计算机科学 ›› 2021, Vol. 48 ›› Issue (11A): 540-546.doi: 10.11896/jsjkx.201200077

• 信息安全 • 上一篇    下一篇

基于深度学习的网络流量异常检测

杨月麟, 毕宗泽   

  1. 中国科学技术大学软件学院 合肥230022
  • 出版日期:2021-11-10 发布日期:2021-11-12
  • 通讯作者: 杨月麟(yangyuelin_k@outlook.com)

Network Anomaly Detection Based on Deep Learning

YANG Yue-lin, BI Zong-ze   

  1. School of Software Engineering,University of Science and Technology of China,Hefei 230022,China
  • Online:2021-11-10 Published:2021-11-12
  • About author:YANG Yue-lin,born in 1994,master,engineer.His main research interests include network security and deep learning.

摘要: 为了解决网络流量数据的远程依赖性及数据集样本不平衡导致的长尾效应等问题,文中基于视觉 Transformer提出一种网络流量异常检测模型,将多头自注意力引入残差网络,通过Feature Embedding 将输入的稀疏高维度特征转化为稠密低维度特征,并加入二维相对位置编码,实现对流量数据位置全局感知,解决网络流量数据的远程依赖性。视觉Transformer模块包括编码器与解码器,编码器由N个相同的层堆叠组成,每层包括一个多头卷积自注意力层和一个二维卷积前馈网络,解码器在每层中插入一个查询自注意力的附加层,得到合成的流量特征图。同时提出深度自适应特征学习算法,通过半监督学习缓解数据分布不平衡导致的长尾效应问题,根据模型对无标签数据中尾部类别数据识别精确率高的特点,在无标签数据中挑选预测类别为尾部类别的样本加入到已标记集合,通过引入尾部类别样本缓解类别不平衡问题。使用CIC-IDS-2017网络入侵检测数据集进行实验评估。通过对比实验证明,模型的尾部样本检测准确率高于其他深度学习模型在提高检测性能的同时减少了检测时间,在网络流量异常检测领域具备实际应用价值。

关键词: 残差网络, 类别再平衡, 深度学习, 异常检测, 注意力

Abstract: This paper proposes a novel and general end-to-end convolutional transformer network for modeling the long-range spatial and temporal dependence on network anomaly detection.The core ingredient of the proposed model is the feature embedding module by just replacing the spatial convolutions with proposed global self-attention in the final three bottleneck blocks of a ResNet,and the multi-head convolutional self-attention layer in encoder and decoder,which learns the sequential dependence of network traffic data.Our model uses an encoder,built upon multi-head convolutional self-attention layers,to map the input sequence to a feature map sequence,and then another deep networks,incorporating multi-head convolutional self-attention layers,decode the target synthesized feature map from the feature maps sequence.We also present a class-rebalancing self-training framework to alleviate the long tail effect caused by the imbalance of data distribution through semi-supervised learning,which is motivated by the observation that existing SSL algorithms produce high precision pseudo-labels on minority classes.The algorithm iteratively retrains a baseline SSL model with a labeled set expanded by adding pseudo-labeled samples from an unlabeled set,where pseudo-labeled samples from minority classes are selected more frequently according to an estimated class distribution.In this paper,CIC-IDS-2017 datasets is used for experimental evaluation.The experiments shows that the accuracy of our model is higher than that of other deep learning models,which improves detection performance while reducing detection time,and has practical application value in the field of network traffic anomaly detection.

Key words: Anomaly detection, Attention, Class-rebalancing, Deep learning, ResNet

中图分类号: 

  • TP183
[1]ZHOU Y,LI J.Research of Network Traffic Anomaly Detection Model Based on Multilevel Autoregression[C]//2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT).2019:380-384.
[2]KONG B,LIU Z,ZHOU G,et al.A Method of Detecting the Abnormal Encrypted Traffic Based on Machine Learning and Behavior Characteristics[C]//Proceedings of the 2019 the 9th International Conference on Communication and Network Securi-ty(ICCNS 2019).New York,NY,USA:Association for Computing Machinery,2019:47-50.
[3]VERMA A K,KAUSHIK P,SHRIVASTAVA G.A Network Intrusion Detection Approach Using Variant of Convolution Neural Network[C]//2019 International Conference on Communication and Electronics Systems (ICCES).2019:409-416.
[4]CHIA Y K,WITTEVEEN S,ANDREWS M.Transformer toCNN:Label-Scarce Distillation for Efficient Text Classification[J].arXiv:1909.03508.
[5]VASWANI A,SHAZEER N,PARMAR N,et al.Attention isAll You Need[C]//Advances in Neural Information Processing Systems.Curran Associates,Inc.,2017:5998-6008.
[6]KHAN S,NASEER M,HAYATM,et al.Transformers in Vision:A Survey[J].arXiv:2101.01169.
[7]DOSOVITSKIY A,BEYER L,KOLESNIKOV A,et al.AnImage is Worth 16x16 Words:Transformers for Image Recognition at Scale[C]//International Conference on Learning Representations(ICLR 2021).2020.
[8]WU H,XIAO B,CODELLA N,et al.CvT:Introducing Convolutions to Vision Transformers[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR).2021.
[9]LI Y,ZHANG K,CAO J,et al.LocalViT:Bringing Locality to Vision Transformers[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR).2021.
[10]BHOJANAPALLI S,CHAKRABARTI A,GLASNER D,et al.Understanding Robustness of Transformers for Image Classification[C]//Proceedings of the IEEE/CVF Conference on Computer Visionand Pattern Recognition (CVPR).2021.
[11]NAKASHIMA K,KATAOKA H,MATSUMOTO A,et al.Can Vision Transformers Learn without Natural Images?[J].arXiv:2103.13023.
[12]JAMAL M A,BROWN M,YANG M H,et al.Rethinking Class-Balanced Methods for Long-Tailed Visual Recognition From a Domain Adaptation Perspective[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).2020.
[13]SOHN K,BERTHELOT D,CARLINI N,et al.FixMatch:Simplifying Semi-Supervised Learning with Consistency and Confidence[C]//Advances in Neural Information Processing Systems(NeurIPS).Curran Associates,Inc.,2020:596-608.
[14]XIE Q,LUONG M T,HOVY E,et al.Self-TrainingWith Noisy Student Improves ImageNet Classification[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).2020.
[15]KURNIABUDI,STIAWAN D,DARMAWIJOY O,et al.CIC-IDS-2017 Dataset Feature Analysis with Information Gain for Anomaly Detection[J].IEEE Access,2020,8:132911-132921.
[1] 饶志双, 贾真, 张凡, 李天瑞.
基于Key-Value关联记忆网络的知识图谱问答方法
Key-Value Relational Memory Networks for Question Answering over Knowledge Graph
计算机科学, 2022, 49(9): 202-207. https://doi.org/10.11896/jsjkx.220300277
[2] 吴子仪, 李邵梅, 姜梦函, 张建朋.
基于自注意力模型的本体对齐方法
Ontology Alignment Method Based on Self-attention
计算机科学, 2022, 49(9): 215-220. https://doi.org/10.11896/jsjkx.210700190
[3] 汤凌韬, 王迪, 张鲁飞, 刘盛云.
基于安全多方计算和差分隐私的联邦学习方案
Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy
计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108
[4] 周芳泉, 成卫青.
基于全局增强图神经网络的序列推荐
Sequence Recommendation Based on Global Enhanced Graph Neural Network
计算机科学, 2022, 49(9): 55-63. https://doi.org/10.11896/jsjkx.210700085
[5] 徐天慧, 郭强, 张彩明.
基于全变分比分隔距离的时序数据异常检测
Time Series Data Anomaly Detection Based on Total Variation Ratio Separation Distance
计算机科学, 2022, 49(9): 101-110. https://doi.org/10.11896/jsjkx.210600174
[6] 戴禹, 许林峰.
基于文本行匹配的跨图文本阅读方法
Cross-image Text Reading Method Based on Text Line Matching
计算机科学, 2022, 49(9): 139-145. https://doi.org/10.11896/jsjkx.220600032
[7] 周乐员, 张剑华, 袁甜甜, 陈胜勇.
多层注意力机制融合的序列到序列中国连续手语识别和翻译
Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion
计算机科学, 2022, 49(9): 155-161. https://doi.org/10.11896/jsjkx.210800026
[8] 徐涌鑫, 赵俊峰, 王亚沙, 谢冰, 杨恺.
时序知识图谱表示学习
Temporal Knowledge Graph Representation Learning
计算机科学, 2022, 49(9): 162-171. https://doi.org/10.11896/jsjkx.220500204
[9] 熊丽琴, 曹雷, 赖俊, 陈希亮.
基于值分解的多智能体深度强化学习综述
Overview of Multi-agent Deep Reinforcement Learning Based on Value Factorization
计算机科学, 2022, 49(9): 172-182. https://doi.org/10.11896/jsjkx.210800112
[10] 史殿习, 赵琛然, 张耀文, 杨绍武, 张拥军.
基于多智能体强化学习的端到端合作的自适应奖励方法
Adaptive Reward Method for End-to-End Cooperation Based on Multi-agent Reinforcement Learning
计算机科学, 2022, 49(8): 247-256. https://doi.org/10.11896/jsjkx.210700100
[11] 李其烨, 邢红杰.
基于最大相关熵的KPCA异常检测方法
KPCA Based Novelty Detection Method Using Maximum Correntropy Criterion
计算机科学, 2022, 49(8): 267-272. https://doi.org/10.11896/jsjkx.210700175
[12] 王剑, 彭雨琦, 赵宇斐, 杨健.
基于深度学习的社交网络舆情信息抽取方法综述
Survey of Social Network Public Opinion Information Extraction Based on Deep Learning
计算机科学, 2022, 49(8): 279-293. https://doi.org/10.11896/jsjkx.220300099
[13] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[14] 郝志荣, 陈龙, 黄嘉成.
面向文本分类的类别区分式通用对抗攻击方法
Class Discriminative Universal Adversarial Attack for Text Classification
计算机科学, 2022, 49(8): 323-329. https://doi.org/10.11896/jsjkx.220200077
[15] 姜梦函, 李邵梅, 郑洪浩, 张建朋.
基于改进位置编码的谣言检测模型
Rumor Detection Model Based on Improved Position Embedding
计算机科学, 2022, 49(8): 330-335. https://doi.org/10.11896/jsjkx.210600046
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!