基于LSTM与改进残差网络优化的异常流量检测方法

麻文刚; 张亚东; 郭进

doi:10.11959/j.issn.1000-436x.2021109

您当前的位置：

首页 >

文章列表页 >

基于LSTM与改进残差网络优化的异常流量检测方法

学术论文 | 更新时间：2024-06-06

- 基于LSTM与改进残差网络优化的异常流量检测方法
- Abnormal traffic detection method based on LSTM and improved residual neural network optimization
- 通信学报 2021年42卷第5期页码：23-40
- 作者机构：
  
  西南交通大学信息科学与技术学院，四川成都 611756
- 作者简介：
  
  [ "麻文刚（1993- ），男，甘肃天水人，西南交通大学博士生，主要研究方向为通信系统、信息安全等" ]
  [ "张亚东（1983- ），男，河南商丘人，博士，西南交通大学讲师、硕士生导师，主要研究方向为系统可靠性与安全性理论、系统仿真测试等" ]
  [ "郭进（1960- ），男，四川成都人，博士，西南交通大学教授、博士生导师，主要研究方向为系统安全理论、安全苛求系统设计与验证等" ]
- 基金信息：
  
  国家自然科学基金资助项目(61703349);中央高校基本科研业务费专项资金资助项目(2682017CX101);中国铁路总公司科技研究开发计划课题基金资助项目(N2018G062);中国铁路总公司科技研究开发计划课题基金资助项目(K2018G011)
- DOI：10.11959/j.issn.1000-436x.2021109
  中图分类号： TP393.08
- 网络出版日期：2021-05，
  
  纸质出版日期：2021-05-25
- 稿件说明：
移动端阅览
麻文刚, 张亚东, 郭进. 基于LSTM与改进残差网络优化的异常流量检测方法[J]. 通信学报, 2021,42(5):23-40.

Wengang MA, Yadong ZHANG, Jin GUO. Abnormal traffic detection method based on LSTM and improved residual neural network optimization[J]. Journal on communications, 2021, 42(5): 23-40.
麻文刚, 张亚东, 郭进. 基于LSTM与改进残差网络优化的异常流量检测方法[J]. 通信学报, 2021,42(5):23-40. DOI： 10.11959/j.issn.1000-436x.2021109.

Wengang MA, Yadong ZHANG, Jin GUO. Abnormal traffic detection method based on LSTM and improved residual neural network optimization[J]. Journal on communications, 2021, 42(5): 23-40. DOI： 10.11959/j.issn.1000-436x.2021109.

摘要

传统的网络异常流量检测方法往往存在特征选择差与泛化能力较弱等缺陷，导致检测精度较低。为此，提出了一种基于长短记忆网络（LSTM）与改进残差神经网络优化的异常流量检测方法。首先分析网络流量特征，通过预处理来降低网络流量特征值的差异性；然后设计了一种三层堆叠LSTM网络来提取不同深度的网络流量特征；最后设计了一种带跳跃连接线的改进残差神经网络对LSTM进行优化，改善了深度神经网络中的过拟合与梯度消失等缺点，从而提高网络异常流量检测的准确率。实验表明，所提方法具有较高的训练准确率，数据处理的可视性效果较好，二分类和多分类下的分类准确率分别为 92.3%和 89.3%。与当前入侵检测方法相比，所提方法在精确率、召回率等参数最优时具有最低的误报率。在数据样本在遭到破坏时具有较强的稳健性，同时也具有较好的泛化能力。

Abstract

Problems such as a difficulty in feature selection and poor generalization ability were prone to occur when traditional method was exploited to detect abnormal network traffic.Therefore

an abnormal traffic detection method based on the long short term memory network (LSTM) and improved residual neural network optimization was proposed.Firstly

the features and attributes of network traffic were analyzed

and the variability of the feature values was reduced by preprocessing of network traffic.Then

a three-layer stacked LSTM network was designed to extract network traffic features of different depths.Moreover

the problem of weak adaptability of feature extraction was solved.Finally

an improved residual neural network with skipping connecting line was designed to optimize the LSTM.The defects of deep neural network such as overfitting and gradient vanishing were optimized.The accuracy of abnormal traffic detection was improved.Experimental results show that the proposed method has higher training accuracy and better visibility of data processing.The classification accuracy rates under two classifications and multiple classifications are 92.3% and 89.3%.It has the lowest false positive rate when the parameters such as precision rate and recall rate are optimal.Moreover

it has strong robustness when the sample is destroyed.Furthermore

better generalization ability can be achieved.

关键词

Keywords

references

张定华 , 胡祎波 , 曹国彦 , 等 . 面向工业网络通信安全的数据流特征分析 [J ] . 西北工业大学学报 , 2020 , 38 ( 1 ): 199 - 208 .

ZHANG D H , HU Y B , CAO G Y , et al . Dataflow feature analysis for industrial networks communication security [J ] . Journal of Northwestern Polytechnical University , 2020 , 38 ( 1 ): 199 - 208 .

李赛飞 , 闫连山 , 郭伟 , 等 . SD-SSDN:基于SDN架构的高速铁路信号系统安全数据网的安全管控研究 [J ] . 铁道学报 , 2018 , 40 ( 12 ): 81 - 92 .

LI S F , YAN L S , GUO W , et al . SD-SSDN:software-defined signal safety data network for high-speed railway systems [J ] . Journal of the China Railway Society , 2018 , 40 ( 12 ): 81 - 92 .

丁建文 , 宋甲英 , 林思雨 , 等 . 基于GPRS分组交换网络的CTCS-3级列控系统车地安全数据传输的可行性 [J ] . 中国铁道科学 , 2015 , 36 ( 3 ): 119 - 126 .

DING J W , SONG J Y , LIN S Y , et al . Feasibility of train-ground safe-ty data transmission for CTCS-3 train control system based on GPRS packet switching network [J ] . China Railway Science , 2015 , 36 ( 3 ): 119 - 126 .

李赛飞 , 闫连山 , 李洪赭 , 等 . 铁路通信网络安全的分析测试与可信防御研究 [J ] . 西南交通大学学报 , 2018 , 53 ( 6 ): 1130 - 1136 , 1149 .

LI S F , YAN L S , LI H Z , et al . Analysis and testing of network secu-rity for China railway communication networks and proposed archi-tecture based on trusted computing [J ] . Journal of Southwest Jiaotong University , 2018 , 53 ( 6 ): 1130 - 1136 , 1149 .

ZHANG X , ZHAO J B , LECUN Y . Character-level convolutional networks for text classification [C ] // Advances in Neural Information Processing Systems . Massachusetts:MIT Press , 2015 : 649 - 657 .

LU X H , ZHENG B , VELIVELLI A , et al . Enhancing text categorization with semantic-enriched representation and training data augmentation [J ] . Journal of the American Medical Informatics Association , 2006 , 13 ( 5 ): 526 - 535 .

PARK S , KIM M , LEE S . Anomaly detection for HTTP using convolutional autoencoders [J ] . IEEE Access , 2018 , 6 : 70884 - 70901 .

YU Y Q , LIU G , N YAN H B , et al . Attention-based Bi-LSTM model for anomalous HTTP traffic detection [C ] // 2018 15th International Conference on Service Systems and Service Management . Piscataway:IEEE Press , 2018 : 1 - 6 .

YANG W C , ZUO W , CUI B J . Detecting malicious URLs via a keyword-based convolutional gated-recurrent-unit neural network [J ] . IEEE Access , 2019 , 7 : 29891 - 29900 .

CHORAŚ M , KOZIK R . Machine learning techniques applied to detect cyber attacks on web applications [J ] . Logic Journal of the IGPL , 2015 , 23 ( 1 ): 45 - 56 .

KRUEGEL C , VIGNA G . Anomaly detection of Web-based attacks [C ] // Proceedings of the 10th ACM conference on Computer and Communications security . New York:ACM Press , 2003 : 251 - 261 .

CORONA I , TRONCI R , GIACINTO G . SuStorID:a multiple classifier system for the protection of Web services [C ] // Proceedings of the 21st International Conference on Pattern Recognition . Piscataway:IEEE Press , 2012 : 2375 - 2378 .

RINGBERG H , SOULE A , REXFORD J , et al . Sensitivity of PCA for traffic anomaly detection [C ] // ACM SIGMETRICS Performance Evaluation Review . New York:ACM Press , 2007 , 35 ( 1 ): 109 - 120 .

AL-OBEIDAT F , EL-ALFY E S M . Hybrid multicriteria fuzzy classification of network traffic patterns,anomalies,and protocols [J ] . Personal and Ubiquitous Computing , 2019 , 23 ( 5/6 ): 777 - 791 .

ERFANI S M , RAJASEGARAR S , KARUNASEKERA S , et al . High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning [J ] . Pattern Recognition , 2016 , 58 : 121 - 134 .

DU M , LI F F , ZHENG G N , et al . DeepLog:anomaly detection and diagnosis from system logs through deep learning [C ] // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2017 : 1285 - 1298 .

ZHANG M , LU S B , XU B Y . An anomaly detection method based on multi-models to detect web attacks [C ] // 2017 10th International Symposium on Computational Intelligence and Design . Piscataway:IEEE Press , 2017 : 404 - 409 .

高妮 , 高岭 , 贺毅岳 , 等 . 基于自编码网络特征降维的轻量级入侵检测模型 [J ] . 电子学报 , 2017 , 45 ( 3 ): 730 - 739 .

GAO N , GAO L , HE Y Y , et al . A lightweight intrusion detection model based on autoencoder network with feature reduction [J ] . Acta Electronica Sinica , 2017 , 45 ( 3 ): 730 - 739 .

ALRAWASHDEH K , PURDY C . Toward an online anomaly intrusion detection system based on deep learning [C ] // 2016 15th IEEE International Conference on Machine Learning and Applications . Piscataway:IEEE Press , 2016 : 195 - 200 .

李艳霞 , 柴毅 , 胡友强 , 等 . 不平衡数据分类方法综述 [J ] . 控制与决策 , 2019 , 34 ( 4 ): 673 - 688 .

LI Y X , CHAI Y , HU Y Q , et al . Review of imbalanced data classifica-tion methods [J ] . Control and Decision , 2019 , 34 ( 4 ): 673 - 688 .

陈建廷 , 向阳 . 深度神经网络训练中梯度不稳定现象研究综述 [J ] . 软件学报 , 2018 , 29 ( 7 ): 2071 - 2091 .

CHEN J T , XIANG Y . Survey of unstable gradients in deep neural network training [J ] . Journal of Software , 2018 , 29 ( 7 ): 2071 - 2091 .

DAS T K , ADEPU S , ZHOU J Y . Anomaly detection in industrial control systems using logical analysis of data [J ] . Computers ＆ Security , 2020 , 96 : 101935 .

宋勇 , 侯冰楠 , 蔡志平 . 基于深度学习特征提取的网络入侵检测方法 [J ] . 华中科技大学学报(自然科学版) , 2021 , 49 ( 2 ): 115 - 120 .

SONG Y , HOU B N , CAI Z P . Network intrusion detection method based on deep learning feature extraction [J ] . Journal of Huazhong University of Science and Technology (Natural Science Edition) , 2021 , 49 ( 2 ): 115 - 120 .

张兴兰 , 尹晟霖 . 可变融合的随机注意力胶囊网络入侵检测模型 [J ] . 通信学报 , 2020 , 41 ( 11 ): 160 - 168 .

ZHANG X L , YIN S L . Intrusion detection model of random attention capsule network based on variable fusion [J ] . Journal on Communica-tions , 2020 , 41 ( 11 ): 160 - 168 .

YANG J , LIANG G , LI B B , et al . A deep-learning- and reinforcement-learning-based system for encrypted network malicious traffic detection [J ] . Electronics Letters , 2021 , 57 ( 9 ): 363 - 365 .

浏览量

1476

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于多尺度注意力特征增强的异常流量检测方法

基于深度学习的SDN异常流量分布式检测方法

基于活跃熵的网络异常流量检测方法

防抖动的M-MULTOPS结构在网络异常流量检测中的应用