A Real-Time and Ubiquitous Network Attack Detection Based on Deep Belief Network and Support Vector Machine

作     者：Hao Zhang Yongdan Li Zhihan Lv Arun Kumar Sangaiah Tao Huang Hao Zhang;Yongdan Li;Zhihan Lv;Arun Kumar Sangaiah;Tao Huang

作者机构：IEEE National Engineering Laboratory for Educational Big DataCentral China Normal UniversityWuhan 430072China Lanzhou Central Sub-branch of The People’s Bank of ChinaLanzhou 730000China School of Data Science and Software EngineeringQingdao UniversityQingdao 266071China School of Computing Science and EngineeringVellore Institute of Technology UniversityTamil Nadu 632014India 

出 版 物：《IEEE/CAA Journal of Automatica Sinica》 (自动化学报（英文版）)

年 卷 期：2020年第7卷第3期

页      面：790-799页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 0839[工学-网络空间安全] 081104[工学-模式识别与智能系统] 08[工学] 0835[工学-软件工程] 0811[工学-控制科学与工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by the National Key Research and Development Program of China(2017YFB1401300,2017YFB1401304) the National Natural Science Foundation of China(61702211,L1724007,61902203) Hubei Provincial Science and Technology Program of China(2017AKA191) the Self-Determined Research Funds of Central China Normal University(CCNU)from the Colleges’Basic Research(CCNU17QD0004,CCNU17GF0002) the Natural Science Foundation of Shandong Province(ZR2017QF015) the Key Research and Development Plan–Major Scientific and Technological Innovation Projects of Shandong Province(2019JZZY020101) 

主　　题：Deep belief network(DBN) flow calculation frequent pattern intrusion detection sliding window support vector machine(SVM) 

摘      要：In recent years, network traffic data have become larger and more complex, leading to higher possibilities of network intrusion. Traditional intrusion detection methods face difficulty in processing high-speed network data and cannot detect currently unknown attacks. Therefore, this paper proposes a network attack detection method combining a flow calculation and deep learning. The method consists of two parts: a real-time detection algorithm based on flow calculations and frequent patterns and a classification algorithm based on the deep belief network and support vector machine(DBN-SVM). Sliding window(SW) stream data processing enables real-time detection, and the DBN-SVM algorithm can improve classification accuracy. Finally, to verify the proposed method, a system is *** on the CICIDS2017 open source data set, a series of comparative experiments are conducted. The method s real-time detection efficiency is higher than that of traditional machine learning algorithms. The attack classification accuracy is 0.7 percentage points higher than that of a DBN, which is 2 percentage points higher than that of the integrated algorithm boosting and bagging methods. Hence, it is suitable for the real-time detection of high-speed network intrusions.