摘要
随着网络攻击的复杂化、自动化和智能化水平的不断提高,网络中不断涌现出新的攻击类型,给基于特征码的网络攻击检测和及时响应带来极大挑战。为了更加有效准确的识别异常流量,提出一种基于多特征提取自编码器的网络流量异常检测算法。算法自定义基于多特征提取的自编码器模型,由5个不同的Encoder模块构成编码器,1个Decoder模块构成解码器,能够同时提取流量中的空间特征和时间特征,且能有效避免产生退化现象,有效检测异常流量。同时,自定义SMOTE-新样本过采样法来解决数据不均衡问题,使用方差分析进行特征选择,优化数据,降低模型复杂度,大大缩短检测时间,提高算法的检测实时性。实验结果表明,提出的算法在网络流量异常检测的准确率方面比当前同类最优算法提升了1%,对百万条流量数据的检测时间减少了4.22 s。
With the increasing level of complexity,automation and intelligence of network attacks,new types of attacks are constantly emerging in the network,which brings great challenges to feature code-based network attack detection and timely response.In order to identify abnormal traffic more effectively and accurately,a network traffic anomaly detection algorithm based on multi-feature extraction self-encoder is proposed.The algorithm customizes a self-encoder model based on multi-feature extraction,which consists of five different Encoder modules constituting the encoder and one Decoder module constituting the decoder,and is able to extract spatial and temporal features in the traffic at the same time,and can effectively avoid degradation phenomenon,and effectively detect anomalous traffic.At the same time,the custom SMOTE-new sample oversampling method is used to solve the problem of data imbalance,and ANOVA is used for feature selection to optimize the data,reduce the complexity of the model,greatly shorten the detection time,and improve the detection of the algorithm in real time.The experimental results show that the proposed algorithm improves the accuracy of network traffic anomaly detection by 1%compared with the current optimal algorithm of the same kind,and reduces the detection time by 4.22 s for millions of traffic data.
作者
覃遵颖
王蔚炜
李国栋
崔靖茹
董凡
QIN Zunying;WANG Weiwei;LI Guodong;CUI Jingru;DONG Fan(Network Information Center,Xi'an Jiaotong University,Xi'an 710049,China;School of Software,Xi'an Jiaotong University,Xi'an 710049,China)
出处
《中国有线电视》
2023年第12期13-19,共7页
China Digital Cable TV
基金
国家自然科学基金资助项目(52106153)
江苏省自然科学基金资助项目(BK20210760)
中国博士后科学基金特别资助项目(2020TQ0126)。
关键词
深度学习
异常流量检测
自编码器
稀疏样本增强
特征选择
deep learning
abnormal traffic detection
autoencoder
sparse sample enhancement
feature selection