|
Network intrusion detection has always been a pivotal area in the field of network security. This paper proposes a novel network intrusion detection model that integrates the K-means algorithm with multiple convolutional neural networks (Multi-CNNs). This model comprises two main modules: network attack learning and network attack recognition. The network attack learning module focuses on learning known traffic features. Initially, the K-means algorithm is utilized to cluster the traffic features. Subsequently, Multi-CNNs are constructed, each tailored to extract the spatial features of the data within its respective cluster. Through supervised learning, a corresponding relationship is established between the inputs and the attack patterns. The output of this module includes the K-means clustering centers and the trained CNN models, which serve as the foundation for network attack recognition. The network attack recognition module is responsible for detecting unknown traffic. Firstly, the unknown traffic features are assigned to their respective clusters according to the distance from them to the K-means clustering centers. Then, Multi-CNNs are employed to identify the attack pattern for each clustered feature independently. Finally, the detection outcomes from the Multi-CNNs are fused to achieve intrusion detection. The experimental results demonstrate that the integration of K-means clustering and Multi-CNNs can significantly enhance the performance of network intrusion detection. Specifically, for the UNSWNB15 and CICIDS2017 datasets, the proposed model achieves an improvement in F1-score by 11.11% and 0.27%, respectively, compared to the baseline model.
|
