Jisuanji kexue (Sep 2021)

Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions

  • ZHANG Shi-peng, LI Yong-zhong

DOI
https://doi.org/10.11896/jsjkx.200500059
Journal volume & issue
Vol. 48, no. 9
pp. 345 – 351

Abstract

Read online

Intrusion detection plays a vital role in computer network security.Intrusion detection is one of the key technologies of network security and needs to be kept under constant attention.As the network environment becomes more and more complex,network intrusion behaviors gradually show diversified and intelligent characteristics,and network intrusion is also becoming more difficult to detect.And the research conducted in the field of network security is also an endless study.For the above reasons,people are worried about the feasibility and sustainability of the current method,specifically,it is difficult for current intrusion detection methods to perfectly abstract the features contained in intrusion behaviors,and most of the current intrusion detection methods perform poorly on unknown attacks.In response to these problems,we propose an intrusion detection method DAE-3WD based on denoising autoencoder and three-way decisions.We hope that our method can effectively promote the research on intrusion detection.This proposed methodextracts features from high-dimensional data through denoising autoencoder.Through multiple feature extractions,a multi-granular feature space can be constructed,and then an immediate decision on intrusive or no-rmal behavior is made based on the three-way decisions,and further analysis is required for suspected intrusion or normal beha-vior.Deep learning has superior hierarchical feature learning ability,and three-way decisions can avoid the risk of blind classification due to insufficient information.This method uses these characteristics to achieve the purpose of improving the performance of intrusion detection.The NSL-KDD data set is used in our experiments.The experiments prove that the proposed method can extract meaningful features and effectively improve the performance of intrusion detection.

Keywords