摘要
基于流量异常发现网络中的攻击行为具有普适性优势,而传统的异常流量检测方法难以适应大量复杂的工业互联网流量特征提取,针对此问题提出一种基于时空融合深度学习的工业互联网异常流量检测方法。对类别不平衡的流量数据进行预处理操作,以形成样本分布较为均衡的流量数据集;使用融合聚合残差变换网络和门控循环单元的深度学习模型从空间和时间维度上提取流量数据特征,实现时空融合的流量数据特征的综合提取;通过Softmax分类器对流量数据进行分类。实验测试结果表明,所提方法具有较高的准确率和F1值,分别可达到94.7%和95.47%。与传统的异常流量检测方法相比,所提方法提高了对工业互联网异常流量数据的检测指标,且模型的运行时间相对较短。
There is a common advantage for discovering attack behavior in the network based on abnormal traffic.Since the traditional abnormal traffic detection methods are difficult to adapt to the extraction of a large number of complex industrial Internet traffic features,an abnormal traffic detection method for industrial Internet based on deep learning with time-space fusion is proposed.Firstly,the industrial Internet traffic data with unbalanced categories are preprocessed to form a traffic data set with balanced sample distribution.Then,a deep learning method combining aggregated residual transform network with gated recurrent unit is adopted to extract traffic data features from space and time dimensions,achieving comprehensive extraction of traffic data features with time-space fusion.Finally,the Softmax classifier is employed to classify the traffic data.Experimental test results show that the proposed method has higher accuracy and F1 value,which can reach 94.7%and 95.47%respectively.Compared with the traditional abnormal traffic detection method,the proposed method improves the detection index of industrial Internet abnormal traffic data and the running time of the model is relatively short.
作者
胡向东
张婷
HU Xiangdong;ZHANG Ting(School of Automation/School of Industrial Internet,Chongqing University of Posts and Communications,Chongqing 400065,P.R.China)
出处
《重庆邮电大学学报(自然科学版)》
CSCD
北大核心
2022年第6期1056-1064,共9页
Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition)
基金
教育部-中国移动研究基金(MCM20150202)。
关键词
工业互联网
异常流量检测
时空融合
聚合残差变换网络
门控循环单元
industrial internet
abnormal traffic detection
time-space fusion
aggregated residual transform network
gated recurrent unit