摘要
针对当前卷积和循环神经网络相结合的模型无法有效表征网络流量的问题,提出一种基于Tansformer的时序多模态融合特征的异常网络流量检测方法。首先,以会话为单位切分网络流量,将会话中流量记录的统计特征分组。其次,利用多模态注意力编码器计算特征分组的融合特征,进而利用注意力机制对一个会话的所有流量记录并行建模,挖掘流量记录的时序多模态融合特征。最后,利用全连接层和softmax层对该特征进行线性变换和概率计算。在CIC-ToN-IoT数据集上的实验结果表明该方法切实可行,相较于对比方法,在取得较高的准确率和精度的同时,保持了最低的误报率。
A transformer and sequential-multimodal fusion feature based network traffic anomaly detection method is proposed to solve the problem that methods based on convolutional neural networks and recurrent neural network cannot effectively characterize network traffic.First,the network traffic is segmented in units of sessions,and the characteristics of the traffic records are grouped in the sessions.Second,the multi-modal attention encoder is used to calculate the fusion features of feature groups,which is used to parallelly mine the sequential-multimodal fusion features of the traffic records by attention mechanism.Finally,the predicted probabilities of the sequential-multimodal fusion features are output by fully connected layer and the softmax layer.Experimental results on CIC-ToN-IoT dataset indicate that the proposed method is practical and feasible.Compared with the comparison method,it maintains the lowest false alarm rate while achieving higher accuracy and precision.
作者
唐永旺
刘会景
靳彦青
王刚
TANG Yongwang;LIU Huijing;JIN Yanqing;WANG Gang(Information Engineering University,Zhengzhou 450002,China;Urumqi Vocational University,Urumqi 830001,China)
出处
《信息工程大学学报》
2023年第4期468-474,共7页
Journal of Information Engineering University
关键词
深度学习
时序多模态融合特征
多模态编码器
注意力机制
异常流量
deep learning
sequential-multimodal fusion feature
multi-modal attention encoder
at-tention mechanism
anomaly network traffic
