计算机科学

计算机科学 ›› 2022, Vol. 49 ›› Issue (8): 314-322.doi: 10.11896/jsjkx.220200011

• 信息安全 • 上一篇    下一篇

基于多尺度记忆残差网络的网络流量异常检测模型

王馨彤, 王璇, 孙知信   

  1. 南京邮电大学江苏省邮政大数据技术与应用工程研究中心 南京 210023
    南京邮电大学国家邮政局邮政行业技术研发中心(物联网技术) 南京 210023
    南京邮电大学宽带无线通信与传感网技术教育部重点实验室 南京 210023
  • 收稿日期:2022-02-07 修回日期:2022-03-18 发布日期:2022-08-02
  • 通讯作者: 孙知信(sunzx@njupt.edu.cn)
  • 作者简介:(1220045303@njupt.edu.cn)
  • 基金资助:
    国家自然科学基金(61972208)

Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network

WANG Xin-tong, WANG Xuan, SUN Zhi-xin   

  1. Post Big Data Technology and Application Engineering Research Center of Jiangsu Province,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
    Post Industry Technology Research and Development Center of the State Posts Bureau(Internet of Things Technology),Nanjing University of Posts and Telecommunications,Nanjing 210023,China
    Key Lab of Broadband Wireless Communication and Sensor Network Technology,Ministry of Education,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
  • Received:2022-02-07 Revised:2022-03-18 Published:2022-08-02
  • About author:WANG Xin-tong,born in 1998,postgraduate.Her main research interests include cyber security,intrusion detection and machine learning.
    SUN Zhi-xin,born in 1964,Ph.D,professor,Ph.D supervisor.His main research interests include network communication and computer network and security.
  • Supported by:
    National Natural Science Foundation of China(61972208).

PDF (PC)

501

摘要: 基于深度学习的网络流量异常检测模型通常存在现实环境适应性差、表征能力有限以及泛化能力弱的问题。为此,提出了一种基于多尺度记忆残差网络的网络流量异常检测模型。基于高维特征空间分布分析,证明网络流量数据预处理方法的有效性;将多尺度一维卷积与长短期记忆网络相结合,通过深度学习算法提高模型的表征能力;基于残差网络的思想,实现深度特征提取,同时防止梯度消失、梯度爆炸、过拟合及网络退化现象,加快模型收敛速度,从而实现准确高效的网络流量异常检测。数据预处理可视化结果表明,经独热编码处理后,相较于标准化处理,归一化处理可使正常流量与异常流量数据有效分离;有效性验证实验及性能评估实验结果表明,通过增加恒等映射可加快模型收敛速度,并有效解决网络退化问题;对比实验结果表明,多尺度一维卷积及长短期记忆网络可提升模型的表征能力并使模型具备较强的泛化能力,且本文模型相比当前部分深度学习模型呈现更优的性能指标。

关键词: 残差网络, 长短期记忆网络, 多尺度记忆残差网络, 多尺度一维卷积, 网络流量异常检测, 网络入侵检测

Abstract: Network traffic anomaly detection based on deep learning usually has the problems of poor adaptability to real-world environments,limited representation ability and week generalization ability.From the perspective of these problems,a network traffic anomaly detection method based on multi-scale memory residual network is proposed.Based on the analysis of high-dimensional feature space distribution,this paper demon-strates the validity of the approach to network traffic data preprocessing.Combining multi-scale one-dimensional convolution and long short-term memory network,the representation ability is enhanced by deep learning classifiers.To make the network traffic anomaly detection accurate and efficient,by the idea of residual network,the deep feature extraction is implemented,the problems of vanishing/exploding gradients,the over-fitting and network degradation are prevented,and the convergence speed of the model is accelerated.The visualizations of data preprocessing result suggest that,compared with standardization,normalization has better capability to separate the abnormal traffic data from the normal traffic data.The result of validity verification and performance evaluation experiment reveal that,by inserting identity mapping,the convergence speed of the model can be accelerated,and the network degradation problem can be efficiently addressed.The result of contrast experiment indicates the one-dimensional convolution and long short-term memory network can reinforce the representation and generalization ability of our model,and the performance metrics of our model is better than that of the current deep learning model.

Key words: Long short-term memory network, Multi-scale memory residual network, Multi-scale one-dimensional convolution, Network intrusion detection, Network traffic anomaly detection, Residual network

中图分类号: 

  • TP393.0
[1]ANDERSON J P.Computer security threat monitoring and surveillance[R].Technical Report,James P.Anderson Company,1980.
[2]ZHONG Y,CHEN W,WANG Z,et al.HELAD:A novel network anomaly detection model based on heterogeneous ensemble learning[J].Computer Networks,2020,169:107049.
[3]GUO Y,FANG B X,LI A P,et al.Artificial intelligence enabled cyberspace security defence[J].Strategic Study of Chinese Academy of Engineering,2021,23(3):98-105.
[4]SU T,SUN H,WANG S.Intrusion detection using convolutionalrecurrent neural network[C]//Proceedings of the 2019 8th International Conference on Computing and Pattern Recognition.2019:413-419.
[5]JIAN S,LU Z,DU D,et al.Overview of network intrusion detection technology[J].Journal of Cyber Security,2020,5(4):96-122.
[6]NARGESIAN F,SAMULOWITZ H,KHURANA U,et al.Learning feature engineering for classification[C]//InternationalJoint Conference on Artificial Intelligence(IJCAI).2017:2529-2535.
[7]LU X,LIU P,LIN J.Network traffic anomaly detection based on information gain and deep learning[C]//Proceedings of the 2019 3rd International Conference on Information System and Data Mining.2019:11-15.
[8]XIAO Y,XING C,ZHANG T,et al.An intrusion detectionmodel based on feature reduction and convolutional neural networks[J].IEEE Access,2019,7:42210-42219.
[9]AHMAD Z,SHAHID K A,WAI SHIANG C,et al.Network intrusion detection system:A systematic study of machine lear-ning and deep learning approaches[J].Transactions on Emerging Telecommunications Technologies,2021,32(1):e4150.
[10]MA W G,ZHANG Y D,GUO J.Abnormal traffic detection method based on LSTM and improved residual neural network optimization[J].Journal on Communications,2021,42(5):23-40.
[11]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].Neural Computation,1997,9(8):1735-1780.
[12]WU P,GUO H,MOUSTAFA N.Pelican:A deep residual network for network intrusion detection[C]//2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops(DSN-W).IEEE,2020:55-62.
[13]CHO K,MERRIENBOER B,GULCEHRE C,et al.Learningphrase representations using RNN encoder-decoder for statistical machine translation[C]//Conference on Empirical Methods in Natural Language Processing.2014:1724-1734.
[14]HE K,ZHANG X,REN S,et al.Deep residual learning forimage recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:770-778.
[15]LI X,CHEN S,HU X,et al.Understanding the disharmony between dropout and batch normalization by variance shift[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition.2019:2682-2690.
[16]SRIVASTAVA N,HINTON G,KRIZHEVSKY A,et al.Dropout:a simple way to prevent neural networks from overfitting[J].The Journal of Machine Learning Research,2014,15(1):1929-1958.
[17]IOFFE S,SEGEDY C.Batch normalization:Accelerating deepnetwork training by reducing internal covariate shift[C]//International Conference on Machine Learning.PMLR,2015:448-456.
[18]COOIJMANS T,BALLAS N,Laurent C,et al.Recurrent batch normalization[J].arXiv:1603.09025,2016.
[19]HE K,ZHANG X,REN S,et al.Identity mappings in deep residual networks[C]//European Conference on Computer Vision.Cham:Springer,2016:630-645.
[20]ZEILER M D,FERGUS R.Visualizing and understanding con-volutional networks[C]//European Conference on Computer Vision.Cham:Springer,2014:818-833.
[21]SAINATH T N,KINGSBURY B,Mohamed A,et al.Improvements to deep convolutional neural networks for LVCSR[C]//2013 IEEE Workshop on Automatic Speech Recognition and Understanding.IEEE,2013:315-320.
[22]ZHANG J,LING Y,FU X,et al.Model of the intrusion detection system based on the integration of spatial-temporal features[J].Computers & Security,2020,89:101681.
[23]WANG X,YIN S,LI H,et al.A Network Intrusion Detection Method Based on Deep Multi-scale Convolutional Neural Network[J].International Journal of Wireless Information Networks,2020,27(4):503-517.
[24]SZEGEDY C,VANHOUCKE V,IOFFE S,et al.Rethinking the inception architecture for computer vision[C]//Proceedings of the IEEE conference on computer vision and pattern recognition.2016:2818-2826.
[25]SZEGEDY C,IOFFE S,VANHOUCKE V,et al.Inception-v4,inception-resnet and the impact of residual connections on lear-ning[C]//Thirty-first Association for Advancement of Artificial Intelligence(AAAI) Conference on Artificial Intelligence.2017.
[26]MOUSTAFA N,SLAY J.UNSW-NB15:a comprehensive data set for network intrusion detection systems(UNSW-NB15 network data set)[C]//2015 Military Communications and Information Systems Conference(MilCIS).IEEE,2015:1-6.
[27]MOUSTAFA N,SLAY J.The evaluation of network anomalydetection systems:statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J].Information Security Journal:A Global Perspective,2016,25(1/2/3):18-31.
[28]VINAYAKUMAR R,SOMAN K P,POOMACHANDRAN P.Applying convolutional neural network for network intrusion detection[C]//2017 International Conference on Advances in Computing,Communications and Informatics(ICACCI).IEEE,2017:1222-1228.
[29]WU P,GUO H.LuNET:A deep neural network for network intrusion detection[C]//2019 IEEE Symposium Series on Computational Intelligence(SSCI).IEEE,2019:617-624.
[1] 赵冬梅, 吴亚星, 张红斌.
基于IPSO-BiLSTM的网络安全态势预测
Network Security Situation Prediction Based on IPSO-BiLSTM
计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103
[2] 高荣华, 白强, 王荣, 吴华瑞, 孙想.
改进注意力机制的多叉树网络多作物早期病害识别方法
Multi-tree Network Multi-crop Early Disease Recognition Method Based on Improved Attention Mechanism
计算机科学, 2022, 49(6A): 363-369. https://doi.org/10.11896/jsjkx.210500044
[3] 王飞, 黄涛, 杨晔.
基于Stacking多模型融合的IGBT器件寿命的机器学习预测算法研究
Study on Machine Learning Algorithms for Life Prediction of IGBT Devices Based on Stacking Multi-model Fusion
计算机科学, 2022, 49(6A): 784-789. https://doi.org/10.11896/jsjkx.210400030
[4] 康雁, 徐玉龙, 寇勇奇, 谢思宇, 杨学昆, 李浩.
基于Transformer和LSTM的药物相互作用预测
Drug-Drug Interaction Prediction Based on Transformer and LSTM
计算机科学, 2022, 49(6A): 17-21. https://doi.org/10.11896/jsjkx.210400150
[5] 赵人行, 徐频捷, 刘瑶.
基于深度卷积残差网络的心电单导联房颤检测方法
ECG-based Atrial Fibrillation Detection Based on Deep Convolutional Residual Neural Network
计算机科学, 2022, 49(5): 186-193. https://doi.org/10.11896/jsjkx.220200002
[6] 韩红旗, 冉亚鑫, 张运良, 桂婕, 高雄, 易梦琳.
基于共同子空间分类学习的跨媒体检索研究
Study on Cross-media Information Retrieval Based on Common Subspace Classification Learning
计算机科学, 2022, 49(5): 33-42. https://doi.org/10.11896/jsjkx.210200157
[7] 高心悦, 田汉民.
基于改进U-Net网络的液滴分割方法
Droplet Segmentation Method Based on Improved U-Net Network
计算机科学, 2022, 49(4): 227-232. https://doi.org/10.11896/jsjkx.210300193
[8] 张红民, 李萍萍, 房晓冰, 刘宏.
改进YOLOv3网络模型的人体异常行为检测方法
Human Abnormal Behavior Detection Method Based on Improved YOLOv3 Network Model
计算机科学, 2022, 49(4): 233-238. https://doi.org/10.11896/jsjkx.210300251
[9] 瞿中, 陈雯.
基于空洞卷积和多特征融合的混凝土路面裂缝检测
Concrete Pavement Crack Detection Based on Dilated Convolution and Multi-features Fusion
计算机科学, 2022, 49(3): 192-196. https://doi.org/10.11896/jsjkx.210100164
[10] 高堰泸, 徐圆, 朱群雄.
基于A-DLSTM夹层网络结构的电能消耗预测方法
Predicting Electric Energy Consumption Using Sandwich Structure of Attention in Double -LSTM
计算机科学, 2022, 49(3): 269-275. https://doi.org/10.11896/jsjkx.210100006
[11] 郭琳, 李晨, 陈晨, 赵睿, 范仕霖, 徐星雨.
基于通道注意递归残差网络的图像超分辨率重建
Image Super-resolution Reconstruction Using Recursive ResidualNetwork Based on ChannelAttention
计算机科学, 2021, 48(8): 139-144. https://doi.org/10.11896/jsjkx.200500150
[12] 许华杰, 张晨强, 苏国韶.
基于深层卷积残差网络的航拍图建筑物精确分割方法
Accurate Segmentation Method of Aerial Photography Buildings Based on Deep Convolutional Residual Network
计算机科学, 2021, 48(8): 169-174. https://doi.org/10.11896/jsjkx.200500096
[13] 暴雨轩, 芦天亮, 杜彦辉, 石达.
基于i_ResNet34模型和数据增强的深度伪造视频检测方法
Deepfake Videos Detection Method Based on i_ResNet34 Model and Data Augmentation
计算机科学, 2021, 48(7): 77-85. https://doi.org/10.11896/jsjkx.210300258
[14] 牛康力, 谌雨章, 张龚平, 谭前程, 王绎冲, 罗美琪.
基于深度学习的无人机航拍车流量监测
Vehicle Flow Measuring of UVA Based on Deep Learning
计算机科学, 2021, 48(6A): 275-280. https://doi.org/10.11896/jsjkx.200900149
[15] 王建明, 黎向锋, 叶磊, 左敦稳, 张丽萍.
基于信道注意结构的生成对抗网络医学图像去模糊
Medical Image Deblur Using Generative Adversarial Networks with Channel Attention
计算机科学, 2021, 48(6A): 101-106. https://doi.org/10.11896/jsjkx.200600144
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发