基于1DCNN-BiGRU 和改进特征选择的网络入侵检测方法

冯雪佳; 郭崇; 朱宏博

doi:10.3969/j.issn.1003-1251.2026.04.004

沈阳理工大学学报 ›› 2026, Vol. 45 ›› Issue (4) : 27 -34. DOI: 10.3969/j.issn.1003-1251.2026.04.004

研究论文

基于1DCNN-BiGRU 和改进特征选择的网络入侵检测方法

作者信息 +

Network Intrusion Detection Method Based on 1DCNN-BiGRU and Improved Feature Selection

Author information +

文章历史 +

PDF (1139K)

摘要

现有网络入侵检测方法因数据类别分布不均衡、特征冗余等问题而导致其多分类检测准确率较低，为此提出一种基于一维卷积神经网络—双向门控循环单元（1 DCNN-BiGRU）和改进特征选择的网络入侵检测方法。在数据预处理阶段，引入合成少数类过采样技术（SMOTE）提高模型对少数类别特征的识别能力，采用信息增益方法和随机森林算法进行特征选择，选取对分类任务具有关键作用的特征；在模型训练阶段，先采用 1 DCNN 提取局部关联特征，并引入多头自注意力机制，从全局视角捕获数据中不同位置元素之间的依赖关系，再通过 BiGRU 提取数据中的长距离时序关联特征，最后使用 Softmax 分类器实现多分类检测。实验结果表明，本文模型在 NSL-KDD 数据集和 UNSW-NB15 数据集上的多分类准确率分别达到 99.65% 和 84.83% ，较其他几种用于对比的主流入侵检测模型更具优势。

Abstract

Existing network intrusion detection methods often exhibit low multiclass detection accuracy due to imbalanced class distributions and redundant features.To address these issues，we propose a network intrusion detection method based on a one-dimensional convolutional neural network combined with a bidirectional gated recurrent unit（1 DCNN-BiGRU）and an improved feature-selection scheme.In the data preprocessing stage，the synthetic minority over-sampling technique （SMOTE）is employed to enhance the model’s ability to recognize minority classes.Feature selection is carried out using an information-gain criterion together with a random forest algorithm to identify features that are most important for the classification task.During model training，a 1DCNN is first used to extract local correlation features；a multi-head self-attention mechanism is then incorporated to capture dependencies among elements at different positions from a global perspective；subsequently，a BiGRU is applied to model long-range temporal dependencies in the data.Finally，a Softmax classifier is used to perform multiclass detection.Experimental results show that the proposed model achieves multiclass accuracies of 99.65% on the NSL-KDD dataset and 84.83% on the UNSW-NB15 dataset，demonstrating superior performance compared with several mainstream baseline intrusion-detection models.

关键词

网络入侵检测 / 卷积神经网络 / 双向门控循环单元 / 多头自注意力机制 / 随机森林

Key words

network intrusion detection / convolutional neural networks / bidirectional gated recurrent unit / multi-head self-attention mechanism / random forest

引用本文

引用格式 ▾

[Author(id=1273280978131333265, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, orderNo=0, firstName=null, middleName=null, lastName=null, nameCn=null, orcid=null, stid=null, country=null, authorPic=null, dead=0, email=null, emailSecond=null, emailThird=null, correspondingAuthor=0, authorType=1, ext={EN=AuthorExt(id=1273280978215219347, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, authorId=1273280978131333265, language=EN, stringName=Xuejia FENG, firstName=Xuejia, middleName=null, lastName=FENG, prefix=null, suffix=null, authorComment=null, nameInitials=null, affiliation=null, department=null, xref=null, address=Shenyang Ligong University， Shenyang 110159， China, bio=null, bioImg=null, bioContent=null, aboutCorrespAuthor=null), CN=AuthorExt(id=1273280978265550996, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, authorId=1273280978131333265, language=CN, stringName=冯雪佳, firstName=null, middleName=null, lastName=null, prefix=null, suffix=null, authorComment=null, nameInitials=null, affiliation=null, department=null, xref=null, address=沈阳理工大学信息科学与工程学院，沈阳 110159, bio={"content":"

冯雪佳（2000—），女，硕士研究生。

"}, bioImg=null, bioContent=

冯雪佳（2000—），女，硕士研究生。

, aboutCorrespAuthor=null)}, companyList=[AuthorCompany(id=1273280978051641485, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, xref=null, ext=[AuthorCompanyExt(id=1273280978064224398, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, companyId=1273280978051641485, language=EN, country=null, province=null, city=null, postcode=null, companyName=null, departmentName=null, remark=Shenyang Ligong University， Shenyang 110159， China), AuthorCompanyExt(id=1273280978081001615, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, companyId=1273280978051641485, language=CN, country=null, province=null, city=null, postcode=null, companyName=null, departmentName=null, remark=沈阳理工大学信息科学与工程学院，沈阳 110159)])]), Author(id=1273280978315882646, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, orderNo=1, firstName=null, middleName=null, lastName=null, nameCn=null, orcid=null, stid=null, country=null, authorPic=null, dead=0, email=null, emailSecond=null, emailThird=null, correspondingAuthor=1, authorType=1, ext={EN=AuthorExt(id=1273280978382991512, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, authorId=1273280978315882646, language=EN, stringName=Chong GUO, firstName=Chong, middleName=null, lastName=GUO, prefix=null, suffix=null, authorComment=null, nameInitials=null, affiliation=null, department=null, xref=null, address=Shenyang Ligong University， Shenyang 110159， China, bio=null, bioImg=null, bioContent=null, aboutCorrespAuthor=null), CN=AuthorExt(id=1273280978441711769, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, authorId=1273280978315882646, language=CN, stringName=郭崇, firstName=null, middleName=null, lastName=null, prefix=null, suffix=null, authorComment=null, nameInitials=null, affiliation=null, department=null, xref=null, address=沈阳理工大学信息科学与工程学院，沈阳 110159, bio=null, bioImg=null, bioContent=null, aboutCorrespAuthor=null)}, companyList=[AuthorCompany(id=1273280978051641485, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, xref=null, ext=[AuthorCompanyExt(id=1273280978064224398, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, companyId=1273280978051641485, language=EN, country=null, province=null, city=null, postcode=null, companyName=null, departmentName=null, remark=Shenyang Ligong University， Shenyang 110159， China), AuthorCompanyExt(id=1273280978081001615, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, companyId=1273280978051641485, language=CN, country=null, province=null, city=null, postcode=null, companyName=null, departmentName=null, remark=沈阳理工大学信息科学与工程学院，沈阳 110159)])]), Author(id=1273280978525597851, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, orderNo=2, firstName=null, middleName=null, lastName=null, nameCn=null, orcid=null, stid=null, country=null, authorPic=null, dead=0, email=null, emailSecond=null, emailThird=null, correspondingAuthor=0, authorType=1, ext={EN=AuthorExt(id=1273280978601095325, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, authorId=1273280978525597851, language=EN, stringName=Hongbo ZHU, firstName=Hongbo, middleName=null, lastName=ZHU, prefix=null, suffix=null, authorComment=null, nameInitials=null, affiliation=null, department=null, xref=null, address=Shenyang Ligong University， Shenyang 110159， China, bio=null, bioImg=null, bioContent=null, aboutCorrespAuthor=null), CN=AuthorExt(id=1273280978655621278, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, authorId=1273280978525597851, language=CN, stringName=朱宏博, firstName=null, middleName=null, lastName=null, prefix=null, suffix=null, authorComment=null, nameInitials=null, affiliation=null, department=null, xref=null, address=沈阳理工大学信息科学与工程学院，沈阳 110159, bio=null, bioImg=null, bioContent=null, aboutCorrespAuthor=null)}, companyList=[AuthorCompany(id=1273280978051641485, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, xref=null, ext=[AuthorCompanyExt(id=1273280978064224398, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, companyId=1273280978051641485, language=EN, country=null, province=null, city=null, postcode=null, companyName=null, departmentName=null, remark=Shenyang Ligong University， Shenyang 110159， China), AuthorCompanyExt(id=1273280978081001615, tenantId=1045748351789510663, journalId=1155139928303341618, articleId=1271784230477038412, companyId=1273280978051641485, language=CN, country=null, province=null, city=null, postcode=null, companyName=null, departmentName=null, remark=沈阳理工大学信息科学与工程学院，沈阳 110159)])])] 冯雪佳,郭崇,朱宏博. 基于1DCNN-BiGRU 和改进特征选择的网络入侵检测方法[J]. 沈阳理工大学学报, 2026, 45(4): 27-34 DOI:10.3969/j.issn.1003-1251.2026.04.004

登录浏览全文

4963

注册一个新账户忘记密码

参考文献

原文顺序 | 出版日期 | 本文引用

[1]	王玉芳, 杨怀洲. 基于深度学习的网络人侵检测综述[J]. 无线互联科技, 2024, 21(7):122-124.

[2]	Wang Y F, Yang H Z. Review of network intrusion detection based on deep learning[J]. Wireless Internet Science and Technology, 2024, 21(7):122-124. (in Chinese)

[3]	Wang L X, Yang J H, Xu X H, et al. Mining network traffic with the kmeans clustering algorithm for stepping-stone intrusion detection[J]. Wireless Communications and Mobile Computing, 2021, 2021:6632671.

[4]	Qazi E U H, Almorjan A, Zia T. A one-dimensional convolutional neural network(1D-CNN)based deep learning system for network intrusion detection[J]. Applied Sciences, 2022, 12(16):7986.

[5]	黄迎春, 任国杰. 基于PER-PPO2的人侵检测技术[J]. 沈阳理工大学学报, 2024, 43(5):7-13.

[6]	Huang Y C, Ren G J. Intrusion detection technology based on PER-PPO2[J]. Journal of Shenyang Ligong University, 2024, 43(5):7-13. (in Chinese)

[7]	Albasheer F O, Haibatti R R, Agarwal M, et al. A novel IDS based on Jaya optimizer and SMOTE-ENN for cyberattacks detection[J]. IEEE Access, 2024, 12:101506-101527.

[8]	Dash N, Chakravarty S, Rath A K, et al. An optimized LSTM-based deep learning model for anomaly network intrusion detection[J]. Scientific Reports, 2025, 15(1):1554.

[9]	Cui J Y, Zong L S, Xie J H, et al. A novel multi-module integrated intrusion detection system for high-dimensional imbalanced data[J]. Applied Intelligence, 2023, 53(1):272-288.

[10]	Zhang J Q, Zhang X, Liu Z J, et al. A network intrusion detection model based on BiLSTM with multi-head attention mechanism[J]. Electronics, 2023, 12(19):4170.

[11]	Sinha J, Manollas M. Efficient deep CNN-BiLSTM model for network intrusion detection[C]//Proceedings of the 2020 3rd International Conference on Artificial Intelligence and Pattern Recognition.Xiamen,China:ACM,2020:223-231.

[12]	Al-Turaiki I, Altwaijry N. A convolutional neural network for improved anomaly-based network intrusion detection[J]. Big Data, 2021, 9(3):233-252.

[13]	Nguyen T A, Le L T, Nguyen T D, et al. Federated PCA on Grassmann manifold for IoT anomaly detection[J]. IEEE/ACM Transactions on Networking, 2024, 32 (5):4456-4471.

[14]	Wang Y, Yang G C, Li S B, et al. Arrhythmia classification algorithm based on multi-head self-attention mechanism[J]. Biomedical Signal Processing and Control, 2023, 79:104206.

[15]	Yin Y H, Jang-Jaccard J, Xu W, et al. IGRF-RFE:a hybrid feature selection method for MLP-based network intrusion detection on UNSW-NB15 dataset[J]. Journal of Big Data, 2023, 10(1):15.

[16]	Su T T, Sun H Z, Zhu J Q, et al. BAT:deep learning methods on network intrusion detection using NSL-KDD dataset[J]. IEEE Access, 2020, 8:29575-29585.

[17]	Kasongo S M, Sun Y X. Performance analysis of intrusion detection systems using a feature selection method on the UNSW-NB15 dataset[J]. Journal of Big Data, 2020, 7 (1):105.