Computer Science ›› 2022, Vol. 49 ›› Issue (8): 314-322.doi: 10.11896/jsjkx.220200011

• Information Security • Previous Articles     Next Articles

Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network

WANG Xin-tong, WANG Xuan, SUN Zhi-xin   

  1. Post Big Data Technology and Application Engineering Research Center of Jiangsu Province,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
    Post Industry Technology Research and Development Center of the State Posts Bureau(Internet of Things Technology),Nanjing University of Posts and Telecommunications,Nanjing 210023,China
    Key Lab of Broadband Wireless Communication and Sensor Network Technology,Ministry of Education,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
  • Received:2022-02-07 Revised:2022-03-18 Published:2022-08-02
  • About author:WANG Xin-tong,born in 1998,postgraduate.Her main research interests include cyber security,intrusion detection and machine learning.
    SUN Zhi-xin,born in 1964,Ph.D,professor,Ph.D supervisor.His main research interests include network communication and computer network and security.
  • Supported by:
    National Natural Science Foundation of China(61972208).

Abstract: Network traffic anomaly detection based on deep learning usually has the problems of poor adaptability to real-world environments,limited representation ability and week generalization ability.From the perspective of these problems,a network traffic anomaly detection method based on multi-scale memory residual network is proposed.Based on the analysis of high-dimensional feature space distribution,this paper demon-strates the validity of the approach to network traffic data preprocessing.Combining multi-scale one-dimensional convolution and long short-term memory network,the representation ability is enhanced by deep learning classifiers.To make the network traffic anomaly detection accurate and efficient,by the idea of residual network,the deep feature extraction is implemented,the problems of vanishing/exploding gradients,the over-fitting and network degradation are prevented,and the convergence speed of the model is accelerated.The visualizations of data preprocessing result suggest that,compared with standardization,normalization has better capability to separate the abnormal traffic data from the normal traffic data.The result of validity verification and performance evaluation experiment reveal that,by inserting identity mapping,the convergence speed of the model can be accelerated,and the network degradation problem can be efficiently addressed.The result of contrast experiment indicates the one-dimensional convolution and long short-term memory network can reinforce the representation and generalization ability of our model,and the performance metrics of our model is better than that of the current deep learning model.

Key words: Long short-term memory network, Multi-scale memory residual network, Multi-scale one-dimensional convolution, Network intrusion detection, Network traffic anomaly detection, Residual network

CLC Number: 

  • TP393.0
[1]ANDERSON J P.Computer security threat monitoring and surveillance[R].Technical Report,James P.Anderson Company,1980.
[2]ZHONG Y,CHEN W,WANG Z,et al.HELAD:A novel network anomaly detection model based on heterogeneous ensemble learning[J].Computer Networks,2020,169:107049.
[3]GUO Y,FANG B X,LI A P,et al.Artificial intelligence enabled cyberspace security defence[J].Strategic Study of Chinese Academy of Engineering,2021,23(3):98-105.
[4]SU T,SUN H,WANG S.Intrusion detection using convolutionalrecurrent neural network[C]//Proceedings of the 2019 8th International Conference on Computing and Pattern Recognition.2019:413-419.
[5]JIAN S,LU Z,DU D,et al.Overview of network intrusion detection technology[J].Journal of Cyber Security,2020,5(4):96-122.
[6]NARGESIAN F,SAMULOWITZ H,KHURANA U,et al.Learning feature engineering for classification[C]//InternationalJoint Conference on Artificial Intelligence(IJCAI).2017:2529-2535.
[7]LU X,LIU P,LIN J.Network traffic anomaly detection based on information gain and deep learning[C]//Proceedings of the 2019 3rd International Conference on Information System and Data Mining.2019:11-15.
[8]XIAO Y,XING C,ZHANG T,et al.An intrusion detectionmodel based on feature reduction and convolutional neural networks[J].IEEE Access,2019,7:42210-42219.
[9]AHMAD Z,SHAHID K A,WAI SHIANG C,et al.Network intrusion detection system:A systematic study of machine lear-ning and deep learning approaches[J].Transactions on Emerging Telecommunications Technologies,2021,32(1):e4150.
[10]MA W G,ZHANG Y D,GUO J.Abnormal traffic detection method based on LSTM and improved residual neural network optimization[J].Journal on Communications,2021,42(5):23-40.
[11]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].Neural Computation,1997,9(8):1735-1780.
[12]WU P,GUO H,MOUSTAFA N.Pelican:A deep residual network for network intrusion detection[C]//2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops(DSN-W).IEEE,2020:55-62.
[13]CHO K,MERRIENBOER B,GULCEHRE C,et al.Learningphrase representations using RNN encoder-decoder for statistical machine translation[C]//Conference on Empirical Methods in Natural Language Processing.2014:1724-1734.
[14]HE K,ZHANG X,REN S,et al.Deep residual learning forimage recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:770-778.
[15]LI X,CHEN S,HU X,et al.Understanding the disharmony between dropout and batch normalization by variance shift[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition.2019:2682-2690.
[16]SRIVASTAVA N,HINTON G,KRIZHEVSKY A,et al.Dropout:a simple way to prevent neural networks from overfitting[J].The Journal of Machine Learning Research,2014,15(1):1929-1958.
[17]IOFFE S,SEGEDY C.Batch normalization:Accelerating deepnetwork training by reducing internal covariate shift[C]//International Conference on Machine Learning.PMLR,2015:448-456.
[18]COOIJMANS T,BALLAS N,Laurent C,et al.Recurrent batch normalization[J].arXiv:1603.09025,2016.
[19]HE K,ZHANG X,REN S,et al.Identity mappings in deep residual networks[C]//European Conference on Computer Vision.Cham:Springer,2016:630-645.
[20]ZEILER M D,FERGUS R.Visualizing and understanding con-volutional networks[C]//European Conference on Computer Vision.Cham:Springer,2014:818-833.
[21]SAINATH T N,KINGSBURY B,Mohamed A,et al.Improvements to deep convolutional neural networks for LVCSR[C]//2013 IEEE Workshop on Automatic Speech Recognition and Understanding.IEEE,2013:315-320.
[22]ZHANG J,LING Y,FU X,et al.Model of the intrusion detection system based on the integration of spatial-temporal features[J].Computers & Security,2020,89:101681.
[23]WANG X,YIN S,LI H,et al.A Network Intrusion Detection Method Based on Deep Multi-scale Convolutional Neural Network[J].International Journal of Wireless Information Networks,2020,27(4):503-517.
[24]SZEGEDY C,VANHOUCKE V,IOFFE S,et al.Rethinking the inception architecture for computer vision[C]//Proceedings of the IEEE conference on computer vision and pattern recognition.2016:2818-2826.
[25]SZEGEDY C,IOFFE S,VANHOUCKE V,et al.Inception-v4,inception-resnet and the impact of residual connections on lear-ning[C]//Thirty-first Association for Advancement of Artificial Intelligence(AAAI) Conference on Artificial Intelligence.2017.
[26]MOUSTAFA N,SLAY J.UNSW-NB15:a comprehensive data set for network intrusion detection systems(UNSW-NB15 network data set)[C]//2015 Military Communications and Information Systems Conference(MilCIS).IEEE,2015:1-6.
[27]MOUSTAFA N,SLAY J.The evaluation of network anomalydetection systems:statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J].Information Security Journal:A Global Perspective,2016,25(1/2/3):18-31.
[28]VINAYAKUMAR R,SOMAN K P,POOMACHANDRAN P.Applying convolutional neural network for network intrusion detection[C]//2017 International Conference on Advances in Computing,Communications and Informatics(ICACCI).IEEE,2017:1222-1228.
[29]WU P,GUO H.LuNET:A deep neural network for network intrusion detection[C]//2019 IEEE Symposium Series on Computational Intelligence(SSCI).IEEE,2019:617-624.
[1] WANG Shan, XU Chu-yi, SHI Chun-xiang, ZHANG Ying. Study on Cloud Classification Method of Satellite Cloud Images Based on CNN-LSTM [J]. Computer Science, 2022, 49(6A): 675-679.
[2] GAO Rong-hua, BAI Qiang, WANG Rong, WU Hua-rui, SUN Xiang. Multi-tree Network Multi-crop Early Disease Recognition Method Based on Improved Attention Mechanism [J]. Computer Science, 2022, 49(6A): 363-369.
[3] ZHAO Ren-xing, XU Pin-jie, LIU Yao. ECG-based Atrial Fibrillation Detection Based on Deep Convolutional Residual Neural Network [J]. Computer Science, 2022, 49(5): 186-193.
[4] HAN Hong-qi, RAN Ya-xin, ZHANG Yun-liang, GUI Jie, GAO Xiong, YI Meng-lin. Study on Cross-media Information Retrieval Based on Common Subspace Classification Learning [J]. Computer Science, 2022, 49(5): 33-42.
[5] QU Zhong, CHEN Wen. Concrete Pavement Crack Detection Based on Dilated Convolution and Multi-features Fusion [J]. Computer Science, 2022, 49(3): 192-196.
[6] PAN Zhi-hao, ZENG Bi, LIAO Wen-xiong, WEI Peng-fei, WEN Song. Interactive Attention Graph Convolutional Networks for Aspect-based Sentiment Classification [J]. Computer Science, 2022, 49(3): 294-300.
[7] GUO Lin, LI Chen, CHEN Chen, ZHAO Rui, FAN Shi-lin, XU Xing-yu. Image Super-resolution Reconstruction Using Recursive ResidualNetwork Based on ChannelAttention [J]. Computer Science, 2021, 48(8): 139-144.
[8] XU Hua-jie, ZHANG Chen-qiang, SU Guo-shao. Accurate Segmentation Method of Aerial Photography Buildings Based on Deep Convolutional Residual Network [J]. Computer Science, 2021, 48(8): 169-174.
[9] BAO Yu-xuan, LU Tian-liang, DU Yan-hui, SHI Da. Deepfake Videos Detection Method Based on i_ResNet34 Model and Data Augmentation [J]. Computer Science, 2021, 48(7): 77-85.
[10] WANG Jian-ming, LI Xiang-feng, YE Lei, ZUO Dun-wen, ZHANG Li-ping. Medical Image Deblur Using Generative Adversarial Networks with Channel Attention [J]. Computer Science, 2021, 48(6A): 101-106.
[11] NIU Kang-li, CHEN Yu-zhang, ZHANG Gong-ping, TAN Qian-cheng, WANG Yi-chong, LUO Mei-qi. Vehicle Flow Measuring of UVA Based on Deep Learning [J]. Computer Science, 2021, 48(6A): 275-280.
[12] PENG Bin, LI Zheng, LIU Yong, WU Yong-hao. Automatic Code Comments Generation Method Based on Convolutional Neural Network [J]. Computer Science, 2021, 48(12): 117-124.
[13] CHAI Bing, LI Dong-dong, WANG Zhe, GAO Da-qi. EEG Emotion Recognition Based on Frequency and Channel Convolutional Attention [J]. Computer Science, 2021, 48(12): 312-318.
[14] ZHANG Ning, FANG Jing-wen, ZHAO Yu-xuan. Bitcoin Price Forecast Based on Mixed LSTM Model [J]. Computer Science, 2021, 48(11A): 39-45.
[15] LIU Zun-xiong, ZHU Cheng-jia, HUANG Ji, CAI Ti-jian. Image Super-resolution by Residual Attention Network with Multi-skip Connection [J]. Computer Science, 2021, 48(11): 258-267.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!