Journal on Communications ›› 2022, Vol. 43 ›› Issue (10): 65-76.doi: 10.11959/j.issn.1000-436x.2022195
• Papers • Previous Articles Next Articles
Xueyuan DUAN1,2,3, Yu FU1, Kun WANG1,4, Taotao LIU1, Bin LI1
Revised:
2022-09-27
Online:
2022-10-25
Published:
2022-10-01
Supported by:
CLC Number:
Xueyuan DUAN, Yu FU, Kun WANG, Taotao LIU, Bin LI. Network traffic anomaly detection method based on multi-scale characteristic[J]. Journal on Communications, 2022, 43(10): 65-76.
"
数据集 | 数据子集 | 样本总数/个 | 正常样本数/个 | 异常样本数/个 | 特征数/个 |
KDD99 | 10_percent_corrected | 494 021 | 97 278 | 396 743 | 41 |
corrected | 253 727 | 26 053 | 227 674 | 41 | |
NSL-KDD | NSL-KDD-Train+ | 25 191 | 13 448 | 11 743 | 41 |
NSL-KDD-Test+ | 22 543 | 9 711 | 12 832 | 41 | |
UNSW-NB15 | NB15_training-set | 82 332 | 37 000 | 45 332 | 49 |
NB15_testing-set | 175 341 | 56 000 | 119 341 | 49 | |
CIC-IDS2018 | CIC-IDS2018-train | 198 675 | 142 822 | 55 853 | 79 |
CIC-IDS2018-test | 132 425 | 95 215 | 37 210 | 79 |
"
数据集 | 数据子集 | 样本总数/个 | 正常样本数/个 | 异常样本数/个 |
训练集 | 49 332 | 49 332 | — | |
KDD99 | 验证集 | 433 742 | 36 999 | 396 743 |
测试集 | 264 672 | 36 998 | 227 674 | |
训练集 | 9 264 | 9 264 | — | |
NSL-KDD | 验证集 | 18 691 | 6 948 | 117 43 |
测试集 | 19 780 | 6 948 | 12 832 | |
训练集 | 37 200 | 37 200 | — | |
UNSW-NB15 | 验证集 | 73 233 | 27 901 | 45 332 |
测试集 | 147 241 | 27 900 | 119 341 | |
训练集 | 95 215 | 95 215 | — | |
CIC-IDS2018 | 验证集 | 127 264 | 71 411 | 55 853 |
测试集 | 108 621 | 71 411 | 37 210 |
"
模型 | 数据集 | 精确率 | 召回率 | F1值 |
KDD99 | 0.788 5 | 0.778 6 | 0.783 5 | |
NSL-KDD | 0.834 3 | 0.887 1 | 0.859 9 | |
Tad-GAN | UNSW-NB15 | 0.868 1 | 0.899 1 | 0.883 3 |
CIC-IDS2018 | 0.838 9 | 0.822 1 | 0.830 4 | |
平均 | 0.832 5 | 0.846 7 | 0.839 3 | |
KDD99 | 0.929 7 | 0.944 2 | 0.936 9 | |
NSL-KDD | 0.864 2 | 0.855 3 | 0.859 7 | |
DAGMM | UNSW-NB15 | 0.856 7 | 0.836 9 | 0.846 7 |
CIC-IDS2018 | 0.840 3 | 0.846 4 | 0.843 3 | |
平均 | 0.858 9 | 0.857 4 | 0.858 1 | |
KDD99 | 0.847 9 | 0.823 7 | 0.835 6 | |
NSL-KDD | 0.894 3 | 0.896 1 | 0.895 2 | |
CBR-CNN | UNSW-NB15 | 0.888 9 | 0.902 3 | 0.895 5 |
CIC-IDS2018 | 0.778 4 | 0.800 8 | 0.789 4 | |
平均 | 0.852 4 | 0.855 7 | 0.854 0 | |
KDD99 | 0.922 3 | 0.948 9 | 0.935 4 | |
NSL-KDD | 0.946 1 | 0.950 6 | 0.948 3 | |
MFC | UNSW-NB15 | 0.890 3 | 0.906 8 | 0.898 5 |
CIC-IDS2018 | 0.849 2 | 0.865 4 | 0.857 2 | |
平均 | 0.879 5 | 0.904 3 | 0.891 6 |
[1] | YUAN X Y , HE P , ZHU Q L ,et al. Adversarial examples:attacks and defenses for deep learning[J]. IEEE Transactions on Neural Networks and Learning Systems, 2019,30(9): 2805-2824. |
[2] | 张成磊, 付玉龙, 李晖 ,等. 6G 网络安全场景分析及安全模型研究[J]. 网络与信息安全学报, 2021,7(1): 28-45. |
ZHANG C L , FU Y L , LI H ,et al. Research on security scenarios and security models for 6G networking[J]. Chinese Journal of Network and Information Security, 2021,7(1): 28-45. | |
[3] | AL-SANJARY O I , ROSLAN M A B , HELMI R A A ,et al. Comparison and detection analysis of network traffic datasets using K-means clustering algorithm[J]. Journal of Information & Knowledge Management, 2020,19(3): 2050026. |
[4] | PARMAR N , SHARMA A , JAIN H ,et al. Email spam detection using nave Bayes and particle swarm optimization[J]. 2020,6(10): 367-373. |
[5] | 李洪成, 吴晓平, 姜洪海 . 基于改进聚类分析的网络流量异常检测方法[J]. 网络与信息安全学报, 2015,1(1): 66-71. |
LI H C , WU X P , JIANG H H . Traffic anomaly detection method in networks based on improved clustering algorithm[J]. Chinese Journal of Network and Information Security, 2015,1(1): 66-71. | |
[6] | VIJAYANAND R , DEVARAJ D , KANNAPIRAN B . Support vector machine based intrusion detection system with reduced input features for advanced metering infrastructure of smart grid[C]// Proceedings of 4th International Conference on Advanced Computing and Communication Systems. Piscataway:IEEE Press, 2017: 1-7. |
[7] | DA T , QU Y R , PRASANNA V K . Accelerating decision tree based traffic classification on FPGA and multicore platforms[J]. IEEE Transactions on Parallel and Distributed Systems, 2017,28(11): 3046-3059. |
[8] | JAIN M , KAUR G , SAXENA V . A K-Means clustering and SVM based hybrid concept drift detection technique for network anomaly detection[J]. Expert Systems with Applications, 2022,193:116510. |
[9] | KHAN M , WANG H Z , RIAZ A ,et al. Bidirectional LSTM-RNNbased hybrid deep learning frameworks for univariate time series classification[J]. The Journal of Supercomputing, 2021,77(7): 7021-7045. |
[10] | GOODFELLOW I , BENGIO Y , et al . Deep learning[M]. Cambridge: MIT Press, 2016. |
[11] | GOODFELLOW I J , POUGET-ABADIE J , MIRZA M ,et al. Generative adversarial nets[C]// Proceedings of the 27th International Conference on Neural Information Processing Systems. Massachusetts:MIT Press, 2014: 2672-2680. |
[12] | KINGMA D P , WELLING M . Auto-encoding variational Bayes[J]. Statistics, 2014,10: 1-14. |
[13] | BRYNIELSSON J , SHARMA R . Detectability of low-rate HTTP server DoS attacks using spectral analysis[C]// Proceedings of IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. Piscataway:IEEE Press, 2015: 954-961. |
[14] | 何炎祥, 曹强, 刘陶 ,等. 一种基于小波特征提取的低速率DoS检测方法[J]. 软件学报, 2009,20(4): 930-941. |
HE Y X , CAO Q , LIU T ,et al. A low-rate DoS detection method based on feature extraction using wavelet transform[J]. Journal of Software, 2009,20(4): 930-941. | |
[15] | CHENG M , LI Q , LV J M ,et al. Multi-scale LSTM model for BGP anomaly classification[J]. IEEE Transactions on Services Computing, 2021,14(3): 765-778. |
[16] | WANG J Y , WANG Z , LI J F ,et al. Multilevel wavelet decomposition network for interpretable time series analysis[C]// Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. New York:ACM Press, 2018: 2437-2446. |
[17] | FOULADI R F , ERMI? O , ANARIM E . A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN[J]. Computer Networks, 2022,214:109140. |
[18] | ALBAHAR M A . Recurrent neural network model based on a new regularization technique for real-time intrusion detection in SDN environments[J]. Security and Communication Networks, 2019,2019: 1-9. |
[19] | PEI J M , ZHONG K Y , JAN M A ,et al. Personalized federated learning framework for network traffic anomaly detection[J]. Computer Networks, 2022,209:108906. |
[20] | ZONG B , SONG Q , MIN M R ,et al. Deep autoencoding gaussian mixture model for unsupervised anomaly detection[C]// Proceedings of International Conference on Learning Representations. Vancouver:ICLR Press, 2018: 1-19. |
[21] | YANG D H , HWANG M . Unsupervised and ensemble-based anomaly detection method for network security[C]// Proceedings of14th International Conference on Knowledge and Smart Technology. Piscataway:IEEE Press, 2022: 75-79. |
[22] | GEIGER A , LIU D Y , ALNEGHEIMISH S ,et al. TadGAN:time series anomaly detection using generative adversarial networks[C]// Proceedings of IEEE International Conference on Big Data (Big Data). Piscataway:IEEE Press, 2020: 33-43. |
[23] | PATIL R , BIRADAR R , RAVI V ,et al. Network traffic anomaly detection using PCA and BiGAN[J]. Internet Technology Letters, 2022,5(1): e235. |
[24] | 邹福泰, 谭越, 王林 ,等. 基于生成对抗网络的僵尸网络检测[J]. 通信学报, 2021,42(7): 95-106. |
ZOU F T , TAN Y , WANG L ,et al. Botnet detection based on generative adversarial network[J]. Journal on Communications, 2021,42(7): 95-106. | |
[25] | CHEN X H , DENG L W , HUANG F T ,et al. DAEMON:unsupervised anomaly detection and interpretation for multivariate time series[C]// Proceedings of IEEE 37th International Conference on Data Engineering. Piscataway:IEEE Press, 2021: 2225-2230. |
[26] | 麻文刚, 张亚东, 郭进 . 基于LSTM与改进残差网络优化的异常流量检测方法[J]. 通信学报, 2021,42(5): 23-40. |
MA W G , ZHANG Y D , GUO J . Abnormal traffic detection method based on LSTM and improved residual neural network optimization[J]. Journal on Communications, 2021,42(5): 23-40. | |
[27] | CHOUHAN N , KHAN A , KHAN H U R . Network anomaly detection using channel boosted and residual learning based deep convolutional neural network[J]. Applied Soft Computing, 2019,83:105612. |
[28] | YANG S , . Anomaly traffic detection based on LSTM[C]// Proceedings of IEEE 10th Joint International Information Technology and Artificial Intelligence Conference. Piscataway:IEEE Press, 2022: 667-670. |
[29] | ULLAH I , MAHMOUD Q H . Design and development of RNN anomaly detection model for IoT networks[J]. IEEE Access, 2022,10: 62722-62750. |
[30] | SUGIARTAWAN P , PULUNGAN R , KARTIKA A . Prediction by a hybrid of wavelet transform and long-short-term-memory neural network[J]. International Journal of Advanced Computer Science and Applications, 2017,8(2): 326-332. |
[31] | CHEN J L , LI Z P , PAN J ,et al. Wavelet transform based on inner product in fault diagnosis of rotating machinery:a review[J]. Mechanical Systems and Signal Processing, 2016,70/71: 1-35. |
[1] | Debin WEI, Chengsheng PAN, Li YANG, Zuoren YAN. Adaptive random early detection algorithm based on network traffic level grade prediction [J]. Journal on Communications, 2023, 44(6): 154-166. |
[2] | Yifeng WANG, Yuanbo GUO, Qingli CHEN, Chen FANG, Renhao LIN, Yongliang ZHOU, Jiali MA. Method based on contrastive incremental learning for fine-grained malicious traffic classification [J]. Journal on Communications, 2023, 44(3): 1-11. |
[3] | Weigang HUO, Rui LIANG, Yonghua LI. Anomaly detection model for multivariate time series based on stochastic Transformer [J]. Journal on Communications, 2023, 44(2): 94-103. |
[4] | Jianxin LIAO, Xiaoyuan FU, Qi QI, Jingyu WANG, Haifeng SUN. 6G-ADM: knowledge based 6G network management and control architecture [J]. Journal on Communications, 2022, 43(6): 3-15. |
[5] | Xueyuan DUAN, Yu FU, Kun WANG. Multi-dimensional time series anomaly detection method based on VAE-WGAN [J]. Journal on Communications, 2022, 43(3): 1-13. |
[6] | Ping WU, Chaowen CHANG, Zhibin ZUO, Yingying MA. Address overloading-based packet forwarding verification in SDN [J]. Journal on Communications, 2022, 43(3): 88-100. |
[7] | Haili SUN, Xiang LONG, Lansheng HAN, Yan HUANG, Qingbo LI. Overview of anomaly detection techniques for industrial Internet of things [J]. Journal on Communications, 2022, 43(3): 196-210. |
[8] | Zhuo CHEN, Miao ZHU, Junwei DU. Multi-view graph neural network for fraud detection algorithm [J]. Journal on Communications, 2022, 43(11): 225-232. |
[9] | Yongjin HU,Yuanbo GUO,Jun MA,Han ZHANG,Xiuqing MAO. Method to generate cyber deception traffic based on adversarial sample [J]. Journal on Communications, 2020, 41(9): 59-70. |
[10] | Tieming CHEN,Chengqiang JIN,Mingqi LYU,Tiantian ZHU. Intelligent detection method on network malicious traffic based on sample enhancement [J]. Journal on Communications, 2020, 41(6): 128-138. |
[11] | Qi QI,Runye SHEN,Jingyu WANG. GAD:topology-aware time series anomaly detection [J]. Journal on Communications, 2020, 41(6): 152-160. |
[12] | Debin WEI,Ting SHEN,Li YANG,Yaowen QI. Network queue scheduling algorithm based on self-similar traffic level grading prediction [J]. Journal on Communications, 2020, 41(4): 182-189. |
[13] | Xiaohui YANG,Shengchang ZHANG. Anomaly detection model based on multi-grained cascade isolation forest algorithm [J]. Journal on Communications, 2019, 40(8): 133-142. |
[14] | Jie WANG,Lili YANG,Min YANG. Multitier ensemble classifiers for malicious network traffic detection [J]. Journal on Communications, 2018, 39(10): 155-165. |
[15] | Yong WANG,Huiyi ZHOU,Hao FENG,Miao YE,Wenlong KE. Network traffic classification method basing on CNN [J]. Journal on Communications, 2018, 39(1): 14-23. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|