This project is my final thesis work titled "Research on Intrusion Detection System Based on Deep Reinforcement Learning." The goal is to reproduce and extend the latest research [1] on intrusion detection systems using deep reinforcement learning by implementing an intrusion detection system based on Deep Q Network (DQN).
- Implemented DQN-based binary classification for traffic detection:
- Single-class detection of DDoS traffic versus benign traffic
- Single-class detection of PortScan traffic versus benign traffic
- Single-class detection of attack traffic (including multiple attack types) versus benign traffic
- Developed a DQN-based multi-class classification model for detecting various types of attack traffic
The dataset used in this project is CICIDS2017, proposed by the Canadian Institute for Cybersecurity, which is widely used for evaluating intrusion detection systems [2]. Due to the dataset's size, only a subset was used in the experiments. The preprocessed data is compressed and stored on OSS and can be accessed and downloaded via this link🔗.
3.6.4
- tensorflow == 1.15.4
- pandas == 0.23.0
- numpy == 1.16.0
- keras == 2.2.4
- scikit-learn == 0.19.1
- matplotlib == 2.2.2
本项目为本人的毕设课题《基于深度强化学习的入侵检测系统研究与实现》,本课题对基于深度强化学习的入侵检测系统最新研究工作[1]进行复现,实现一个基于深度Q网络(Deep Q Network, DQN)的入侵检测系统。
- 实现基于DQN算法的单分类流量检测
- 对DDoS流量和良性流量进行单分类检测
- 对PortScan流量和良性流量进行单分类检测
- 对攻击流量(包含多种攻击类型)和良性流量进行单分类检测
- 实现基于DQN算法的多分类攻击流量检测
本课题采用的是加拿大网络安全研究所提出的用于评估入侵检测系统的数据集CICIDS2017[2]。 由于数据集较大,实验时只采取了部分数据,数据预处理后压缩存放在oss上,可通过该链接🔗进行访问下载。
3.6.4
- tensorflow == 1.15.4
- pandas == 0.23.0
- numpy == 1.16.0
- keras == 2.2.4
- scikit-learn == 0.19.1
- matplotlib == 2.2.2