通信学报 ›› 2023, Vol. 44 ›› Issue (3): 66-80.doi: 10.11959/j.issn.1000-436x.2023066

• 学术论文 • 上一篇    下一篇

基于多分类器集成的区块链网络层异常流量检测方法

戴千一1,2, 张斌1,2, 郭松1, 徐开勇1   

  1. 1 信息工程大学密码工程学院,河南 郑州 450001
    2 河南省信息安全重点实验室,河南 郑州 450001
  • 修回日期:2023-03-02 出版日期:2023-03-25 发布日期:2023-03-01
  • 作者简介:戴千一(1994− ),男,陕西西安人,信息工程大学博士生,主要研究方向为区块链安全、区块链网络层流量检测、区块链系统应用、机器学习
    张斌(1969− ),男,河南南阳人,博士,信息工程大学教授、博士生导师,主要研究方向为信息系统安全
    郭松(1985− ),男,河北保定人,博士,信息工程大学讲师,主要研究方向为信息系统安全
    徐开勇(1963− ),男,河南信阳人,信息工程大学研究员,主要研究方向为信息安全与可信计算
  • 基金资助:
    信息保障技术重点实验室开放基金资助项目(KJ-15-109);信息工程大学新兴科研方向培育基金资助项目(2016604703);信息工程大学科研基金资助项目(2019f3303)

Blockchain network layer anomaly traffic detection method based on multiple classifier integration

Qianyi DAI1,2, Bin ZHANG1,2, Song GUO1, Kaiyong XU1   

  1. 1 Department of Cryptogram Engineering, Information Engineering University, Zhengzhou 450001, China
    2 Henan Province Key Laboratory of Information Security, Zhengzhou 450001, China
  • Revised:2023-03-02 Online:2023-03-25 Published:2023-03-01
  • Supported by:
    The Open Fund Project of Information Assurance Technology Key Laboratory(KJ-15-109);The New Research Direction Cultivation Fund of Information Engineering University(2016604703);The Research Project of Information Engineering University(2019f3303)

摘要:

为提升对区块链网络层混合型攻击流量的综合泛化特征感知能力,增强异常流量检测性能,提出一种具有支持异常数据综合判决机制和强泛化能力的基于多分类器集成的区块链网络层异常流量检测方法。首先,为扩大所用基分类器的输入特征子集差异度,提出基于区分度和冗余信息量特征子集选择算法,特征筛选过程中激励高区分度子集项输出,同时抑制冗余信息生成。其次,在Bagging集成算法中引入随机方差缩减梯度算法动态调整各基模型投票权重,提升对混合型攻击流量的检测泛化能力。最后,为了将集成算法输出的低维数值向量向高维空间映射,提出基于数据场概念的局部离群因子算法,并基于数据点间势差放大各样本数据点空间密度分布差异性,提升异常数据点检测召回率。实验结果表明,相较于单一分类检测器集成方法,所提方法的异常检测准确率、召回率分别平均提升1.57%、2.71%。

关键词: 区块链网络层, 集成学习, 机器学习, 异常流量检测

Abstract:

To improve the comprehensive generalized feature perception ability of mixed attack traffic on the blockchain network layer, and enhance the performance of abnormal traffic detection, a blockchain layer traffic anomaly detection method was proposed that supported the comprehensive judgement of data anomaly with a strong generalisation capability.Firstly, to expand the difference of the input feature subset of the base classifier used, a feature subset selection algorithm based on discrimination degree and redundant information was proposed, and the output of high sensitivity subset terms was stimulated during the feature screening process, while the generation of redundant information was suppressed.Then, the stochastic variance reduction gradient algorithm was introduced into the bagging integration algorithm to realize the dynamic adjustment of the voting weights of each base modeland improve thecapability in detecting the generalised hybrid abnormal attack traffic.Finally, LBoF algorithm was proposed to map the low-dimensional numerical vector output by the integrated algorithm to a high-dimensional space.The discrepancy of data point spatial density distribution of various samples were amplified based on the potential difference between data points to increase the recall rate of anomalous data point detection.The experimental results show that in detecting multiple hybrid attack traffic on blockchain layers, the proposed method presents an increase in the anomaly detection accuracy and recall rate, which is 1.57% and 2.71%, respectively, compared with methods based on a single classifier integration.

Key words: blockchain network layer, ensemble learning, machine learning, anomaly traffic detection

中图分类号: 

No Suggested Reading articles found!