基于深度神经网络的自定义用户异常行为检测

摘要/Abstract

摘要： 在大数据网络环境下,由于传统用户异常行为检测方法无法满足海量数据检测需求,对不断更新的异常行为和恶意软件无法快速地做出响应,没有考虑用户行为管理等问题,导致异常检测的精度和稳定性都不足。文中结合网络流量分析技术,提出了基于深度神经网络的自定义用户异常行为检测模型,实现了网络流量的细粒度分析,并自定义用户行为管理设定,使用户异常检测与特定网络环境的需要更紧密地结合,将网络流量分析的数据作为深度神经网络算法的输入向量,实现海量数据检测和自定义用户行为管理,同时检测未知异常行为。实验结果表明,所提方法具有较高的准确性及鲁棒性,能有效实现自定义用户行为管理,进而解决传统用户异常行为检测的不足。

关键词: 深度神经网络, 网络流量, 用户异常行为, 自定义

Abstract: In the network environment of big data,the method of detecting the abnormal behavior of the traditional user have the question that it can not meet the massive data detection requirements,can not respond to the constantly updated abnormal behavior and malware quickly and does not consider the user behavior management and other issues,so that the accuracy and stability of the abnormal detection is insufficient.Combining the technology of network traffic analysis,this paper proposed a custom model of the abnormal user behavior detection based on deep neural network,which realizes fine-grained analysis of network traffic and customizes user behavior management settings to make user anomaly detection more closely integrated with the needs of specific network environments.The data of network traffic analysis was used as the input vector of the deep neural network algorithm to realize massive data detection and custom user behavior management,and detect unknown abnormal behavior.The experimental results show that the proposed method has high accuracy and robustness,can effectively implement custom user behavior management,and solve the shortage of the traditional user anomalies.

Key words: Custom, Deep neural network, Network traffic, User anomalous behavior

中图分类号:

TP181

陈胜, 朱国胜, 祁小云, 雷龙飞, 吴善超, 吴梦宇. 基于深度神经网络的自定义用户异常行为检测[J]. 计算机科学, 2019, 46(11A): 442-445. https://doi.org/

CHEN Sheng, ZHU Guo-sheng, QI Xiao-yun, LEI Long-fei, WU Shan-chao, WU Meng-yu. Custom User Anomaly Behavior Detection Based on Deep Neural Network[J]. Computer Science, 2019, 46(11A): 442-445. https://doi.org/

参考文献

[1]NGUYEN D T,JUNG J E.Real-time event detection for online behavioral analysis of big social data[J].Future Generation Computer Systems,2017,66:137-145.
[2]JIA Z,SHEN C,YI X,et al.Big-data analysis of multi-source logs for anomaly detection on network-based system[C]∥2017 13th IEEE Conference on Automation Science and Engineering (CASE).IEEE,2017:1136-1141.
[3]HABEEB R A A,NASARUDDIN F,GANI A,et al.Real-time big data processing for anomaly detection:A Survey[J].International Journal of Information Management,2018.
[4]HAMED T,ERNST J B,KREMER S C.A survey and taxonomy of classifiers of intrusion detection systems[M]∥Computer and network security essentials.Springer,Cham,2018:21-39.
[5]BINKLEY J R,Singh S.An Algorithm for Anomaly-based Botnet Detection[J].SRUTI,2006,6:7-7.
[6]GARCIA-TEODORO P,DIAZ-VERDEJO J,MACIÁ-FERNÁ-NDEZ G,et al.Anomaly-based network intrusion detection:Techniques,systems and challenges[J].computers & security,2009,28(1／2):18-28.
[7]ZHU M,YE K,XU C Z.Network Anomaly Detection and Identification Based on Deep Learning Methods[C]∥International Conference on Cloud Computing.Springer,Cham,2018:219-234.
[8]BUCZAK A L,GUVEN E.A survey of data mining and ma-chine learning methods for cyber security intrusion detection[J].IEEE Communications Surveys & Tutorials,2016,18(2):1153-1176.
[9]宋海涛,韦大伟,汤光明,等.基于模式挖掘的用户行为异常检测算法[J].小型微型计算机系统,2016,37(2):221-226.
[10]赵刚,姚兴仁.基于用户画像的异常行为检测模型[J].信息网络安全,2017(7):18-24.
[11]丁珊.基于深度学习的入侵检测关键技术研究[D].北京:北京交通大学,2018.
[12]QIAO Y,XING Z,FADLULLAH Z M,et al.CharacterizingFlow,Application,and User Behavior in Mobile Networks:A Framework for Mobile Big Data[J].IEEE Wireless Communications,2018,25(1):40-49.
[13]ALTHOFF T,JINDAL P,LESKOVEC J.Online actions with offline impact:How online social networks influence online and offline user behavior[C]∥Proceedings of the Tenth ACM International Conference on Web Search and Data Mining.ACM,2017:537-546.
[14]MILLER D J,WANG Y,KESIDIS G.Anomaly detection of attacks (ADA) on DNN classifiers at test time[C]∥2018 IEEE 28th International Workshop on Machine Learning for Signal Processing (MLSP).IEEE,2018:1-6.
[15]AMARASINGHE K,KENNEY K,MANIC M.Toward ex-plainable deep neural network based anomaly detection[C]∥2018 11th International Conference on Human System Interaction (HSI).IEEE,2018:311-317.
[16]KWON D,KIM H,KIM J,et al.A survey of deep learning-based network anomaly detection[J].Cluster Computing,2017:1-13.
[17]LÓPEZ A U,MATEO F,NAVíO-MARCO J,et al.Analysis of Computer User Behavior,Security Incidents and Fraud Using Self-Organizing Maps[J].Computers & Security,2019.
[18]The Bro Network Security Monitor[OL].http://www.bro.org.
[19]ALJAWARNEH S,ALDWAIRI M,YASSEIN M B.Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model[J].Journal of Computational Science,2018,25:152-160.
[20]HE H,GARCIA E A.Learning from imbalanced data[J].IEEE Transactions on Knowledge and Data Engineering,2009,21(9):1263-1284.

相关文章 15

[1]	王馨彤, 王璇, 孙知信. 基于多尺度记忆残差网络的网络流量异常检测模型 Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network 计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[2]	杨亚红, 王海瑞. 基于Renyi熵和BiGRU算法实现SDN环境下的DDoS攻击检测方法 DDoS Attack Detection Method in SDN Environment Based on Renyi Entropy and BiGRU Algorithm 计算机科学, 2022, 49(6A): 555-561. https://doi.org/10.11896/jsjkx.210800095
[3]	高捷, 刘沙, 黄则强, 郑天宇, 刘鑫, 漆锋滨. 基于国产众核处理器的深度神经网络算子加速库优化 Deep Neural Network Operator Acceleration Library Optimization Based on Domestic Many-core Processor 计算机科学, 2022, 49(5): 355-362. https://doi.org/10.11896/jsjkx.210500226
[4]	焦翔, 魏祥麟, 薛羽, 王超, 段强. 基于深度学习的自动调制识别研究 Automatic Modulation Recognition Based on Deep Learning 计算机科学, 2022, 49(5): 266-278. https://doi.org/10.11896/jsjkx.211000085
[5]	范红杰, 李雪冬, 叶松涛. 面向电子病历语义解析的疾病辅助诊断方法 Aided Disease Diagnosis Method for EMR Semantic Analysis 计算机科学, 2022, 49(1): 153-158. https://doi.org/10.11896/jsjkx.201100125
[6]	周欣, 刘硕迪, 潘薇, 陈媛媛. 自然交通场景中的车辆颜色识别 Vehicle Color Recognition in Natural Traffic Scene 计算机科学, 2021, 48(6A): 15-20. https://doi.org/10.11896/jsjkx.200800078
[7]	向昌盛, 陈志刚. 面向海量数据的网络流量混沌预测模型 Chaotic Prediction Model of Network Traffic for Massive Data 计算机科学, 2021, 48(5): 289-293. https://doi.org/10.11896/jsjkx.200400056
[8]	刘东, 王叶斐, 林建平, 马海川, 杨闰宇. 端到端优化的图像压缩技术进展 Advances in End-to-End Optimized Image Compression Technologies 计算机科学, 2021, 48(3): 1-8. https://doi.org/10.11896/jsjkx.201100134
[9]	马琳, 王云霄, 赵丽娜, 韩兴旺, 倪金超, 张婕. 基于多模型判别的网络入侵检测系统 Network Intrusion Detection System Based on Multi-model Ensemble 计算机科学, 2021, 48(11A): 592-596. https://doi.org/10.11896/jsjkx.201100170
[10]	潘雨, 邹军华, 王帅辉, 胡谷雨, 潘志松. 基于网络表示学习的深度社团发现方法 Deep Community Detection Algorithm Based on Network Representation Learning 计算机科学, 2021, 48(11A): 198-203. https://doi.org/10.11896/jsjkx.210200113
[11]	刘天星, 李伟, 许铮, 张立华, 戚骁亚, 甘中学. 面向高维连续行动空间的蒙特卡罗树搜索算法 Monte Carlo Tree Search for High-dimensional Continuous Control Space 计算机科学, 2021, 48(10): 30-36. https://doi.org/10.11896/jsjkx.201000129
[12]	张艳梅, 楼胤成. 基于深度神经网络的庞氏骗局合约检测方法 Deep Neural Network Based Ponzi Scheme Contract Detection Method 计算机科学, 2021, 48(1): 273-279. https://doi.org/10.11896/jsjkx.191100020
[13]	杨超, 刘志. 基于TASEP模型的复杂网络级联故障研究 Study on Complex Network Cascading Failure Based on Totally Asymmetric Simple Exclusion Process Model 计算机科学, 2020, 47(9): 265-269. https://doi.org/10.11896/jsjkx.190700069
[14]	丁子昂, 乐曹伟, 吴玲玲, 付明磊. 基于CEEMD-Pearson和深度LSTM混合模型的PM_2.5浓度预测方法 PM_2.5 Concentration Prediction Method Based on CEEMD-Pearson and Deep LSTM Hybrid Model 计算机科学, 2020, 47(6A): 444-449. https://doi.org/10.11896/JsJkx.190700158
[15]	尚骏远, 杨乐涵, 何琨. 基于特征可视化分析深度神经网络的内部表征 Analyzing Latent Representation of Deep Neural Networks Based on Feature Visualization 计算机科学, 2020, 47(5): 190-197. https://doi.org/10.11896/jsjkx.190700128

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed