篇

基于半监督学习的无线网络攻击行为检测优化方法

王婷1,2,王娜3,崔运鹏1,2,李欢1,2   

  1. 1(中国农业科学院农业信息研究所 北京 100081);2(农业农村部农业大数据重点实验室(中国农业科学院农业信息研究所) 北京 100081);3(96962部队 北京 102206) (wangting01@caas.cn)
  • 出版日期: 2020-04-01
  • 基金资助: 
    国家自然科学基金项目(61672101);中国农业科学院基本科研业务费院级项目(Y2020XC15)

The Optimization Method of Wireless Network Attacks Detection Based on Semi-Supervised Learning

Wang Ting1,2, Wang Na3, Cui Yunpeng1,2, Li Huan1,2   

  1. 1(Agricultural Information Institute, Chinese Academy of Agricultural Sciences, Beijing 100081);2(Key Laboratory of Big Agri-Data (Agricultural Information Institute, Chinese Academy of Agricultural Sciences), Ministry of Agriculture and Rural Areas, Beijing 100081);3(Unit 96962, Beijing 102206)
  • Online: 2020-04-01
  • Supported by: 
    This work was supported by the National Natural Science Foundation of China (61672101) and the Fundamental Research Funds of Chinese Academy of Agricultural Sciences (Y2020XC15).

摘要: 针对如何优化深度学习技术在海量高维复杂的无线网络流量数据中有效发现异常攻击行为的问题,提出一种基于半监督学习的无线网络攻击行为检测优化方法(WiFi network attacks detection optimization method, WiFi-ADOM).首先基于无监督学习模型栈式稀疏自编码器提出2种网络流量特征表示向量:新特征值向量和原始特征权重值向量.然后利用原始特征权重值向量初始化监督学习模型深度神经网络的权重值得到网络攻击类型的预判结果,并通过无监督学习聚类方法Bi-kmeans对网络流量的新特征值向量进行聚类以生成未知攻击类型判别纠正项.最后结合预判结果和未知攻击类型判别纠正项,得到网络攻击类型的最终判定结果.通过和已有研究方法对比,在公开无线网络攻击行为数据集AWID上验证了WiFi-ADOM方法对网络攻击行为检测的优化性能,同时探索了与网络攻击检测相关的重要特征属性的问题.实验结果表明:WiFi-ADOM方法在保证准确率等检测性能的同时能够有效检测未知攻击类型,具备优化网络攻击行为检测的能力.

关键词: 网络攻击行为检测, 网络入侵检测, 半监督学习, 深度学习, Bi-kmeans聚类

Abstract: Aiming to optimize the attacks detection in high-dimensional and complex wireless network traffic data with deep learning technology, this paper proposed a WiFi-ADOM (WiFi network attacks detection optimization method) based on semi-supervised learning. Firstly, based on stacked sparse auto-encoder (SSAE), which is an unsupervised learning model, two types of network traffic feature representation vectors are proposed: new feature value vector and original feature weight value vector. Then, the original feature weight value vector is used to initialize the weight value of the supervised learning model deep neural network to obtain the preliminary result of the attack type, and the unsupervised learning clustering method Bi-kmeans is used to produce the corrective term for unknown attacks discrimination with the new feature value vectors. Finally, the preliminary result of the attack type and the corrective term of the unknown attacks discrimination are combined to obtain the final result of the attack type. Compared with the existing attacks detection methods with the public wireless network traffic data set AWID, the optimal performance of the method of WiFi-ADOM for network attacks detection is verified. At the same time, the importance of features in network attacks detection is explored. The results show that the method of WiFi-ADOM can effectively detect unknown attacks while ensuring detection performance.

Key words: network attacks detection, network intrusion detection, semi-supervised learning, deep learning, Bi-kmeans clustering

中图分类号: