基于不平衡数据的物联网异常流量检测

Abnormal Traffic Detection in the Internet of Things Based on Imbalanced Data

为应对数据类别不平衡问题,导致物联网异常流量检测模型性能低下,提出一种基于不平衡数据的物联网异常流量检测方法.首先,采用基于马氏距离(Mahalanobis distance,MD)的K-means SMOTE-ENN算法生成无噪声的数据,以有效实现数据样本分布均衡.其次,针对异常流量检测模型性能低下,构建了卷积神经网络(convolutional neural network,CNN)和双向长短期记忆网络(bi-directional long short-term memory,BiLSTM)相结合的模型,提取异常流量的局部卷积特征以及关键特征.最后,通过全连接层和分类器进行分类.实验结果显示,相较于现有异常流量检测方法,所提出的方法在准确率、召回率、精确率和F1值等评价指标上均取得显著提升.该模型能够准确识别流量中的异常行为,准确率高达99.43%.

In order to deal with the problem of data category imbalance,which puts forward the low performance of the abnormal traffic detection model of the Internet of things,this paper proposes an abnormal traffic detection method based on category imbalance.Firstly,the K-means SMOTE-ENN algorithm based on MD(Mahalanobis distance)is used to generate noise-free data to effectively achieve balanced data sample distribution.Secondly,aiming at the low performance of the abnormal traffic detection model,a model combining the CNN(convolutional neural network)and the BiLSTM(Bi-directional long short-term memory)is constructed.By extracting the local convolution features and key features of abnormal traffic.Finally,classification is performed through the fully connected layer and Softmax classifier.Experimental results show that compared with existing abnormal traffic detection methods,the proposed method achieved significant improvements in evaluation indicators such as accuracy,recall,precision and F1 value.The model can accurately identify abnormal behaviors in traffic with an accuracy rate as high as 99.43%.