摘要
针对现有网络流量异常检测模型缺乏可解释性的问题,本研究提出了耦合演化采样和深度解码的可解释网络流量异常检测模型。首先,引入演化采样学习抽取代表特征样本,依此实现了强可解释性的样本编码过程;其次,构建了可解释的演化采样样本编码过程和不可解释的深度神经网络解码过程的耦合学习模型;最后,使用样本编码结果和重构误差进行异常检测。在NSL-KDD和CICIDS2017数据集上与现有方法的实验比较结果表明,该方法可显著提升模型可解释性和模型规模效率,并能取得与现有最优方法同等水平的检测性能。此外,上述新的学习策略,也可为可解释机器学习方法研究提供一种极具特色的技术方案参考。
Regarding the lack of explainability in existing network traffic anomaly detection models,this study pro-posed an explainable network traffic anomaly detection model with coupled evolutionary sampling and deep decoding.First,evolutionary sampling learning is introduced to extract representative feature samples,whereby a strongly explain-able sample encoding process is implemented.Second,a coupled learning model of the explainable evolutionary sample encoding process and the unexplainable deep neural network decoding process is constructed.Finally,anomaly detec-tion is performed using the sample encoding results and reconstruction errors.The experimental analysis on NSL-KDD and CICIDS2017 datasets are executed for our model and some existing methods,and corresponding results show that our model can significantly improve model explainability and scale efficiency and achieve the same level of detection performance as existing optimal methods.In addition,our proposed joint learning strategy may provide a highly distinct-ive scheme reference for the development of explainable machine learning methods.
作者
孙俊
谢振平
王洪波
SUN Jun;XIE Zhenping;WANG Hongbo(School of Artificial Intelligence and Computer Science,Jiangnan University,Wuxi 214122,China;Jiangsu Key Laboratory of Media Design and Software Technology,Jiangnan University,Wuxi 214122,China;TRS Topwalk Information Techololgy Co.,Ltd,Beijing 100089,China)
出处
《智能系统学报》
CSCD
北大核心
2023年第5期1070-1078,共9页
CAAI Transactions on Intelligent Systems
基金
国家自然科学基金项目(62272201,61872166)。
关键词
机器学习
无监督学习
流量异常检测
深度神经网络
可解释性
演化采样
深度编码
自编码器
machine learning
unsupervised learning
traffic anomaly detection
deep neural network
explainability
evolutionary sampling
deep enconding
autoencoder