摘要
传统的网络流量异常检测通常基于单一原始特征变量进行阈值判断,或者对多个相关变量进行降维设计统计量后进行阈值判断,这类方法虽然简单,但无法应对变量间非线性关系随时间变化的情况。本文设计一种能够自适应动态逼近变量间非线性关系的深度神经网络,在普通的Encoder-Decoder神经网络的基础上引入2层注意力机制,提高了神经网络对长期历史信息的利用程度,实现了流量正常状态估计。基于估计得到的流量正常行为,分析其与实测值的残差分布情况,并最终给出置信区间作为判别异常行为的控制限。
Traditonal network traffic anomaly detection is usually based on single original characteristic variable to judge the threshold value, or to judge the threshold value after the dimensionality reduction design statistics of multiple related variables.Although this kind of method is simple, it cannot cope with the nonlinear relationship between variables changing with time. In this paper, a deep neural network is designed for network traffic anomaly detection, which can dynamically identify the non-linear relationship between variables. Two layers of attention mechanism are introduced into Encoder-Decoder neural network, which improves the utilization of long-term historical information and realizes accurate estimation of the normal state of the network traffic. Based on the normal behavior of the estimated network traffic, the distribution of the residual error between the measured value and the estimated value is analyzed, the confidence interval is finally obtained and regarded as the control limit to distinguish abnormal behavior.
作者
杨永娇
唐亮亮
王哲
YANG Yong-jiao;TANG Liang-liang(Guangdong Power Information Technology Co. Ltd.,Guangzhou 510080,China)
出处
《计算机与现代化》
2019年第10期66-71,共6页
Computer and Modernization
关键词
智能网
流量异常检测
深度神经网络
正常行为模型
置信区间
控制限
smart grid
network traffic anomaly detection
deep neural network
normal behavior model
confidence interval
control limit
