基于样本增强的网络恶意流量智能检测方法

陈铁明; 金成强; 吕明琪; 朱添田

doi:10.11959/j.issn.1000-436x.2020122

您当前的位置：

首页 >

文章列表页 >

基于样本增强的网络恶意流量智能检测方法

学术论文 | 更新时间：2024-06-05

- 基于样本增强的网络恶意流量智能检测方法
- Intelligent detection method on network malicious traffic based on sample enhancement
- 通信学报 2020年41卷第6期页码：128-138
- 作者机构：
  
  浙江工业大学计算机科学与技术学院，浙江杭州 310023
- 作者简介：
  
  [ "陈铁明（1978- ），男，浙江诸暨人，博士，浙江工业大学教授、博士生导师，主要研究方向为网络空间安全、大数据分析" ]
  [ "金成强（1995- ），男，浙江温州人，浙江工业大学硕士生，主要研究方向为信息安全" ]
  [ "吕明琪（1981- ），男，浙江杭州人，博士，浙江工业大学副教授，主要研究方向为数据挖掘与普适计算" ]
  [ "朱添田（1992- ），男，浙江慈溪人，博士，浙江工业大学讲师，主要研究方向为网络安全、系统安全" ]
- 基金信息：
  
  国家自然科学基金资助项目(61202282);国家自然科学基金资助项目(61772026);国家自然科学基金资助项目(U1509214)
- DOI：10.11959/j.issn.1000-436x.2020122
  中图分类号： TP309
- 网络出版日期：2020-06，
  
  纸质出版日期：2020-06-25
- 稿件说明：
移动端阅览
陈铁明, 金成强, 吕明琪, 等. 基于样本增强的网络恶意流量智能检测方法[J]. 通信学报, 2020,41(6):128-138.

Tieming CHEN, Chengqiang JIN, Mingqi LYU, et al. Intelligent detection method on network malicious traffic based on sample enhancement[J]. Journal on communications, 2020, 41(6): 128-138.
陈铁明, 金成强, 吕明琪, 等. 基于样本增强的网络恶意流量智能检测方法[J]. 通信学报, 2020,41(6):128-138. DOI： 10.11959/j.issn.1000-436x.2020122.

Tieming CHEN, Chengqiang JIN, Mingqi LYU, et al. Intelligent detection method on network malicious traffic based on sample enhancement[J]. Journal on communications, 2020, 41(6): 128-138. DOI： 10.11959/j.issn.1000-436x.2020122.

摘要

为解决现有网络流量异常检测方法需要投喂大量数据且泛化能力较差的问题，提出了基于样本增强的网络恶意流量智能检测方法。所提方法从训练集中提取关键词，且基于关键词回避策略对训练集进行样本增强，提高了方法提取文本特征的能力。实验结果表明，所提方法通过小型训练数据集即可提高网络流量异常检测模型的准确率与跨数据集检测能力，相较于其他方法，在显著降低计算复杂度的同时得到了更佳的检测能力。

Abstract

To address the problem that the existing methods of network traffic anomaly detection not only need a large number of training sets

but also have poor generalization ability

an intelligent detection method on network malicious traffic based on sample enhancement was proposed.The key words were extracted from the training set and the sample of the training set was enhanced based on the strategy of key word avoidance

and the ability for the method to extract the text features from the training set was improved.The experimental results show that

the accuracy of network traffic anomaly detection model and cross dataset can be significantly improved by small training set.Compared with other methods

the proposed method can reduce the computational complexity and achieve better detection ability.

关键词

Keywords

references

谢逸 , 余顺争 . 基于Web用户浏览行为的统计异常检测 [J ] . 软件学报 , 2007 , 18 ( 4 ): 967 - 977 .

XIE Y , YU S Z . Anomaly detection based on Web users' browsing behaviors [J ] . Journal of Software , 2007 , 18 ( 4 ): 967 - 977 .

ZHANG X , ZHAO J , LECUN Y . Character-level convolutional networks for text classification [C ] // Advances in neural information processing systems . Massachusetts:MIT Press , 2015 : 649 - 657 .

LU X , ZHENG B , VELIVELLI A , et al . Enhancing text categorization with semantic-enriched representation and training data augmentation [J ] . Journal of the American Medical Informatics Association , 2006 , 13 ( 5 ): 526 - 535 .

ZOLOTUKHIN M , HÄMÄLÄINEN T , KOKKONEN T , . et al . Analysis of http requests for anomaly detection of Web attacks [C ] // 2014 IEEE 12th International Conference on Dependable,Autonomic and Secure Computing . Piscataway:IEEE Press , 2014 : 406 - 411 .

PARK S , KIM M , LEE S . Anomaly detection for HTTP using convolutional autoencoders [J ] . IEEE Access , 2018 , 6 : 70884 - 70901 .

YU Y , LIU G , YAN H , et al . Attention-based Bi-LSTM model for anomalous HTTP traffic detection [C ] // 2018 15th International Conference on Service Systems and Service Management . Piscataway:IEEE Press , 2018 : 1 - 6 .

YANG W , ZUO W , CUI B . Detecting malicious URLS via a keyword-based convolutional gated-recurrent-unit neural network [J ] . IEEE Access , 2019 , 7 : 29891 - 29900 .

ARZHAKOV A V , TROITSKIY S S , VASILYEV N P , et al . Development and implementation a method of detecting an attacker with use of HTTP network protocol [C ] // 2017 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering . Piscataway:IEEE Press , 2017 : 100 - 104 .

XU F , PAN H , CAO Z , et al . Identifying malware with HTTP content type inconsistency via header-payload comparison [C ] // 2017 IEEE 36th International Performance Computing and Communications Conference . Piscataway:IEEE Press, , 2017 : 1 - 7 .

TORRANO-GIMÉNEZ C , PEREZ-VILLEGAS A , ALVAREZ MARANÓN G . An anomaly-based approach for intrusion detection in Web traffic [J ] . Journal of Information Assurance Security , 2010 , 5 ( 4 ): 446 - 454 .

TAX D M J , DUIN R P W . Support vector data description [J ] . Machine learning , 2004 , 54 ( 1 ): 45 - 66 .

THANG T M , KIM J . The anomaly detection by using DBSCAN clustering with multiple parameters [C ] // 2011 International Conference on Information Science and Applications . Piscataway:IEEE Press , 2011 : 1 - 5 .

CHORAŚ M KOZIK R . Machine learning techniques applied to detect cyber attacks on Web applications [J ] . Logic Journal of the IGPL , 2015 , 23 ( 1 ): 45 - 56 .

KRUEGEL C , VIGNA G . Anomaly detection of Web-based attacks [C ] // Proceedings of the 10th ACM conference on Computer and communications security . New York:ACM Press , 2003 : 251 - 261 .

CORONA I , TRONCI R , GIACINTO G . SuStorID:a multiple classifier system for the protection of Web services [C ] // Proceedings of the 21st International Conference on Pattern Recognition . Piscataway:IEEE Press , 2012 : 2375 - 2378 .

RINGBERG H , SOULE A , REXFORD J , et al . Sensitivity of PCA for traffic anomaly detection [C ] // ACM SIGMETRICS Performance Evaluation Review . New York:ACM Press , 2007 , 35 ( 1 ): 109 - 120 .

AL-OBEIDAT F , EL-ALFY E S M . Hybrid multicriteria fuzzy classification of network traffic patterns,anomalies,and protocols [J ] . Personal and Ubiquitous Computing , 2019 , 23 ( 5-6 ): 777 - 791 .

ERFANI S M , RAJASEGARAR S , KARUNASEKERA S , et al . High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning [J ] . Pattern Recognition , 2016 , 58 : 121 - 134 .

DU M , LI F , ZHENG G , et al . Deeplog:anomaly detection and diagnosis from system logs through deep learning [C ] // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2017 : 1285 - 1298 .

ZHANG M , LU S , XU B . An anomaly detection method based on multi-models to detect Web attacks [C ] // 2017 10th International Symposium on Computational Intelligence and Design . Piscataway:IEEE Press , 2017 2 : 404 - 409 .

CRETU-CIOCARLIE G F , STAVROU A , LOCASTO M E , et al . Adaptive anomaly detection via self-calibration and dynamic updating [C ] // International Workshop on Recent Advances in Intrusion Detection . Berlin:Springer , 2009 : 41 - 60 .

WHITESON S , TANNER B , TAYLOR M E , et al . Protecting against evaluation overfitting in empirical reinforcement learning [C ] // 2011 IEEE symposium on adaptive dynamic programming and reinforcement learning . Piscataway:IEEE Press , 2011 : 120 - 127 .

JIN Y , XIE J , GUO W , et al . LSTM-CRF Neural Network With gated self-attention for Chinese NER [J ] . IEEE Access , 2019 , 7 : 136694 - 136703 .

KRIZHEVSKY A , SUTSKEVER I , HINTON G E . Imagenet classification with deep convolutional neural networks [C ] // Advances in neural information processing systems . Massachusetts:MIT Press , 2012 : 1097 - 1105 .

KIM Y . Convolutional neural networks for sentence classification [J ] . arXiv preprint arXiv:1408.5882 , 2014 : 1746 - 1751 .

LECUN Y , BOTTOU L , BENGIO Y , et al . Gradient-based learning applied to document recognition [J ] . Proceedings of the IEEE , 1998 , 86 ( 11 ): 2278 - 2324 .

HAN J , KAMBER M . Data mining:concepts and techniques [M ] . Berlin : Morgan Kaufmann PublishersPress , 2000 .

浏览量

1226

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

网络异常检测中的流量表示研究

基于机器学习的加密流量分类研究综述

面向代码重用检测的程序语义分析模型

工业互联网流量分析技术综述

基于SDN的物联网边缘节点间数据流零信任管理