摘要
入侵检测的难点之一是如何准确识别流量数据的异常特征。文中提出一个基于卷积神经网络(CNN)、双向长短期记忆网络(Bi-LSTM)和注意力(Attention)的时序流量异常检测模型,即BLAC。为提高BLAC模型的特征提取准确度,使用CNN提取流量数据中的空间特征,利用Bi-LSTM提取流量数据的完整时间特征,解决Attention难以对复杂时间序列数据位置信息进行编码的问题。通过对Attention权重的可视化分析,推测出异常在窗口中发生的时间点。使用雅虎的Webscope S5数据集进行对比试验,结果表明,BLAC模型的性能优于其他SOTA模型,其中关键指标召回率高达98.69%,表示二分类精确度的F1得分达到97.73%。
The traffic anomaly detection has always been an important research direction in cybersecurity. The main challenge of anomaly detection is how to recognize abnormal features hidden in traffic data accurately. A time-series network traffic anomaly detection model BLAC is proposed based on CNN(convolutional neural network),Bi-LSTM(Bidirectional longand short-term memory)and Attention. In order to improve the accuracy of feature extraction of BLAC model,CNN is used to extract local spatial features in traffic data,Bi-LSTM is used to extract the global time features in the traffic data,and then the extracted features are input into the Attention model to solve the problem that it is difficult for Attention to encode the location information of complex time-series data. The Webscope S5 data set is used for the comparison test. The results show that the performance of BLAC model is better than that of other SOTA models,and its recall rate of key indicators can reach 98.69%,indicating that the F1 score of secondary classification accuracy can reach 97.73%.
作者
李婧
周师严
LI Jing;ZHOU Shiyan(College of Computer Science and Technology,Shanghai University of Electric Power,Shanghai 201306,China)
出处
《现代电子技术》
2023年第4期91-96,共6页
Modern Electronics Technique
基金
国家自然科学基金资助项目(61872230)
国家自然科学基金资助项目(61572311)。
