摘要
为减少异常流量检测技术中流量特征的信息冗余,对不同类型流量多层面进行特征提取,提出一种基于设备行为的异常流量检测技术,对流量数据进行深度学习特征提取,综合提取到的数据时序特征、流量统计特征、协议,得到能够表征设备行为的特征。利用引入注意力机制的长短期记忆网络(long short-term memory,LSTM)训练数据提取时序特征,利用卷积神经网络(convolutional neural network,CNN)模型训练由时序特征矢量、流量统计特征、协议组成的高维流量特征完成深层次特征提取。通过在开源入侵检测数据集上进行实验,验证了该方法的有效性以及准确性。
To reduce the information redundancy of traffic characteristics in abnormal traffic detection technology,multi-level feature extraction was carried out for different types of traffic.An abnormal traffic detection technology based on device behavior was proposed to extract the in-depth learning features of traffic data,synthesize the extracted data timing features,traffic statistical features and protocols,and obtain the features that characterized the device behavior.The long short-term memory(LSTM)based on attention mechanism training data was utilized to extract the time series features,and the convolutional neural network(CNN)model was utilized to train the high-dimensional traffic features composed of time series feature vector,traffic statistics feature and protocols to complete the deep feature extraction.Experiments on open source intrusion detection datasets show that the method is effective and accurate.
作者
辛昊光
苏思达
王田原
马垚
陈永乐
XIN Hao-guang;SU Si-da;WANG Tian-yuan;MA Yao;CHEN Yong-le(College of Information and Computer,Taiyuan University of Technology,Jinzhong 030600,China)
出处
《计算机工程与设计》
北大核心
2022年第12期3301-3307,共7页
Computer Engineering and Design
基金
山西省重点研发计划基金项目(201903D121121)。
