面向不平衡数据的网络流量异常检测方法

doi:10.16182/j.issn1004731x.joss.19-0573

系统仿真学报 ›› 2021, Vol. 33 ›› Issue (3): 679-689.doi: 10.16182/j.issn1004731x.joss.19-0573

• 仿真支撑平台/系统技术 • 上一篇下一篇

面向不平衡数据的网络流量异常检测方法

董书琴^1,2, 张斌^1,2

1.战略支援部队信息工程大学,河南郑州 450001;
2.河南省信息安全重点实验室,河南郑州 450001

收稿日期:2019-11-01 修回日期:2020-01-17 出版日期:2021-03-18 发布日期:2021-03-18
作者简介:董书琴(1990-),男,博士,讲师,研究方向为网络安全态势感知。E-mail：dongshuqin377@126.com
基金资助:
河南省基础与前沿技术研究计划(142300413201),信息工程大学新兴科研方向培育基金(2016604703),信息工程大学科研团队发展基金(2019f3303)

Network Traffic Anomaly Detection Method for Imbalanced Data

Dong Shuqin^1,2, Zhang Bin^1,2

1. SSF Information Engineering University, Zhengzhou 450001, China;
2. Henan Key Laboratory of Information Security, Zhengzhou 450001, China

Received:2019-11-01 Revised:2020-01-17 Online:2021-03-18 Published:2021-03-18

摘要/Abstract

摘要： 针对小流量攻击样本稀少导致特征提取准确性低进而影响检测性能的问题,提出一种面向不平衡数据的网络流量异常检测方法。设计流量异常检测模型：变换堆叠降噪自编码器(Stacked Denoising Autoencoder,SDA)激活函数、结构、噪声比例及dropout率,学习不同特征空间流量特征,解决单一空间小流量攻击特征提取准确性低的问题;设计批标准化算法,采用Adam算法训练SDA参数,提取多样性流量特征;联合所提特征对Softmax进行训练,提高小流量攻击检测精度。实验结果表明：相比随机森林、单SDA和现有特征融合方法,所提方法分类准确率和小流量攻击检测率较高,且检测性能稳定。

关键词: 异常检测, 不平衡流量分类, 深度学习, 堆叠降噪自编码器

Abstract: Aiming at the poor detection performances caused by the low feature extraction accuracy of rare traffic attacks from scarce samples, a network traffic anomaly detection method for imbalanced data is proposed. A traffic anomaly detection model is designed, in which the traffic features in different feature spaces are learned by alternating activation functions, architectures, corrupted rates and dropout rates of stacked denoising autoencoder (SDA), and the low accuracy in extracting features of rare traffic attacks in a single space is solved. A batch normalization algorithm is designed, and the Adam algorithm is adopted to train parameters of SDAs to extract multifarious traffic features. The Softmax classifier is trained by combining the extracted features, so that the rare traffic attacks can be detected with a high detection precision. The experimental results show that, compared with the methods based on random forest, single SDA and feature fusion, the proposed method has higher classification accuracy, higher detection rate of rare traffic attacks and the detection performances are stable.

Key words: anomaly detection, imbalanced traffic classification, deep learning, stacked denoising autoencoder

中图分类号:

TP393
TP391

董书琴, 张斌. 面向不平衡数据的网络流量异常检测方法[J]. 系统仿真学报, 2021, 33(3): 679-689.

Dong Shuqin, Zhang Bin. Network Traffic Anomaly Detection Method for Imbalanced Data[J]. Journal of System Simulation, 2021, 33(3): 679-689.

参考文献

[1] Maurya C, Toshniwal D, Venkoparao G.Online Anomaly Detection via Class-imbalance Learning[C]// 8th International Conference on Contemporary Computing. Piscataway, New Jersey, USA: IEEE, 2015: 30-35.
[2] Junsomboon N, Phienthrakul T.Combining Over-sampling and Under-sampling Techniques for Imbalance Dataset[C]// 9th International Conference on Machine Learning and Computing. New York, USA: ACM, 2017: 243-247.
[3] 任家东, 刘新倩, 王倩, 等. 基于KNN离群点检测和随机森林的多层入侵检测方法[J]. 计算机研究与发展, 2019, 56(3): 566-575.
Ren Jiadong, Liu Xinqian, Wang Qian, et al.A Multi-level Intrusion Detection Method based on KNN Outlier Detection and Random Forests[J]. Journal of Computer Research and Development, 2019, 56(3): 566-575.
[4] Aburomman A, Reaz M.A Survey of Intrusion Detection Systems based on Ensemble and Hybrid Classifiers[J]. Computer & Security (S0167-4048), 2017, 65: 135-152.
[5] Kim J, Han Y, Lee J.Particle Swarm Optimization-deep Belief Network-based Rare Class Prediction Model for Highly Class Imbalance Problem[J]. Concurrency and Computation: Practice & Experience (S1532-0626), 2017, 29(11): 1-11.
[6] Kwon D, Kim H, Kim J, et al.A Survey of Deep Learning-based Network Anomaly Detection[J]. Cluster Computing (S1386-7857), 2019, 22(s1): 949-961.
[7] Yu Y, Long J, Cai Z.Session-based Network Intrusion Detection Using a Deep Learning Architecture[C]// 14th International Conference on Modeling Decisions for Artificial Intelligence. Berlin, German: Springer, 2017: 144-155.
[8] Ng W, Zeng G, Zhang J, et al.Dual Autoencoders Features for Imbalance Classification Problem[J]. Pattern Recognition (S0031-3203), 2016, 60: 875-889.
[9] Kingma D, Ba J.Adam: A method for Stochastic Optimization[C]// 3rd International Conference for Learning Representations. New York, USA: arXiv, 2015.
[10] Canadian Institute for Cybersecurity. The NSL-KDD dataset [EB/OL].[2019-10-15]. https://www.unb.ca/cic/ datasets/ nsl.html.
[11] Vincent P, Larochelle H, Lajoie I, et al.Stacked Denoising Autoencoders: Learning Useful Representations in a Deep Network With a Local Denoising Criterion[J]. Journal of Machine Learning Research (S1532-4435), 2010, 11: 3371-3408.
[12] Liu M, Wu W, Gu Z, et al.Deep Learning based on Batch Normalization for P300 Signal Detection[J]. Neurocomputing (S0925-2312), 2018, 275: 288-297.
[13] 陈建廷, 向阳. 深度神经网络训练中梯度不稳定现象研究综述[J]. 软件学报, 2018, 29(7): 2071-2091.
Chen Jianting, Xiang Yang.Survey of Unstable Gradients in Deep Neural Networks Training[J]. Journal of Software, 2018, 29(7): 2071-2091.
[14] 谷丛丛, 王艳, 严大虎, 等. 基于自编码组合特征提取的分类方法研究[J]. 系统仿真学报, 2018, 30(11): 4132-4140.
Gu Congcong, Wang Yan, Yan Dahu, et al.Research on Classification based on Autoencoder Combination Features Extraction Method[J]. Journal of System Simulation, 2018, 30(11): 4132-4140.
[15] Qolomany B, Maabreh M, Al-Fuqaha A, et al.Parameters Optimization of deep Learning Models using Particle Swarm Optimization[C]// 13th International Wireless Communications and Mobile Computing Conference. Piscataway, New Jersey, USA: IEEE, 2017: 1285-1290.
[16] Li R, Xiao X, Ni S, et al.Byte Segment Neural Network for Network Traffic Classification[C]// IEEE/ACM 26th International Symposium on Quality of Service. Piscataway, New Jersey, USA: IEEE, 2018: 1-10.

面向不平衡数据的网络流量异常检测方法

Network Traffic Anomaly Detection Method for Imbalanced Data

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	康旭, 张晓峰. 基于生成对抗神经网络的雷达遥感数据增广方法[J]. 系统仿真学报, 2022, 34(4): 920-927.
[2]	秦婉亭, 老松杨, 汤俊, 卢聪. 基于变分自编码器的飓风轨迹异常检测方法[J]. 系统仿真学报, 2021, 33(9): 2191-2201.
[3]	林硕, 安磊, 高治军, 单丹, 尚文利. 结合栈式自编码及长短时记忆的入侵检测研究[J]. 系统仿真学报, 2021, 33(6): 1288-1296.
[4]	程文聪, 史小康, 王志刚. 基于生成对抗网络的仿真卫星云图生成方法[J]. 系统仿真学报, 2021, 33(6): 1297-1306.
[5]	吴定会, 祝志超, 韩欣宏. 基于BO-SDAE多源信号的风电机组轴承故障诊断[J]. 系统仿真学报, 2021, 33(5): 1148-1156.
[6]	王霄汉, 张霖, 任磊, 谢堃钰, 王昆玉, 叶飞, 陈真. 基于强化学习的车间调度问题研究简述[J]. 系统仿真学报, 2021, 33(12): 2782-2791.
[7]	王步维, 王敏, 范谦, 王雅男, 章涵文, 乐云亮. 基于深度学习的晶体性质预测研究[J]. 系统仿真学报, 2021, 33(12): 2854-2863.
[8]	刘轩, 李向阳, 何芳, 赵建伟, 张峰干. 基于空谱特征融合的高光谱RX异常检测方法[J]. 系统仿真学报, 2021, 33(12): 2891-2900.
[9]	冯晓, 张辉, 周蕊, 乔璐, 魏东, 李丹丹, 张玉尧, 郑国清. 基于深度学习和籽粒双面特征的玉米品种识别[J]. 系统仿真学报, 2021, 33(12): 2983-2991.
[10]	杜金莲, 李淑飞, 金雪云. 三维烟雾流场超分辨率数据生成网络模型的研究[J]. 系统仿真学报, 2021, 33(10): 2381-2389.
[11]	刘瑞军, 王向上, 张晨, 章博华. 基于深度学习的视觉SLAM综述[J]. 系统仿真学报, 2020, 32(7): 1244-1256.
[12]	宋晓瑞, 邹玲, 吴玲达, 徐万朋. 基于背景重建的高光谱图像异常检测[J]. 系统仿真学报, 2020, 32(7): 1287-1293.
[13]	阴敬方, 朱登明, 石敏, 王兆其. 基于引导对抗网络的人体深度图像修补方法[J]. 系统仿真学报, 2020, 32(7): 1312-1321.
[14]	戢晓峰, 戈艺澄. 基于深度学习的节假日高速公路交通流预测方法[J]. 系统仿真学报, 2020, 32(6): 1164-1171.
[15]	孔锐, 谢玮, 雷泰. 基于神经网络的图像描述方法研究[J]. 系统仿真学报, 2020, 32(4): 601-611.