张斌
1.中国人民解放军战略支援部队信息工程大学 郑州 450001
2.河南省信息安全重点实验室 郑州 450001
基金项目:河南省基础与前沿技术研究计划基金(142300413201),信息工程大学新兴科研方向培育基金(2016604703),信息工程大学科研项目(2019f3303)
详细信息
作者简介:董书琴:男,1990年生,博士生,研究方向为网络安全态势感知
张斌:男,1969年生,教授,博士生导师,研究方向为网络空间安全
通讯作者:董书琴 dongshuqin377@126.com
中图分类号:TP393.08计量
文章访问数:3565
HTML全文浏览量:1594
PDF下载量:169
被引次数:0
出版历程
收稿日期:2019-04-18
修回日期:2019-10-09
网络出版日期:2019-10-16
刊出日期:2020-03-19
Network Traffic Anomaly Detection Method Based on Deep Features Learning
Shuqin DONG,,Bin ZHANG
1. PLA SSF Information Engineering University, Zhengzhou 450001, China
2. Henan Key Laboratory of Information Security, Zhengzhou 450001, China
Funds:The Foundation and Frontier Technology Research Project of Henan Province (142300413201), The New Research Direction Cultivation Fund of Information Engineering University (2016604703), The Research Project of Information Engineering University (2019f3303)
摘要
摘要:针对网络流量异常检测过程中提取的流量特征准确性低、鲁棒性差导致流量攻击检测率低、误报率高等问题,该文结合堆叠降噪自编码器(SDA)和softmax,提出一种基于深度特征学习的网络流量异常检测方法。首先基于粒子群优化算法设计SDA结构两阶段寻优算法:根据流量检测准确率依次对隐藏层层数及每层节点数进行寻优,确定搜索空间中的最优SDA结构,从而提高SDA提取特征的准确性。然后采用小批量梯度下降算法对优化的SDA进行训练,通过最小化含噪数据重构向量与原始输入向量间的差异,提取具有较强鲁棒性的流量特征。最后基于提取的流量特征对softmax进行训练构建异常检测分类器,从而实现对流量攻击的高性能检测。实验结果表明:该文所提方法可根据实验数据及其分类任务动态调整SDA结构,提取的流量特征具有更高的准确性和鲁棒性,流量攻击检测率高、误报率低。
关键词:流量异常检测/
深度学习/
堆叠降噪自编码器/
粒子群优化
Abstract:In view of the problems of low attack detection rate and high false positive rate caused by poor accuracy and robustness of the extracted traffic features in network traffic anomaly detection, a network traffic anomaly detection method based on deep features learning is proposed, which is combined with Stacked Denoising Autoencoders (SDA) and softmax. Firstly, a two-stage optimization algorithm is designed based on particle swarm optimization algorithm to optimize the structure of SDA, the number of hidden layers and nodes in each layer is optimized successively based on the traffic detection accuracy, and the optimal structure of SDA in the search space is determined, improving the accuracy of traffic features extracted by SDA. Secondly, the optimized SDA is trained by the mini-batch gradient descent algorithm, and the traffic features with strong robustness are extracted by minimizing the difference between the reconstruction vector of the corrupted data and the original input vector. Finally, softmax is trained by the extracted traffic features to construct an anomaly detection classifier for detecting traffic attacks with high performance. The experimental results show that the proposed method can adjust the structure of SDA based on the experimental data and its classification tasks, extract traffic features with a higher accuracy and robustness, and detect traffic attacks with high detection rate and low false positive rate.
Key words:Traffic anomaly detection/
Deep learning/
Stacked Denoising Autoencoders (SDA)/
Particle Swarm Optimization (PSO)
PDF全文下载地址:
https://jeit.ac.cn/article/exportPdf?id=8ea8646d-4feb-43cf-9f84-c4b15e63efa0