| 337 | 5 | 5 |
| 下载次数 | 被引频次 | 阅读次数 |
聚焦传统基于统计、信息论和机器学习的异常流量检测方法存在依赖专家经验、准确度较低、误报率高和泛化能力不足等问题,提出了一种基于堆叠稀疏自编码器(Stacked Sparse Auto-Encoder, SSAE)和双向LSTM模型的异常流量检测方法,基于SSAE进行流量数据特征提取,改变了之前全部依赖专家知识数据库的做法,从根本上避免人的主观性,提高流量数据的真实性和客观性;将双向LSTM模型提取的局部时序信息和使用多头注意力机制提取的全局信息相融合,详细阐述了模型构建过程和算法设计核心步骤;通过设计典型场景,选取数据集和准确率、召回率以及F1评分评估指标,验证所设计模型算法的精准度和鲁棒性。实验结果表明,提高了异常流量的检测精度,增强了模型泛化能力,对异常攻击和资源优化调控具有辅助决策作用。
Abstract:Traditional network traffic anomaly detection methods based on statistics, information theory and machine learning have problems such as dependence on expert experience, low accuracy, high false alarm rate and insufficient generalization ability. Therefore, a network traffic anomaly detection method based on Stacked Sparse Auto-Encoder(SSAE) and bidirectional LSTM is proposed. SSAE is used to extract features without relying on expert knowledge database to avoid subjectivity and improve the authenticity and objectivity of the data. The local time series information extracted by the bidirectional LSTM and the global information extracted by the multi-head attention mechanism are fused. The model construction and core algorithm design is detailed described. The typical scene is designed and datasets, accuracy, recall rate and F1-score indexes are selected to verify the accuracy and robustness of the designed model. The results show that the traffic anomaly detection accuracy is improved and the generalization ability of the model is enhanced, which play a good role in the defense of malicious attacks and resource optimization control.
[1] 李蕊,张路桥,李海峰,等.基于熵的网络异常流量检测研究综述[J].计算机系统应用,2017,26(6):36-39.
[2] 黎佳玥,赵波,李想,等.基于深度学习的网络流量异常预测方法[J].计算机工程与应用,2020,56(6):39-50.
[3] 董书琴,张斌.基于深度特征学习的网络流量异常检测方法[J].电子与信息学报,2020,42(3):695-703.
[4] 董卫宇,李海涛,王瑞敏,等.基于堆叠卷积注意力的网络流量异常检测模型[J].计算机工程,2022,48(9):12-19.
[5] 宣萍,房朝辉,丁宏.基于自注意力机制的网络流量异常检测方法[J].安徽大学学报(自然科学版),2023,47(1):24-28.
[6] WU G,ZHAO Z,FU G,et al.A Fast kNN-based Approach for Time Sensitive Anomaly Detection over Data Streams[C]// International Conference on Computational Science.Faro:Springer,2019:59-74.
[7] LEI M,LI X,CAI B,et al.P-DNN:An Effective Intrusion Detection Method Based on Pruning Deep Neural Network[C]//2020 International Joint Conference on Neural Networks (IJCNN).Glasgow:IEEE,2020:1-9.
[8] 段雪源,付钰,王坤,等.基于多尺度特征的网络流量异常检测方法[J].通信学报,2022,43(10):65-76.
[9] 黎文伟,岳子乔,王涛.基于MeAEG-Net的异常流量检测方法研究[J].湖南大学学报(自然科学版),2023,50(2):63-73.
[10] 俞海亮,彭冬亮,谷雨.结合双层多头自注意力和BiLSTM-CRF的军事武器实体识别[J].无线电工程,2022,52(5):775-782.
[11] 王宇昊,何彧,王铸.基于深度学习的文本到图像生成方法综述[J].计算机工程与应用,2022,58(10):50-67.
[12] 白云飞.基于LSTM的网络异常流量检测方法研究[D].哈尔滨:哈尔滨工程大学,2019.
[13] 皇甫雨婷.基于多头注意力的多特征网络异常流量检测与分类[D].上海:华东师范大学,2021.
[14] SHARAFALDIN I,LASHKARI A H,GHORBANI A A.Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization[C]// 4th International Conference on Information System Secure Privacy.Funchal:[s.n.],2018:108-116.
[15] HAN H,WANG W Y,MAO B H.Borderline-SMOTE:A New Over-sampling Method in Imbalanced Data Sets Learning[C]//International Conference on Intelligent Computing.Hefei:Springer,2005:878-887.
[16] MHAMDI L,MCLERNON D,EL-MOUSSA F,et al.A Deep Learning Approach Combining Autoencoder with One-class SVM For DDoS Attack Detection in SDNs[C]// 2020 IEEE Eighth International Conference on Communications and Networking (ComNet).Hammamet:IEEE,2019:1-6.
[17] SIVAMOHAN S,SRIDHAR S S,KRISHNAVENI S.An Effective Recurrent Neural Network (RNN) Based Intrusion Detection via Bi-directional Long Short-term Memory[C]// 2021 International Conference on Intelligent Technologies(CONIT).Hubli:IEEE,2021:1-5.
[18] 胡向东,张婷.基于时空融合深度学习的工业互联网异常流量检测方法[J].重庆邮电大学学报(自然科学版),2022,34(6):1056-1064.
[19] 彭会湘,刘光辉,陈韬亦,等.一种基于离散时间段的测运控数据异常检测方法[J].无线电工程,2021,51(6):458-469.
基本信息:
DOI:
中图分类号:TP393.08
引用信息:
[1]赵瑜,霍永华,黄伟等.基于双向LSTM模型的流量异常检测方法[J].无线电工程,2023,53(07):1712-1718.
基金信息:
网云融合基础设施资源智能管控技术研究~~