计算机科学 ›› 2021, Vol. 48 ›› Issue (12): 357-363.doi: 10.11896/jsjkx.201000086

• 信息安全 • 上一篇    

基于SSC-BP神经网络的异常检测算法

石琳姗1, 马创2, 杨云3, 靳敏1   

  1. 1 国网重庆市电力公司信息通信分公司 重庆401123
    2 重庆邮电大学软件学院 重庆400065
    3 国网重庆市电力公司 重庆400010
  • 收稿日期:2020-10-16 修回日期:2021-01-15 出版日期:2021-12-15 发布日期:2021-11-26
  • 通讯作者: 马创(machuang@cqupt.edu.cn)
  • 作者简介:muyeandmuye@163.com
  • 基金资助:
    国家电网有限公司科技项目资助(2020渝电科技33#)

Anomaly Detection Algorithm Based on SSC-BP Neural Network

SHI Lin-shan1, MA Chuang2, YANG Yun3, JIN Min1   

  1. 1 State Grid Chongqing Electric Power Company Information and Communication Branch,Chongqing 401123,China
    2 School of Software,Chongqing University of Posts and Telecommunications,Chongqing 400065,China
    3 State Grid Chongqing Electric Power Company,Chongqing 400010,China
  • Received:2020-10-16 Revised:2021-01-15 Online:2021-12-15 Published:2021-11-26
  • About author:SHI Lin-shan,born in 1993,bachelor,engineer.Her main research interests include Internet of Things,network security architecture and protection.
    MA Chuang,born in 1984,Ph.D,asso-ciate professor,is a member of China Computer Federation.His main research interests include complex network and machine learning.
  • Supported by:
    Science and Technology Project of State Grid Corporation of China(2020 Yudian Technology 33#).

摘要: 针对物联网环境下产生的新型网络攻击的数量持续上升和复杂性不断升高,传统的异常检测算法误报率高、检测率低以及数据量大而造成计算困难等问题,提出了一种基于子空间聚类(Subspace Clustering,SSC)和BP神经网络相结合的异常检测算法。首先在网络数据集上通过子空间聚类算法中最常用的CLIQUE算法得到不同的子空间;其次对不同子空间中的数据进行BP神经网络异常检测,计算预测误差值,通过与预先设定好的精度进行比较,来不断更新阈值进行修正,以达到提高识别网络攻击的能力。仿真实验采用NSL-KDD公开数据集和物联网环境下的网络攻击数据集,将NSL-KDD公开数据集分割为4种单一攻击子集和1种混合攻击子集,通过与K-means,DBSCAN,SSC-EA以及k-KNN异常检测模型进行比较,在混合攻击子集中,SSC-BP神经网络模型的检测率比传统的K-means模型的检测率提高了6%,误检率降低了0.2%;而在4种单一攻击子集中,SSC-BP神经网络模型都能以最低的误检率检测出最多的受到攻击的网络。在物联网环境下的网络攻击数据集上,SSC-BP神经网络模型的性能均优于其他几种对比模型。

关键词: 子空间聚类, BP神经网络, 异常检测, 新型网络攻击

Abstract: Aiming at the increasing number and complexity of new network attacks in the Internet of Things environment,the traditional anomaly detection algorithm has high false alarm rate,low detection rate and large amount of data,which cause calculation difficulties,this paper proposes an anomaly detection algorithm based on the combination of subspace clustering(SSC) and BP neural network.Firstly,different subspaces are obtained by CLIQUE algorithm,which is the most commonly used subspace clustering algorithm;secondly,BP neural network anomaly detection is carried out on the data in different subspaces,and the prediction error value is calculated.By comparing with the pre-set accuracy,the threshold value is constantly updated for correction,so as to improve the ability of identifying network attacks.The NSL-KDD public data set and the network attack data set in the Internet of Things environment are used in the simulation experiment.The NSL-KDD public data set is divided into four kinds of single attack subsets and a mixed attack subsets.Compared with K-means,DBSCAN,SSC-EA and K-KNN anomaly detection models.In the mixed attack subset,the detection rate of SSC-BP neural network model is 6% higher than that of traditional K-means model,and the false detection rate is reduced by 0.2%;SSC-BP neural network model can detect the most attacked network with the lowest false detection rate in four single attack subsets.In the Internet of Things environment,SSC-BP neural network model is superior to other models.

Key words: Subspace clustering, BP neural network, Anomaly detection, New network attack

中图分类号: 

  • TP181
[1]SHI J S,LI R.Survey of Blockchain Access Control in Internet of Things[J].Journal of Software,2019,30(6):1632-1648.
[2]SHA L T,XIAO F,CHEN W,et al.Leakage Perception Method for Backdoor Privacy in Industry Internet of Things Environment[J].Journal of Software,2018,29(7):1863-1879.
[3]JIANG Z,WU Q,LI H W,et al.Survey on Internet End-to-end Multipath Transfer Research with Cross-layer Optimization[J].Journal of Software,2019,30(2):302-322.
[4]ZHANG L.Research on Intrusion Detection Model Based on Rough Set and Artificial Immune[D].Beijing:Beijing University of Posts and Telecommunications,2014.
[5]GUO P,LI J W,JUN S,et al.A Hybrid Unsupervised Clustering-Based Anomaly Detection Method[J].Tsinghua Science and Technology,2021,26(2):146-153.
[6]LIU J,ZHANG H C,XU G X.An Anomaly Detector Deployment Awareness Detection Framework based on Multi-Dimensional Resources Balancing in Cloud Platform[J].IEEE Access,2018,6:44927-44932.
[7]MOUSTAFA N,TURNBULL B,CHOO K.An Ensemble In- trusion Detection Technique based on proposed Statistical Flow Features for Protecting Network Traffic of Internet of Things[J].IEEE Internet of Things Journal,2018,6(3):4815-4830.
[8]DU Q.Research on Distributed Deployment of Anomaly Detection Function Based on Internet of Things Environment[D].Chengdu:Journal of University of Electronic Science and Technology of China,2017.
[9]ALRASHDI I,ALQAZZAZ A,ALOUFI E,et al.AD-IoT: Anomaly Detection of IoT Cyberattacks in Smart City Using Machine Learning[C]//2019 IEEE 9th Annual Computing and Communication Workshop and Conference(CCWC).IEEE,2019.
[10]ZHONG J,YANG Q,GAO W.Dynamic Scheduling Algorithm for Scalable Big Data Stream in Internet of Things[J].Journal of Chongqing University of Technology(Natural Science),2019,33(9):182-189.
[11]EFREM H B,ADHISTYA E P,SILMI F.Unsupervised Ano- maly Detection Using K-Means,Local Outlier Factor and One Class SVM[C]//2019 5th International Conference on Science and Technology(ICST).2019.
[12]YANG L.Network Anomaly Traffic Detection Algorithm Based on SVM[C]//2017 International Conference on Robots & Intelligent System(ICRIS).2017.
[13]CHEN J Y,YANG D Y.Detector Generation Algorithm Based on Online GA for Anomaly Detection[C]//2011 International Conference on Network Computing and Information Security.2011.
[14]ANSHIKA C,HIMANGI M,ANUJA A.Anomaly Detection using Graph Neural Networks[C]//2019 International Confe-rence on Machine Learning,Big Data,Cloud and Parallel Computing(COMITCon).2019.
[15]HUANG Y F,CHUN W Y,TANG X L.A Temporal Recur- rent Neural Network Approach to Detecting Market Anomaly Attacks[C]//2018 IEEE International Conference on Intelli-gence and Security Informatics(ISI).2018.
[16]PENG H.Research of Intrusion Detection Method Based on Rough Set[J].Journal of University of Electronic Science and Technology of China,2016,35(1):108-113.
[17]SUN Z X,XU H X.Survey of the Application Research of Fuzzy Technology to Intrusion Detection Systems[J].Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition),2006,26(4):73-80.
[18]WANG G P,WANG J W.An anomaly detection framework for detecting anomalous virtual machines under cloud computing environment[J].International Journal of Security and its Applications,2016,10(1):75-86.
[19]ZHANG H C,LIU J,WU T S.Adaptive and Incremental-Clustering Anomaly Detection Algorithm for VMs Under Cloud Platform Runtime Environment[J].IEEE access,2018(6):76984-76992.
[20]XU B H,CHEN S Y,ZHANG H C.Incremental k-NN SVM Method in Intrusion Detection[C]//8th IEEE International Conference on Software Engineering and Service Science(ICSESS).2017:712-717.
[21]KUMARI R,SHEETANSHU A,SINGH M K,et al.Anomaly detection in network traffic using K-mean clustering[C]//2016 3rd International Conference on Recent Advances in Information Technology(RAIT).IEEE,2016.
[22]HOSSEIN S E,SAYYED M M.A Novel Anomaly Detection Algorithm Using DBSCAN and SVM in Wireless Sensor Networks[J].Wireless Personal Communications,2018,98(2):2025-2035.
[23]FOKRUL A M,ALZAHRANI M Y,GEORGIEVA L.Anomaly Detection Using Agglomerative Hierarchical Clustering Algorithm[C]//International Conference on Information Science & Applications.Springer,Singapore,2018.
[1] 张叶, 李志华, 王长杰. 基于核密度估计的轻量级物联网异常流量检测方法[J]. 计算机科学, 2021, 48(9): 337-344.
[2] 程铁军, 王曼. 基于变权组合的突发事件网络舆情趋势预测[J]. 计算机科学, 2021, 48(6A): 190-195.
[3] 郭奕杉, 刘漫丹. 基于时空轨迹数据的异常检测[J]. 计算机科学, 2021, 48(6A): 213-219.
[4] 郭福民, 张华, 胡瑢华, 宋岩. 一种基于表面肌电信号的腕部肌力估计方法研究[J]. 计算机科学, 2021, 48(6A): 317-320.
[5] 王中元, 刘惊雷. 基于二阶近邻的核子空间聚类[J]. 计算机科学, 2021, 48(6): 86-95.
[6] 邢红杰, 郝忠. 基于全局和局部判别对抗自编码器的异常检测方法[J]. 计算机科学, 2021, 48(6): 202-209.
[7] 管文华, 林春雨, 杨尚蓉, 刘美琴, 赵耀. 基于人体关节点的低头异常行人检测[J]. 计算机科学, 2021, 48(5): 163-169.
[8] 刘立成, 徐一凡, 谢贵才, 段磊. 面向NoSQL数据库的JSON文档异常检测与语义消歧模型[J]. 计算机科学, 2021, 48(2): 93-99.
[9] 邹承明, 陈德. 高维大数据分析的无监督异常检测方法[J]. 计算机科学, 2021, 48(2): 121-127.
[10] 焦东来, 王浩翔, 吕海洋, 徐轲. 基于手机传感器轨迹的路面地物检测方法[J]. 计算机科学, 2021, 48(11A): 283-289.
[11] 周俊, 尹悦, 夏斌. 基于LSTM神经网络的声发射信号识别研究[J]. 计算机科学, 2021, 48(11A): 319-326.
[12] 杨月麟, 毕宗泽. 基于深度学习的网络流量异常检测[J]. 计算机科学, 2021, 48(11A): 540-546.
[13] 冯安然, 王旭仁, 汪秋云, 熊梦博. 基于PCA和随机树的数据库异常访问检测[J]. 计算机科学, 2020, 47(9): 94-98.
[14] 钟颖宇, 陈松灿. 高阶多视图离群点检测[J]. 计算机科学, 2020, 47(9): 99-104.
[15] 高方远, 王秀美. 一种基于块对角表示和近邻约束的子空间聚类方法[J]. 计算机科学, 2020, 47(7): 66-70.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] 杨洁,王国胤,李帅. 基于边界域的邻域知识距离度量模型[J]. 计算机科学, 2020, 47(3): 61 -66 .
[2] 裴嘉震, 徐曾春, 胡平. 融合视点机制与姿态估计的行人再识别方法[J]. 计算机科学, 2020, 47(6): 164 -169 .
[3] 李远锋, 李章维, 秦子豪, 胡俊, 张贵军. 基于蒙特卡洛相似度遗传算法的运输问题研究[J]. 计算机科学, 2020, 47(10): 215 -221 .
[4] 潘孝勤, 芦天亮, 杜彦辉, 仝鑫. 基于深度学习的语音合成与转换技术综述[J]. 计算机科学, 2021, 48(8): 200 -208 .
[5] 王俊, 王修来, 庞威, 赵鸿飞. 面向科技前瞻预测的大数据治理研究[J]. 计算机科学, 2021, 48(9): 36 -42 .
[6] 余力, 杜启翰, 岳博妍, 向君瑶, 徐冠宇, 冷友方. 基于强化学习的推荐研究综述[J]. 计算机科学, 2021, 48(10): 1 -18 .
[7] 王梓强, 胡晓光, 李晓筱, 杜卓群. 移动机器人全局路径规划算法综述[J]. 计算机科学, 2021, 48(10): 19 -29 .
[8] 高洪皓, 郑子彬, 殷昱煜, 丁勇. 区块链技术专题序言[J]. 计算机科学, 2021, 48(11): 1 -3 .
[9] 毛瀚宇, 聂铁铮, 申德荣, 于戈, 徐石成, 何光宇. 区块链即服务平台关键技术及发展综述[J]. 计算机科学, 2021, 48(11): 4 -11 .
[10] 陈先来, 赵晓宇, 曾工棉, 安莹. 基于区块链的患者在线交流模型[J]. 计算机科学, 2021, 48(11): 28 -35 .