摘要
针对当前基于循环神经网络的异常流量检测方法无法并行利用全局流量数据包挖掘时序特征的问题,提出一种基于时空注意力特征的异常流量检测方法。将原始流量以会话为单元切分为网络流,网络流中的数据包均转换为灰度图并归一化;利用卷积网络层提取数据包的空间特征,进而通过多头自注意力机制对流中的全部数据包空间特征并行建模,计算数据包之间显著的时序关联特征表示;将该特征表示输入到全连接神经网络层和Softmax层,输出识别概率完成检测。在UNSW-NB15数据集上的实验结果表明该方法切实可行,相较于对比方法,在取得较高的准确率和精度的同时,保持了最低的误警率。
Aimed at the problem that the current RNN-based methods cannot exploit global flow data packets to mine time series features in parallel,a network traffic anomaly detection method based on spatial-temporal attention feature is proposed.The original traffic was divided into network flows in units of sessions,and the data packets in the network flows were converted into grayscale images and normalized.The convolutional network layer was used to extract the spatial features of the data packets,and the spatial features were modeled in parallel by the multi-head self-attention mechanism to calculate the significant temporal correlation feature representation between the data packets.The predicted probabilities of the spatial-temporal attention features were output by fully connected layer and the Softmax layer.Experimental results on UNSW-NB15 dataset indicate that the proposed method is practical and feasible.Compared with the comparison method,while achieving higher accuracy and precision,it maintains the lowest false alarm rate.
作者
孟献轲
张硕
熊诗
王波
Meng Xianke;Zhang Shuo;Xiong Shi;Wang Bo(The 28th Research Institute of China Electronics Technology Group Corporation,Nanjing 210000,Jiangsu,China;School of Information and Systems Engineering,PLA Information Engineering University,Zhengzhou 450002,Henan,China)
出处
《计算机应用与软件》
北大核心
2023年第4期99-106,共8页
Computer Applications and Software
关键词
时空注意力特征
卷积神经网络
多头注意力机制
灰度图
异常流量
Spatial-temporal attention feature
Convolutional neural network
Multi-head attention mechanism
Grayscale image
Anomaly network traffic
