计算机科学 ›› 2022, Vol. 49 ›› Issue (8): 314-322.doi: 10.11896/jsjkx.220200011
王馨彤, 王璇, 孙知信
WANG Xin-tong, WANG Xuan, SUN Zhi-xin
摘要: 基于深度学习的网络流量异常检测模型通常存在现实环境适应性差、表征能力有限以及泛化能力弱的问题。为此,提出了一种基于多尺度记忆残差网络的网络流量异常检测模型。基于高维特征空间分布分析,证明网络流量数据预处理方法的有效性;将多尺度一维卷积与长短期记忆网络相结合,通过深度学习算法提高模型的表征能力;基于残差网络的思想,实现深度特征提取,同时防止梯度消失、梯度爆炸、过拟合及网络退化现象,加快模型收敛速度,从而实现准确高效的网络流量异常检测。数据预处理可视化结果表明,经独热编码处理后,相较于标准化处理,归一化处理可使正常流量与异常流量数据有效分离;有效性验证实验及性能评估实验结果表明,通过增加恒等映射可加快模型收敛速度,并有效解决网络退化问题;对比实验结果表明,多尺度一维卷积及长短期记忆网络可提升模型的表征能力并使模型具备较强的泛化能力,且本文模型相比当前部分深度学习模型呈现更优的性能指标。
中图分类号:
[1]ANDERSON J P.Computer security threat monitoring and surveillance[R].Technical Report,James P.Anderson Company,1980. [2]ZHONG Y,CHEN W,WANG Z,et al.HELAD:A novel network anomaly detection model based on heterogeneous ensemble learning[J].Computer Networks,2020,169:107049. [3]GUO Y,FANG B X,LI A P,et al.Artificial intelligence enabled cyberspace security defence[J].Strategic Study of Chinese Academy of Engineering,2021,23(3):98-105. [4]SU T,SUN H,WANG S.Intrusion detection using convolutionalrecurrent neural network[C]//Proceedings of the 2019 8th International Conference on Computing and Pattern Recognition.2019:413-419. [5]JIAN S,LU Z,DU D,et al.Overview of network intrusion detection technology[J].Journal of Cyber Security,2020,5(4):96-122. [6]NARGESIAN F,SAMULOWITZ H,KHURANA U,et al.Learning feature engineering for classification[C]//InternationalJoint Conference on Artificial Intelligence(IJCAI).2017:2529-2535. [7]LU X,LIU P,LIN J.Network traffic anomaly detection based on information gain and deep learning[C]//Proceedings of the 2019 3rd International Conference on Information System and Data Mining.2019:11-15. [8]XIAO Y,XING C,ZHANG T,et al.An intrusion detectionmodel based on feature reduction and convolutional neural networks[J].IEEE Access,2019,7:42210-42219. [9]AHMAD Z,SHAHID K A,WAI SHIANG C,et al.Network intrusion detection system:A systematic study of machine lear-ning and deep learning approaches[J].Transactions on Emerging Telecommunications Technologies,2021,32(1):e4150. [10]MA W G,ZHANG Y D,GUO J.Abnormal traffic detection method based on LSTM and improved residual neural network optimization[J].Journal on Communications,2021,42(5):23-40. [11]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].Neural Computation,1997,9(8):1735-1780. [12]WU P,GUO H,MOUSTAFA N.Pelican:A deep residual network for network intrusion detection[C]//2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops(DSN-W).IEEE,2020:55-62. [13]CHO K,MERRIENBOER B,GULCEHRE C,et al.Learningphrase representations using RNN encoder-decoder for statistical machine translation[C]//Conference on Empirical Methods in Natural Language Processing.2014:1724-1734. [14]HE K,ZHANG X,REN S,et al.Deep residual learning forimage recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:770-778. [15]LI X,CHEN S,HU X,et al.Understanding the disharmony between dropout and batch normalization by variance shift[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition.2019:2682-2690. [16]SRIVASTAVA N,HINTON G,KRIZHEVSKY A,et al.Dropout:a simple way to prevent neural networks from overfitting[J].The Journal of Machine Learning Research,2014,15(1):1929-1958. [17]IOFFE S,SEGEDY C.Batch normalization:Accelerating deepnetwork training by reducing internal covariate shift[C]//International Conference on Machine Learning.PMLR,2015:448-456. [18]COOIJMANS T,BALLAS N,Laurent C,et al.Recurrent batch normalization[J].arXiv:1603.09025,2016. [19]HE K,ZHANG X,REN S,et al.Identity mappings in deep residual networks[C]//European Conference on Computer Vision.Cham:Springer,2016:630-645. [20]ZEILER M D,FERGUS R.Visualizing and understanding con-volutional networks[C]//European Conference on Computer Vision.Cham:Springer,2014:818-833. [21]SAINATH T N,KINGSBURY B,Mohamed A,et al.Improvements to deep convolutional neural networks for LVCSR[C]//2013 IEEE Workshop on Automatic Speech Recognition and Understanding.IEEE,2013:315-320. [22]ZHANG J,LING Y,FU X,et al.Model of the intrusion detection system based on the integration of spatial-temporal features[J].Computers & Security,2020,89:101681. [23]WANG X,YIN S,LI H,et al.A Network Intrusion Detection Method Based on Deep Multi-scale Convolutional Neural Network[J].International Journal of Wireless Information Networks,2020,27(4):503-517. [24]SZEGEDY C,VANHOUCKE V,IOFFE S,et al.Rethinking the inception architecture for computer vision[C]//Proceedings of the IEEE conference on computer vision and pattern recognition.2016:2818-2826. [25]SZEGEDY C,IOFFE S,VANHOUCKE V,et al.Inception-v4,inception-resnet and the impact of residual connections on lear-ning[C]//Thirty-first Association for Advancement of Artificial Intelligence(AAAI) Conference on Artificial Intelligence.2017. [26]MOUSTAFA N,SLAY J.UNSW-NB15:a comprehensive data set for network intrusion detection systems(UNSW-NB15 network data set)[C]//2015 Military Communications and Information Systems Conference(MilCIS).IEEE,2015:1-6. [27]MOUSTAFA N,SLAY J.The evaluation of network anomalydetection systems:statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J].Information Security Journal:A Global Perspective,2016,25(1/2/3):18-31. [28]VINAYAKUMAR R,SOMAN K P,POOMACHANDRAN P.Applying convolutional neural network for network intrusion detection[C]//2017 International Conference on Advances in Computing,Communications and Informatics(ICACCI).IEEE,2017:1222-1228. [29]WU P,GUO H.LuNET:A deep neural network for network intrusion detection[C]//2019 IEEE Symposium Series on Computational Intelligence(SSCI).IEEE,2019:617-624. |
[1] | 赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测 Network Security Situation Prediction Based on IPSO-BiLSTM 计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103 |
[2] | 高荣华, 白强, 王荣, 吴华瑞, 孙想. 改进注意力机制的多叉树网络多作物早期病害识别方法 Multi-tree Network Multi-crop Early Disease Recognition Method Based on Improved Attention Mechanism 计算机科学, 2022, 49(6A): 363-369. https://doi.org/10.11896/jsjkx.210500044 |
[3] | 王飞, 黄涛, 杨晔. 基于Stacking多模型融合的IGBT器件寿命的机器学习预测算法研究 Study on Machine Learning Algorithms for Life Prediction of IGBT Devices Based on Stacking Multi-model Fusion 计算机科学, 2022, 49(6A): 784-789. https://doi.org/10.11896/jsjkx.210400030 |
[4] | 康雁, 徐玉龙, 寇勇奇, 谢思宇, 杨学昆, 李浩. 基于Transformer和LSTM的药物相互作用预测 Drug-Drug Interaction Prediction Based on Transformer and LSTM 计算机科学, 2022, 49(6A): 17-21. https://doi.org/10.11896/jsjkx.210400150 |
[5] | 赵人行, 徐频捷, 刘瑶. 基于深度卷积残差网络的心电单导联房颤检测方法 ECG-based Atrial Fibrillation Detection Based on Deep Convolutional Residual Neural Network 计算机科学, 2022, 49(5): 186-193. https://doi.org/10.11896/jsjkx.220200002 |
[6] | 韩红旗, 冉亚鑫, 张运良, 桂婕, 高雄, 易梦琳. 基于共同子空间分类学习的跨媒体检索研究 Study on Cross-media Information Retrieval Based on Common Subspace Classification Learning 计算机科学, 2022, 49(5): 33-42. https://doi.org/10.11896/jsjkx.210200157 |
[7] | 高心悦, 田汉民. 基于改进U-Net网络的液滴分割方法 Droplet Segmentation Method Based on Improved U-Net Network 计算机科学, 2022, 49(4): 227-232. https://doi.org/10.11896/jsjkx.210300193 |
[8] | 张红民, 李萍萍, 房晓冰, 刘宏. 改进YOLOv3网络模型的人体异常行为检测方法 Human Abnormal Behavior Detection Method Based on Improved YOLOv3 Network Model 计算机科学, 2022, 49(4): 233-238. https://doi.org/10.11896/jsjkx.210300251 |
[9] | 瞿中, 陈雯. 基于空洞卷积和多特征融合的混凝土路面裂缝检测 Concrete Pavement Crack Detection Based on Dilated Convolution and Multi-features Fusion 计算机科学, 2022, 49(3): 192-196. https://doi.org/10.11896/jsjkx.210100164 |
[10] | 高堰泸, 徐圆, 朱群雄. 基于A-DLSTM夹层网络结构的电能消耗预测方法 Predicting Electric Energy Consumption Using Sandwich Structure of Attention in Double -LSTM 计算机科学, 2022, 49(3): 269-275. https://doi.org/10.11896/jsjkx.210100006 |
[11] | 郭琳, 李晨, 陈晨, 赵睿, 范仕霖, 徐星雨. 基于通道注意递归残差网络的图像超分辨率重建 Image Super-resolution Reconstruction Using Recursive ResidualNetwork Based on ChannelAttention 计算机科学, 2021, 48(8): 139-144. https://doi.org/10.11896/jsjkx.200500150 |
[12] | 许华杰, 张晨强, 苏国韶. 基于深层卷积残差网络的航拍图建筑物精确分割方法 Accurate Segmentation Method of Aerial Photography Buildings Based on Deep Convolutional Residual Network 计算机科学, 2021, 48(8): 169-174. https://doi.org/10.11896/jsjkx.200500096 |
[13] | 暴雨轩, 芦天亮, 杜彦辉, 石达. 基于i_ResNet34模型和数据增强的深度伪造视频检测方法 Deepfake Videos Detection Method Based on i_ResNet34 Model and Data Augmentation 计算机科学, 2021, 48(7): 77-85. https://doi.org/10.11896/jsjkx.210300258 |
[14] | 牛康力, 谌雨章, 张龚平, 谭前程, 王绎冲, 罗美琪. 基于深度学习的无人机航拍车流量监测 Vehicle Flow Measuring of UVA Based on Deep Learning 计算机科学, 2021, 48(6A): 275-280. https://doi.org/10.11896/jsjkx.200900149 |
[15] | 王建明, 黎向锋, 叶磊, 左敦稳, 张丽萍. 基于信道注意结构的生成对抗网络医学图像去模糊 Medical Image Deblur Using Generative Adversarial Networks with Channel Attention 计算机科学, 2021, 48(6A): 101-106. https://doi.org/10.11896/jsjkx.200600144 |
|