基于多尺度特征的网络流量异常检测方法

段雪源; 付钰; 王坤; 刘涛涛; 李彬

doi:10.11959/j.issn.1000-436x.2022195

您当前的位置：

首页 >

文章列表页 >

基于多尺度特征的网络流量异常检测方法

学术论文 | 更新时间：2024-06-05

- 基于多尺度特征的网络流量异常检测方法
- Network traffic anomaly detection method based on multi-scale characteristic
- 通信学报 2022年43卷第10期页码：65-76
- 作者机构：
  
  1. 海军工程大学信息安全系，湖北武汉 430033
  2. 信阳师范学院计算机与信息技术学院，河南信阳 464000
  3. 信阳师范学院河南省教育大数据分析与应用重点实验室，河南信阳 464000
  4. 信阳职业技术学院数学与信息工程学院，河南信阳 464000
- 作者简介：
  
  [ "段雪源（1981− ），男，河南开封人，海军工程大学博士生，主要研究方向为人工智能、信息处理、网络安全" ]
  [ "付钰（1982− ），女，湖北武汉人，博士，海军工程大学教授、博士生导师，主要研究方向为信息安全、人工智能" ]
  [ "王坤（1981− ），女，河南信阳人，海军工程大学博士生，主要研究方向为信息安全" ]
  [ "刘涛涛（1996− ），男，江西吉水人，海军工程大学博士生，主要研究方向为网络安全、网络信息对抗" ]
  [ "李彬（1998− ），男，湖南娄底人，海军工程大学硕士生，主要研究方向为信息安全、人工智能" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2018YFB0804104)
- DOI：10.11959/j.issn.1000-436x.2022195
  中图分类号： TP391
- 网络出版日期：2022-10，
  
  纸质出版日期：2022-10-25
- 稿件说明：
移动端阅览
段雪源, 付钰, 王坤, 等. 基于多尺度特征的网络流量异常检测方法[J]. 通信学报, 2022,43(10):65-76.

Xueyuan DUAN, Yu FU, Kun WANG, et al. Network traffic anomaly detection method based on multi-scale characteristic[J]. Journal on communications, 2022, 43(10): 65-76.
段雪源, 付钰, 王坤, 等. 基于多尺度特征的网络流量异常检测方法[J]. 通信学报, 2022,43(10):65-76. DOI： 10.11959/j.issn.1000-436x.2022195.

Xueyuan DUAN, Yu FU, Kun WANG, et al. Network traffic anomaly detection method based on multi-scale characteristic[J]. Journal on communications, 2022, 43(10): 65-76. DOI： 10.11959/j.issn.1000-436x.2022195.

摘要

摘要：针对传统的网络流量异常检测方法大都只关注流量数据的细粒度特征，对多尺度特征信息利用不充分，可能导致异常检测结果准确率不高的问题，提出了一种基于多尺度特征的网络流量异常检测方法。使用多个不同尺度的滑动窗口将原始流量划分为多个观察跨度的子序列，利用小波变换技术重构各个子序列的多层级序列，链式 SAE 通过特征空间映射生成多层级重构序列，各层级的分类器根据重构序列的误差进行异常的初步判定，采用加权投票策略对各层级的初步判定结果进行汇总，形成最终结果判定。实验结果表明，所提方法可有效挖掘网络流量的多尺度特征信息，对异常流量的检测性能较传统方法有明显提升。

Abstract

Aiming at the problem that most of the traditional network traffic anomaly detection methods only pay attention to the fine-grained features of traffic data

and make insufficient use of multi-scale feature information

which may lead to low accuracy of anomaly detection results

a network traffic anomaly detection method based on multi-scale features was proposed.The original traffic was divided into sub-sequences with multiple observation spans by using multiple sliding windows of different scales

and the multi-level sequences of each sub-sequence were reconstructed by wavelet transform technology.Multi-level reconstructed sequences were generated by Chain SAE through feature space mapping

and a preliminary judgment of abnormality was made by the classifiers of each level according to the errors of the reconstructed sequences.The weighted voting strategy was adopted to summarize the preliminary judgment results of each level to form the final result judgment.Experimental results show that the proposed method can effectively mine the multi-scale feature information of network traffic

and the detection performance of abnormal traffic is obviously improved compared with traditional methods.

关键词

Keywords

references

YUAN X Y , HE P , ZHU Q L , et al . Adversarial examples:attacks and defenses for deep learning [J ] . IEEE Transactions on Neural Networks and Learning Systems , 2019 , 30 ( 9 ): 2805 - 2824 .

张成磊 , 付玉龙 , 李晖 , 等 . 6G 网络安全场景分析及安全模型研究 [J ] . 网络与信息安全学报 , 2021 , 7 ( 1 ): 28 - 45 .

ZHANG C L , FU Y L , LI H , et al . Research on security scenarios and security models for 6G networking [J ] . Chinese Journal of Network and Information Security , 2021 , 7 ( 1 ): 28 - 45 .

AL-SANJARY O I , ROSLAN M A B , HELMI R A A , et al . Comparison and detection analysis of network traffic datasets using K-means clustering algorithm [J ] . Journal of Information ＆ Knowledge Management , 2020 , 19 ( 3 ): 2050026 .

PARMAR N , SHARMA A , JAIN H , et al . Email spam detection using nave Bayes and particle swarm optimization [J ] . 2020 , 6 ( 10 ): 367 - 373 .

李洪成 , 吴晓平 , 姜洪海 . 基于改进聚类分析的网络流量异常检测方法 [J ] . 网络与信息安全学报 , 2015 , 1 ( 1 ): 66 - 71 .

LI H C , WU X P , JIANG H H . Traffic anomaly detection method in networks based on improved clustering algorithm [J ] . Chinese Journal of Network and Information Security , 2015 , 1 ( 1 ): 66 - 71 .

VIJAYANAND R , DEVARAJ D , KANNAPIRAN B . Support vector machine based intrusion detection system with reduced input features for advanced metering infrastructure of smart grid [C ] // Proceedings of 4th International Conference on Advanced Computing and Communication Systems . Piscataway:IEEE Press , 2017 : 1 - 7 .

DA T , QU Y R , PRASANNA V K . Accelerating decision tree based traffic classification on FPGA and multicore platforms [J ] . IEEE Transactions on Parallel and Distributed Systems , 2017 , 28 ( 11 ): 3046 - 3059 .

JAIN M , KAUR G , SAXENA V . A K-Means clustering and SVM based hybrid concept drift detection technique for network anomaly detection [J ] . Expert Systems with Applications , 2022 ,193:116510.

KHAN M , WANG H Z , RIAZ A , et al . Bidirectional LSTM-RNNbased hybrid deep learning frameworks for univariate time series classification [J ] . The Journal of Supercomputing , 2021 , 77 ( 7 ): 7021 - 7045 .

GOODFELLOW I , BENGIO Y , et al . Deep learning [M ] . Cambridge : MIT Press , 2016 .

GOODFELLOW I J , POUGET-ABADIE J , MIRZA M , et al . Generative adversarial nets [C ] // Proceedings of the 27th International Conference on Neural Information Processing Systems . Massachusetts:MIT Press , 2014 : 2672 - 2680 .

KINGMA D P , WELLING M . Auto-encoding variational Bayes [J ] . Statistics , 2014 , 10 : 1 - 14 .

BRYNIELSSON J , SHARMA R . Detectability of low-rate HTTP server DoS attacks using spectral analysis [C ] // Proceedings of IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining . Piscataway:IEEE Press , 2015 : 954 - 961 .

何炎祥 , 曹强 , 刘陶 , 等 . 一种基于小波特征提取的低速率DoS检测方法 [J ] . 软件学报 , 2009 , 20 ( 4 ): 930 - 941 .

HE Y X , CAO Q , LIU T , et al . A low-rate DoS detection method based on feature extraction using wavelet transform [J ] . Journal of Software , 2009 , 20 ( 4 ): 930 - 941 .

CHENG M , LI Q , LV J M , et al . Multi-scale LSTM model for BGP anomaly classification [J ] . IEEE Transactions on Services Computing , 2021 , 14 ( 3 ): 765 - 778 .

WANG J Y , WANG Z , LI J F , et al . Multilevel wavelet decomposition network for interpretable time series analysis [C ] // Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery ＆ Data Mining . New York:ACM Press , 2018 : 2437 - 2446 .

FOULADI R F , ERMIŞ O , ANARIM E . A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN [J ] . Computer Networks , 2022 ,214:109140.

ALBAHAR M A . Recurrent neural network model based on a new regularization technique for real-time intrusion detection in SDN environments [J ] . Security and Communication Networks , 2019 , 2019 : 1 - 9 .

PEI J M , ZHONG K Y , JAN M A , et al . Personalized federated learning framework for network traffic anomaly detection [J ] . Computer Networks , 2022 ,209:108906.

ZONG B , SONG Q , MIN M R , et al . Deep autoencoding gaussian mixture model for unsupervised anomaly detection [C ] // Proceedings of International Conference on Learning Representations . Vancouver:ICLR Press , 2018 : 1 - 19 .

YANG D H , HWANG M . Unsupervised and ensemble-based anomaly detection method for network security [C ] // Proceedings of14th International Conference on Knowledge and Smart Technology . Piscataway:IEEE Press , 2022 : 75 - 79 .

GEIGER A , LIU D Y , ALNEGHEIMISH S , et al . TadGAN:time series anomaly detection using generative adversarial networks [C ] // Proceedings of IEEE International Conference on Big Data (Big Data) . Piscataway:IEEE Press , 2020 : 33 - 43 .

PATIL R , BIRADAR R , RAVI V , et al . Network traffic anomaly detection using PCA and BiGAN [J ] . Internet Technology Letters , 2022 , 5 ( 1 ): e235 .

邹福泰 , 谭越 , 王林 , 等 . 基于生成对抗网络的僵尸网络检测 [J ] . 通信学报 , 2021 , 42 ( 7 ): 95 - 106 .

ZOU F T , TAN Y , WANG L , et al . Botnet detection based on generative adversarial network [J ] . Journal on Communications , 2021 , 42 ( 7 ): 95 - 106 .

CHEN X H , DENG L W , HUANG F T , et al . DAEMON:unsupervised anomaly detection and interpretation for multivariate time series [C ] // Proceedings of IEEE 37th International Conference on Data Engineering . Piscataway:IEEE Press , 2021 : 2225 - 2230 .

麻文刚 , 张亚东 , 郭进 . 基于LSTM与改进残差网络优化的异常流量检测方法 [J ] . 通信学报 , 2021 , 42 ( 5 ): 23 - 40 .

MA W G , ZHANG Y D , GUO J . Abnormal traffic detection method based on LSTM and improved residual neural network optimization [J ] . Journal on Communications , 2021 , 42 ( 5 ): 23 - 40 .

CHOUHAN N , KHAN A , KHAN H U R . Network anomaly detection using channel boosted and residual learning based deep convolutional neural network [J ] . Applied Soft Computing , 2019 ,83:105612.

YANG S , . Anomaly traffic detection based on LSTM [C ] // Proceedings of IEEE 10th Joint International Information Technology and Artificial Intelligence Conference . Piscataway:IEEE Press , 2022 : 667 - 670 .

ULLAH I , MAHMOUD Q H . Design and development of RNN anomaly detection model for IoT networks [J ] . IEEE Access , 2022 , 10 : 62722 - 62750 .

SUGIARTAWAN P , PULUNGAN R , KARTIKA A . Prediction by a hybrid of wavelet transform and long-short-term-memory neural network [J ] . International Journal of Advanced Computer Science and Applications , 2017 , 8 ( 2 ): 326 - 332 .

CHEN J L , LI Z P , PAN J , et al . Wavelet transform based on inner product in fault diagnosis of rotating machinery:a review [J ] . Mechanical Systems and Signal Processing , 2016 , 70/71 : 1 - 35 .

浏览量

523

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

网络异常检测中的流量表示研究

NMF-NAD：基于NMF的全网络流量异常检测方法

多时间尺度同步的网络异常检测方法

基于SDN的物联网边缘节点间数据流零信任管理

基于数字孪生的工业互联网安全检测与响应研究