Network Traffic Anomaly Detection Method for Imbalanced Data

doi:10.16182/j.issn1004731x.joss.19-0573

Abstract

Abstract: Aiming at the poor detection performances caused by the low feature extraction accuracy of rare traffic attacks from scarce samples, a network traffic anomaly detection method for imbalanced data is proposed. A traffic anomaly detection model is designed, in which the traffic features in different feature spaces are learned by alternating activation functions, architectures, corrupted rates and dropout rates of stacked denoising autoencoder (SDA), and the low accuracy in extracting features of rare traffic attacks in a single space is solved. A batch normalization algorithm is designed, and the Adam algorithm is adopted to train parameters of SDAs to extract multifarious traffic features. The Softmax classifier is trained by combining the extracted features, so that the rare traffic attacks can be detected with a high detection precision. The experimental results show that, compared with the methods based on random forest, single SDA and feature fusion, the proposed method has higher classification accuracy, higher detection rate of rare traffic attacks and the detection performances are stable.

Key words: anomaly detection, imbalanced traffic classification, deep learning, stacked denoising autoencoder

CLC Number:

TP393
TP391

Dong Shuqin, Zhang Bin. Network Traffic Anomaly Detection Method for Imbalanced Data[J]. Journal of System Simulation, 2021, 33(3): 679-689.

References

[1] Maurya C, Toshniwal D, Venkoparao G.Online Anomaly Detection via Class-imbalance Learning[C]// 8th International Conference on Contemporary Computing. Piscataway, New Jersey, USA: IEEE, 2015: 30-35.
[2] Junsomboon N, Phienthrakul T.Combining Over-sampling and Under-sampling Techniques for Imbalance Dataset[C]// 9th International Conference on Machine Learning and Computing. New York, USA: ACM, 2017: 243-247.
[3] 任家东, 刘新倩, 王倩, 等. 基于KNN离群点检测和随机森林的多层入侵检测方法[J]. 计算机研究与发展, 2019, 56(3): 566-575.
Ren Jiadong, Liu Xinqian, Wang Qian, et al.A Multi-level Intrusion Detection Method based on KNN Outlier Detection and Random Forests[J]. Journal of Computer Research and Development, 2019, 56(3): 566-575.
[4] Aburomman A, Reaz M.A Survey of Intrusion Detection Systems based on Ensemble and Hybrid Classifiers[J]. Computer & Security (S0167-4048), 2017, 65: 135-152.
[5] Kim J, Han Y, Lee J.Particle Swarm Optimization-deep Belief Network-based Rare Class Prediction Model for Highly Class Imbalance Problem[J]. Concurrency and Computation: Practice & Experience (S1532-0626), 2017, 29(11): 1-11.
[6] Kwon D, Kim H, Kim J, et al.A Survey of Deep Learning-based Network Anomaly Detection[J]. Cluster Computing (S1386-7857), 2019, 22(s1): 949-961.
[7] Yu Y, Long J, Cai Z.Session-based Network Intrusion Detection Using a Deep Learning Architecture[C]// 14th International Conference on Modeling Decisions for Artificial Intelligence. Berlin, German: Springer, 2017: 144-155.
[8] Ng W, Zeng G, Zhang J, et al.Dual Autoencoders Features for Imbalance Classification Problem[J]. Pattern Recognition (S0031-3203), 2016, 60: 875-889.
[9] Kingma D, Ba J.Adam: A method for Stochastic Optimization[C]// 3rd International Conference for Learning Representations. New York, USA: arXiv, 2015.
[10] Canadian Institute for Cybersecurity. The NSL-KDD dataset [EB/OL].[2019-10-15]. https://www.unb.ca/cic/ datasets/ nsl.html.
[11] Vincent P, Larochelle H, Lajoie I, et al.Stacked Denoising Autoencoders: Learning Useful Representations in a Deep Network With a Local Denoising Criterion[J]. Journal of Machine Learning Research (S1532-4435), 2010, 11: 3371-3408.
[12] Liu M, Wu W, Gu Z, et al.Deep Learning based on Batch Normalization for P300 Signal Detection[J]. Neurocomputing (S0925-2312), 2018, 275: 288-297.
[13] 陈建廷, 向阳. 深度神经网络训练中梯度不稳定现象研究综述[J]. 软件学报, 2018, 29(7): 2071-2091.
Chen Jianting, Xiang Yang.Survey of Unstable Gradients in Deep Neural Networks Training[J]. Journal of Software, 2018, 29(7): 2071-2091.
[14] 谷丛丛, 王艳, 严大虎, 等. 基于自编码组合特征提取的分类方法研究[J]. 系统仿真学报, 2018, 30(11): 4132-4140.
Gu Congcong, Wang Yan, Yan Dahu, et al.Research on Classification based on Autoencoder Combination Features Extraction Method[J]. Journal of System Simulation, 2018, 30(11): 4132-4140.
[15] Qolomany B, Maabreh M, Al-Fuqaha A, et al.Parameters Optimization of deep Learning Models using Particle Swarm Optimization[C]// 13th International Wireless Communications and Mobile Computing Conference. Piscataway, New Jersey, USA: IEEE, 2017: 1285-1290.
[16] Li R, Xiao X, Ni S, et al.Byte Segment Neural Network for Network Traffic Classification[C]// IEEE/ACM 26th International Symposium on Quality of Service. Piscataway, New Jersey, USA: IEEE, 2018: 1-10.