基于多尺度注意力特征增强的异常流量检测方法

杨宏宇; 张豪豪; 成翔

doi:10.11959/j.issn.1000-436x.2024262

您当前的位置：

首页 >

文章列表页 >

基于多尺度注意力特征增强的异常流量检测方法

学术论文 | 更新时间：2024-12-24

- 基于多尺度注意力特征增强的异常流量检测方法
- Abnormal traffic detection method based on multi-scale attention feature enhancement
- 通信学报 2024年45卷第11期页码：88-105
- 作者机构：
  
  1.中国民航大学安全科学与工程学院，天津 300300
  2.中国民航大学计算机科学与技术学院，天津 300300
  3.扬州大学信息工程学院，江苏扬州 225127
- 作者简介：
  
  [ "杨宏宇（1969- ），男，吉林长春人，博士，中国民航大学教授、博士生导师，主要研究方向为网络与系统安全、软件安全检测、网络安全态势感知。" ]
  [ "张豪豪（1999- ），男，河南焦作人，中国民航大学硕士生，主要研究方向为网络与信息安全。" ]
  [ "成翔（1988- ），男，新疆乌鲁木齐人，博士，扬州大学讲师、硕士生导师，主要研究方向为网络与系统安全、网络安全态势感知、APT攻击检测。" ]
- 基金信息：
  
  国家自然科学基金民航联合研究基金重点资助项目(2433205);国家自然科学基金资助项目;The National Natural Science Foundation of China(U1833107);江苏省基础研究计划自然科学基金青年基金项目(BK20230558)
- DOI：10.11959/j.issn.1000-436x.2024262
  中图分类号： TP393
- 收稿日期：2024-07-10，
  
  修回日期：2024-11-21，
  
  纸质出版日期：2024-11-25
- 稿件说明：
移动端阅览
杨宏宇,张豪豪,成翔.基于多尺度注意力特征增强的异常流量检测方法[J].通信学报,2024,45(11):88-105.

YANG Hongyu,ZHANG Haohao,CHENG Xiang.Abnormal traffic detection method based on multi-scale attention feature enhancement[J].Journal on Communications,2024,45(11):88-105.
杨宏宇,张豪豪,成翔.基于多尺度注意力特征增强的异常流量检测方法[J].通信学报,2024,45(11):88-105. DOI： 10.11959/j.issn.1000-436x.2024262.

YANG Hongyu,ZHANG Haohao,CHENG Xiang.Abnormal traffic detection method based on multi-scale attention feature enhancement[J].Journal on Communications,2024,45(11):88-105. DOI： 10.11959/j.issn.1000-436x.2024262.

摘要

针对现有网络异常流量检测方法存在特征冗余以及流量序列的时间依赖性，导致模型训练速度慢和检测性能不佳等不足，提出一种基于多尺度注意力特征增强的异常流量检测方法。首先，通过基于动态分组的特征选择算法从流量数据中选出最优特征集合。其次，使用密集卷积神经网络和多尺度注意力特征提取网络分别提取流量数据的局部和全局特征。最后，利用特征增强网络增强局部和全局特征的区分度和整体表达的有效性，并采用加权融合的方法进行特征融合，实现异常流量检测。实验结果表明，所提方法在CIC-IDS2017和CSE-CIC-IDS2018数据集上的F1分数分别提升0.17%~2.75%、0.43%~8.99%，具有良好的检测效果。

Abstract

To address feature redundancy and temporal dependencies in traffic data sequences that slow down model training and degrade performance of existing network abnormal traffic detection methods

an abnormal traffic detection method based on multi-scale attention feature enhancement was proposed. Firstly

an optimal feature set was selected from traffic data using a feature selection algorithm based on dynamic grouping. Secondly

Dense-CNN and a multi-scale attention feature extraction network were employed to extract local and global features of the traffic data. Finally

a feature enhancement network was used to increase the distinctiveness and expressiveness of local and global features

which were then fused using a weighted fusion approach to achieve abnormal traffic detection. Experimental results on the CIC-IDS2017 and CSE-CIC-IDS2018 datasets show that the proposed method improves F1 score by 0.17% to 2.75% and 0.43% to 8.99%

respectively

which has good detection performance.

关键词

Keywords

references

刘奇旭 , 陈艳辉 , 尼杰硕 , 等 . 基于机器学习的工业互联网入侵检测综述 [J ] . 计算机研究与发展 , 2022 , 59 ( 5 ): 994 - 1014 .

LIU Q X , CHEN Y H , NI J S , et al . Survey on machine learning-based anomaly detection for industrial Internet [J ] . Journal of Computer Research and Development , 2022 , 59 ( 5 ): 994 - 1014 .

任家东 , 刘新倩 , 王倩 , 等 . 基于KNN离群点检测和随机森林的多层入侵检测方法 [J ] . 计算机研究与发展 , 2019 , 56 ( 3 ): 566 - 575 .

REN J D , LIU X Q , WANG Q , et al . An multi-level intrusion detection method based on KNN outlier detection and random forests [J ] . Journal of Computer Research and Development , 2019 , 56 ( 3 ): 566 - 575 .

DING H W , SUN Y , HUANG N N , et al . TMG-GAN: generative adversarial networks-based imbalanced learning for network intrusion detection [J ] . IEEE Transactions on Information Forensics and Security , 2024 , 19 : 1156 - 1167 .

DUAN X Y , FU Y , WANG K . Network traffic anomaly detection method based on multi-scale residual classifier [J ] . Computer Communications , 2023 , 198 : 206 - 216 .

WU T , FAN H H , ZHU H J , et al . Intrusion detection system combined enhanced random forest with SMOTE algorithm [J ] . EURASIP Journal on Advances in Signal Processing , 2022 ( 1 ): 39 .

LU C W , CAO Y X , WANG Z B . Research on intrusion detection based on an enhanced random forest algorithm [J ] . Applied Sciences , 2024 , 14 ( 2 ): 714 .

HOU B T , ZHANG K , ZUO X J , et al . PIoT malicious traffic detection method based on GAN sample enhancement [J ] . Security and Communication Networks , 2022 , 2022 : 9223412 .

LI F , SHEN H , MAI J A , et al . Pre-trained language model-enhanced conditional generative adversarial networks for intrusion detection [J ] . Peer-to-Peer Networking and Applications , 2024 , 17 ( 1 ): 227 - 245 .

WU Z H , ZHANG H , WANG P H , et al . RTIDS: a robust transformer-based approach for intrusion detection system [J ] . IEEE Access , 2022 , 10 : 64375 - 64387 .

LUO J , ZHANG Y Y , WU Y N , et al . A multi-channel contrastive learning network based intrusion detection method [J ] . Electronics , 2023 , 12 ( 4 ): 949 .

KANNA P R , SANTHI P . Hybrid intrusion detection using MapReduce based black widow optimized convolutional long short-term memory neural networks [J ] . Expert Systems with Applications , 2022 , 194 : 116545 .

BHARDWAJ S , DAVE M . Enhanced neural network-based attack investigation framework for network forensics: identification, detection, and analysis of the attack [J ] . Computers & Security , 2023 , 135 : 103521 .

LIU X Y , LIU J M . Malicious traffic detection combined deep neural network with hierarchical attention mechanism [J ] . Scientific Reports , 2021 , 11 ( 1 ): 12363 .

WANG S Y , XU W X , LIU Y W . Res-TranBiLSTM: an intelligent approach for intrusion detection in the Internet of Things [J ] . Computer Networks , 2023 , 235 : 109982 .

PUJOL-PERICH D , SUAREZ-VARELA J , CABELLOS-APARICIO A , et al . Unveiling the potential of graph neural networks for robust intrusion detection [J ] . ACM SIGMETRICS Performance Evaluation Review , 2022 , 49 ( 4 ): 111 - 117 .

LO W W , LAYEGHY S , SARHAN M , et al . E-GraphSAGE: a graph neural network based intrusion detection system for IoT [C ] // Proceedings of the NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium . Piscataway : IEEE Press , 2022 : 1 - 9 .

REKA R , KARTHICK R , SARAVANA RAM R , et al . Multi head self-attention gated graph convolutional network based multi-attack intrusion detection in MANET [J ] . Computers & Security , 2024 , 136 : 103526 .

肖利军 , 郭继昌 , 顾翔元 . 一种采用冗余性动态权重的特征选择算法 [J ] . 西安电子科技大学学报 , 2019 , 46 ( 5 ): 155 - 161 .

XIAO L J , GUO J C , GU X Y . Algorithm for selection of features based on dynamic weights using redundancy [J ] . Journal of Xidian University , 2019 , 46 ( 5 ): 155 - 161 .

HUANG G , LIU Z , VAN DER MAATEN L , et al . Densely connected convolutional networks [C ] // Proceedings of the 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway : IEEE Press , 2017 : 2261 - 2269 .

XIANG Z L , LI X W . RETRACTED ARTICLE: Fusion of transformer and ML-CNN-BiLSTM for network intrusion detection [J ] . EURASIP Journal on Wireless Communications and Networking , 2023 ( 1 ): 71 .

ZHOU W , ZHENG F J , ZHAO Y H , et al . MSDCNN: a multiscale dilated convolution neural network for fine-grained 3D shape classification [J ] . Neural Networks , 2024 , 172 : 106141 .

KHAN Z I , AFZAL M M , SHAMSI K N . A comprehensive study on CIC-IDS2017 dataset for intrusion detection systems [J ] . International Research Journal on Advanced Engineering Hub (IRJAEH) , 2024 , 2 ( 2 ): 254 - 260 .

LEEVY J L , KHOSHGOFTAAR T M . A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data [J ] . Journal of Big Data , 2020 , 7 ( 1 ): 104 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于XGBoost和粒子群优化算法的DGA恶意域名识别

基于深度学习的SDN异常流量分布式检测方法

基于VAE-CWGAN和特征统计重要性融合的网络入侵检测方法

基于Spark和三路交互信息的并行深度森林算法

联合低秩重构和投影重构的稳健特征选择方法