Abnormal traffic detection method based on multi-scale attention feature enhancement

YANG Hongyu; ZHANG Haohao; CHENG Xiang

doi:10.11959/j.issn.1000-436x.2024262

您当前的位置：

首页 >

文章列表页 >

Abnormal traffic detection method based on multi-scale attention feature enhancement

Papers | 更新时间：2024-12-24

- Abnormal traffic detection method based on multi-scale attention feature enhancement
- Journal on Communications Vol. 45, Issue 11, Pages: 88-105(2024)
- 作者机构：
  
  1.中国民航大学安全科学与工程学院，天津 300300
  2.中国民航大学计算机科学与技术学院，天津 300300
  3.扬州大学信息工程学院，江苏扬州 225127
- 作者简介：
- 基金信息：
  
  Civil Aviation Joint Research Fund Project of the National Natural Science Foundation of China(2433205);The Jiangsu Provincial Basic Research Program Natural Science Foundation - Youth Fund Project(BK20230558)
- DOI：10.11959/j.issn.1000-436x.2024262
  CLC： TP393
- Received：10 July 2024，
  
  Revised：2024-11-21，
  
  Published：25 November 2024
- 稿件说明：
移动端阅览
杨宏宇,张豪豪,成翔.基于多尺度注意力特征增强的异常流量检测方法[J].通信学报,2024,45(11):88-105.

YANG Hongyu,ZHANG Haohao,CHENG Xiang.Abnormal traffic detection method based on multi-scale attention feature enhancement[J].Journal on Communications,2024,45(11):88-105.
杨宏宇,张豪豪,成翔.基于多尺度注意力特征增强的异常流量检测方法[J].通信学报,2024,45(11):88-105. DOI： 10.11959/j.issn.1000-436x.2024262.

YANG Hongyu,ZHANG Haohao,CHENG Xiang.Abnormal traffic detection method based on multi-scale attention feature enhancement[J].Journal on Communications,2024,45(11):88-105. DOI： 10.11959/j.issn.1000-436x.2024262.

摘要

针对现有网络异常流量检测方法存在特征冗余以及流量序列的时间依赖性，导致模型训练速度慢和检测性能不佳等不足，提出一种基于多尺度注意力特征增强的异常流量检测方法。首先，通过基于动态分组的特征选择算法从流量数据中选出最优特征集合。其次，使用密集卷积神经网络和多尺度注意力特征提取网络分别提取流量数据的局部和全局特征。最后，利用特征增强网络增强局部和全局特征的区分度和整体表达的有效性，并采用加权融合的方法进行特征融合，实现异常流量检测。实验结果表明，所提方法在CIC-IDS2017和CSE-CIC-IDS2018数据集上的F1分数分别提升0.17%~2.75%、0.43%~8.99%，具有良好的检测效果。

Abstract

To address feature redundancy and temporal dependencies in traffic data sequences that slow down model training and degrade performance of existing network abnormal traffic detection methods

an abnormal traffic detection method based on multi-scale attention feature enhancement was proposed. Firstly

an optimal feature set was selected from traffic data using a feature selection algorithm based on dynamic grouping. Secondly

Dense-CNN and a multi-scale attention feature extraction network were employed to extract local and global features of the traffic data. Finally

a feature enhancement network was used to increase the distinctiveness and expressiveness of local and global features

which were then fused using a weighted fusion approach to achieve abnormal traffic detection. Experimental results on the CIC-IDS2017 and CSE-CIC-IDS2018 datasets show that the proposed method improves F1 score by 0.17% to 2.75% and 0.43% to 8.99%

respectively

which has good detection performance.

关键词

Keywords

references

刘奇旭 , 陈艳辉 , 尼杰硕 , 等 . 基于机器学习的工业互联网入侵检测综述 [J ] . 计算机研究与发展 , 2022 , 59 ( 5 ): 994 - 1014 .

LIU Q X , CHEN Y H , NI J S , et al . Survey on machine learning-based anomaly detection for industrial Internet [J ] . Journal of Computer Research and Development , 2022 , 59 ( 5 ): 994 - 1014 .

任家东 , 刘新倩 , 王倩 , 等 . 基于KNN离群点检测和随机森林的多层入侵检测方法 [J ] . 计算机研究与发展 , 2019 , 56 ( 3 ): 566 - 575 .

REN J D , LIU X Q , WANG Q , et al . An multi-level intrusion detection method based on KNN outlier detection and random forests [J ] . Journal of Computer Research and Development , 2019 , 56 ( 3 ): 566 - 575 .

DING H W , SUN Y , HUANG N N , et al . TMG-GAN: generative adversarial networks-based imbalanced learning for network intrusion detection [J ] . IEEE Transactions on Information Forensics and Security , 2024 , 19 : 1156 - 1167 .

DUAN X Y , FU Y , WANG K . Network traffic anomaly detection method based on multi-scale residual classifier [J ] . Computer Communications , 2023 , 198 : 206 - 216 .

WU T , FAN H H , ZHU H J , et al . Intrusion detection system combined enhanced random forest with SMOTE algorithm [J ] . EURASIP Journal on Advances in Signal Processing , 2022 ( 1 ): 39 .

LU C W , CAO Y X , WANG Z B . Research on intrusion detection based on an enhanced random forest algorithm [J ] . Applied Sciences , 2024 , 14 ( 2 ): 714 .

HOU B T , ZHANG K , ZUO X J , et al . PIoT malicious traffic detection method based on GAN sample enhancement [J ] . Security and Communication Networks , 2022 , 2022 : 9223412 .

LI F , SHEN H , MAI J A , et al . Pre-trained language model-enhanced conditional generative adversarial networks for intrusion detection [J ] . Peer-to-Peer Networking and Applications , 2024 , 17 ( 1 ): 227 - 245 .

WU Z H , ZHANG H , WANG P H , et al . RTIDS: a robust transformer-based approach for intrusion detection system [J ] . IEEE Access , 2022 , 10 : 64375 - 64387 .

LUO J , ZHANG Y Y , WU Y N , et al . A multi-channel contrastive learning network based intrusion detection method [J ] . Electronics , 2023 , 12 ( 4 ): 949 .

KANNA P R , SANTHI P . Hybrid intrusion detection using MapReduce based black widow optimized convolutional long short-term memory neural networks [J ] . Expert Systems with Applications , 2022 , 194 : 116545 .

BHARDWAJ S , DAVE M . Enhanced neural network-based attack investigation framework for network forensics: identification, detection, and analysis of the attack [J ] . Computers & Security , 2023 , 135 : 103521 .

LIU X Y , LIU J M . Malicious traffic detection combined deep neural network with hierarchical attention mechanism [J ] . Scientific Reports , 2021 , 11 ( 1 ): 12363 .

WANG S Y , XU W X , LIU Y W . Res-TranBiLSTM: an intelligent approach for intrusion detection in the Internet of Things [J ] . Computer Networks , 2023 , 235 : 109982 .

PUJOL-PERICH D , SUAREZ-VARELA J , CABELLOS-APARICIO A , et al . Unveiling the potential of graph neural networks for robust intrusion detection [J ] . ACM SIGMETRICS Performance Evaluation Review , 2022 , 49 ( 4 ): 111 - 117 .

LO W W , LAYEGHY S , SARHAN M , et al . E-GraphSAGE: a graph neural network based intrusion detection system for IoT [C ] // Proceedings of the NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium . Piscataway : IEEE Press , 2022 : 1 - 9 .

REKA R , KARTHICK R , SARAVANA RAM R , et al . Multi head self-attention gated graph convolutional network based multi-attack intrusion detection in MANET [J ] . Computers & Security , 2024 , 136 : 103526 .

肖利军 , 郭继昌 , 顾翔元 . 一种采用冗余性动态权重的特征选择算法 [J ] . 西安电子科技大学学报 , 2019 , 46 ( 5 ): 155 - 161 .

XIAO L J , GUO J C , GU X Y . Algorithm for selection of features based on dynamic weights using redundancy [J ] . Journal of Xidian University , 2019 , 46 ( 5 ): 155 - 161 .

HUANG G , LIU Z , VAN DER MAATEN L , et al . Densely connected convolutional networks [C ] // Proceedings of the 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway : IEEE Press , 2017 : 2261 - 2269 .

XIANG Z L , LI X W . RETRACTED ARTICLE: Fusion of transformer and ML-CNN-BiLSTM for network intrusion detection [J ] . EURASIP Journal on Wireless Communications and Networking , 2023 ( 1 ): 71 .

ZHOU W , ZHENG F J , ZHAO Y H , et al . MSDCNN: a multiscale dilated convolution neural network for fine-grained 3D shape classification [J ] . Neural Networks , 2024 , 172 : 106141 .

KHAN Z I , AFZAL M M , SHAMSI K N . A comprehensive study on CIC-IDS2017 dataset for intrusion detection systems [J ] . International Research Journal on Advanced Engineering Hub (IRJAEH) , 2024 , 2 ( 2 ): 254 - 260 .

LEEVY J L , KHOSHGOFTAAR T M . A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data [J ] . Journal of Big Data , 2020 , 7 ( 1 ): 104 .

Views

886

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Research on scenario recognition for THz channels based on mRMR-GA

DGA malicious domain name identification based on XGBoost and particle swarm optimization algorithm

Distributed abnormal traffic detection method for SDN based on deep learning

Network intrusion detection method based on VAE-CWGAN and fusion of statistical importance of feature

Parallel deep forest algorithm based on Spark and three-way interactive information

Related Author

ZHANG Jie

LUO Jiao

LIN Feng

WANG Yang

LIAO Xi

HAO Xinyu

CHEN Weijie

FENG Lichun

Related Institution

School of Communication and Information Engineering, Chongqing University of Posts and Telecommunications

Information Technology Center, Guangzhou Academy of Fine Arts

Department of Operational Research and Programming, Naval University of Engineering

Henan Key Laboratory of Analysis and Applications of Education Big Data

College of Computer and Information Technology, Xinyang Normal University

AI问答

⁰