基于二次特征提取和BiLSTM-Attention的网络流量异常检测方法

Anomaly Detection Method of Network Traffic Based on Secondary Feature Extraction and BiLSTM-Attention

针对传统的网络流量异常检测方法存在识别准确度低、表征能力弱、泛化能力差,忽略了特征之间的相互关系等问题,该文提出一种基于二次特征提取和BiLSTM-Attention的网络流量异常检测方法。通过使用双向长短期记忆网络(BiLSTM)学习数据之间的特征关系,完成数据的一次特征提取,在此基础上,定义一种基于注意力机制的特征重要性权重评估规则,依据特征重要性大小对BiLSTM生成的特征向量给予相应的权重,完成数据的二次特征提取。最后,提出一种“先总分后细分”的设计思想构建网络流量异常检测模型,实现多分类网络流量的异常检测。实验结果表明,该文所提方法在性能上要优于传统单一的模型,并且具有良好的表征能力和泛化能力。

Focusing on the problems of the traditional network traffic anomaly detection methods,such as low recognition accuracy,weak representation ability,poor generalization ability,and ignoring the relationship between features,a network traffic anomaly detection method based on quadratic feature extraction and BiLSTM-Attention is proposed.By using the Bidirectional Long Short-Term Memory network(BiLSTM)to learn the feature relationship between the data,the feature of the data is extracted,on this basis,a feature importance weight evaluation rule based on attention mechanism is defined,and the feature vector generated by BiLSTM is given corresponding weight according to the feature importance to complete the secondary feature extraction of data.Finally,a design idea of“total score first and then subdivision”is proposed to construct a network traffic anomaly detection model to implement anomaly detection of multi-classified network traffic.The experimental results show that the method proposed in this paper is better than the traditional single model in performance,and has good representation ability and generalization ability.