Journal on Communications ›› 2021, Vol. 42 ›› Issue (5): 23-40.doi: 10.11959/j.issn.1000-436x.2021109
• Papers • Previous Articles Next Articles
Wengang MA, Yadong ZHANG, Jin GUO
Revised:
2021-04-12
Online:
2021-05-25
Published:
2021-05-01
Supported by:
CLC Number:
Wengang MA, Yadong ZHANG, Jin GUO. Abnormal traffic detection method based on LSTM and improved residual neural network optimization[J]. Journal on Communications, 2021, 42(5): 23-40.
"
方法 | 类别 | Precision | Recall | FPR | F-measure | AUC |
BP | Normal | 44.362% | 76.342% | 22.363% | 56.116% | 0.695 |
Attack | 78.325% | 79.427% | 19.635% | 78.872% | 0.687 | |
LR | Normal | 65.437% | 73.635% | 11.258% | 69.294% | 0.542 |
Attack | 79.654% | 76.894% | 25.634% | 78.250% | 0.593 | |
KNN | Normal | 75.724% | 69.358% | 9.365% | 72.401% | 0.753 |
Attack | 82.359% | 72.417% | 15.985% | 77.069% | 0.782 | |
DT | Normal | 73.612% | 80.364% | 4.952% | 76.840% | 0.714 |
Attack | 85.627% | 82.348% | 12.305% | 83.956% | 0.714 | |
RF | Normal | 58.952% | 79.459% | 6.654% | 67.686% | 0.728 |
Attack | 88.671% | 81.872% | 9.258% | 85.136% | 0.764 | |
RDF | Normal | 68.425% | 82.328% | 5.369% | 74.736% | 0.792 |
Attack | 85.654% | 84.759% | 8.258% | 85.204% | 0.792 | |
SVM | Normal | 52.872% | 79.125% | 18.675% | 63.388% | 0.826 |
Attack | 79.361% | 82.388% | 22.464% | 80.846% | 0.834 | |
CNN2 | Normal | 70.821% | 85.696% | 3.254% | 77.552% | 0.865 |
Attack | 88.657% | 87.397% | 6.272% | 88.022% | 0.854 | |
DNN2 | Normal | 74.258% | 86.965% | 2.359% | 80.111% | 0.756 |
Attack | 87.696% | 88.564% | 4.872% | 88.128% | 0.793 | |
DBN | Normal | 80.920% | 89.781% | 3.695% | 85.121% | 0.899 |
Attack | 89.471% | 96.265% | 4.259% | 92.744% | 0.863 | |
LSTM | Normal | 81.586% | 89.820% | 2.215% | 85.505% | 0.798 |
Attack | 89.214% | 91.652% | 3.269% | 90.417% | 0.779 | |
本文方法 | Normal | 87.932% | 93.587% | 1.454% | 90.671% | 0.893 |
Attack | 93.625% | 95.634% | 2.651% | 94.619% | 0.883 |
"
方法 | 验证集 | 测试集 | |||||||||
Precision | Recall | FPR | F-measure | AUC | Precision | Recall | FPR | F-measure | AUC | ||
文献[ | 89.34% | 87.58% | 6.96% | 88.45% | 0.885 | 86.12% | 85.48% | 7.43% | 85.80% | 0.871 | |
文献[ | 85.68% | 84.63% | 5.27% | 85.15% | 0.876 | 83.47% | 84.02% | 6.84% | 83.74% | 0.852 | |
文献[ | 92.41% | 91.27% | 4.65% | 91.84% | 0.913 | 89.68% | 88.79% | 5.02% | 89.23% | 0.897 | |
文献[ | 94.57% | 93.81% | 2.58% | 94.18% | 0.934 | 91.59% | 92.36% | 3.36% | 91.98% | 0.911 | |
本文方法 | 94.09% | 94.19% | 2.86% | 94.14% | 0.946 | 92.73% | 93.28% | 2.41% | 93.01% | 0.928 |
"
方法 | Accuracy | 时间/s | ||||
0.15 | 0.25 | 0.35 | 训练 | 测试 | ||
CNN2 | 81.971% | 75.356% | 71.642% | 43.151 | 6.347 | |
DNN2 | 83.594% | 81.277% | 79.706% | 36.273 | 7.652 | |
DBN | 85.383% | 82.922% | 80.525% | 39.482 | 8.526 | |
LSTM | 87.259% | 85.934% | 83.807% | 27.496 | 4.258 | |
文献[ | 85.417% | 80.336% | 79.634% | 33.429 | 7.413 | |
文献[ | 84.264% | 81.228% | 80.217% | 35.472 | 7.231 | |
文献[ | 87.678% | 84.364% | 81.369% | 28.553 | 4.209 | |
文献[ | 88.692% | 85.697% | 84.442% | 30.664 | 5.214 | |
本文方法 | 89.686% | 89.326% | 88.985% | 29.147 | 4.384 |
[1] | 张定华, 胡祎波, 曹国彦 ,等. 面向工业网络通信安全的数据流特征分析[J]. 西北工业大学学报, 2020,38(1): 199-208. |
ZHANG D H , HU Y B , CAO G Y ,et al. Dataflow feature analysis for industrial networks communication security[J]. Journal of Northwestern Polytechnical University, 2020,38(1): 199-208. | |
[2] | 李赛飞, 闫连山, 郭伟 ,等. SD-SSDN:基于SDN架构的高速铁路信号系统安全数据网的安全管控研究[J]. 铁道学报, 2018,40(12): 81-92. |
LI S F , YAN L S , GUO W ,et al. SD-SSDN:software-defined signal safety data network for high-speed railway systems[J]. Journal of the China Railway Society, 2018,40(12): 81-92. | |
[3] | 丁建文, 宋甲英, 林思雨 ,等. 基于GPRS分组交换网络的CTCS-3级列控系统车地安全数据传输的可行性[J]. 中国铁道科学, 2015,36(3): 119-126. |
DING J W , SONG J Y , LIN S Y ,et al. Feasibility of train-ground safe-ty data transmission for CTCS-3 train control system based on GPRS packet switching network[J]. China Railway Science, 2015,36(3): 119-126. | |
[4] | 李赛飞, 闫连山, 李洪赭 ,等. 铁路通信网络安全的分析测试与可信防御研究[J]. 西南交通大学学报, 2018,53(6): 1130-1136,1149. |
LI S F , YAN L S , LI H Z ,et al. Analysis and testing of network secu-rity for China railway communication networks and proposed archi-tecture based on trusted computing[J]. Journal of Southwest Jiaotong University, 2018,53(6): 1130-1136,1149. | |
[5] | ZHANG X , ZHAO J B , LECUN Y . Character-level convolutional networks for text classification[C]// Advances in Neural Information Processing Systems. Massachusetts:MIT Press, 2015: 649-657. |
[6] | LU X H , ZHENG B , VELIVELLI A ,et al. Enhancing text categorization with semantic-enriched representation and training data augmentation[J]. Journal of the American Medical Informatics Association, 2006,13(5): 526-535. |
[7] | PARK S , KIM M , LEE S . Anomaly detection for HTTP using convolutional autoencoders[J]. IEEE Access, 2018,6: 70884-70901. |
[8] | YU Y Q , LIU G , N YAN H B ,et al. Attention-based Bi-LSTM model for anomalous HTTP traffic detection[C]// 2018 15th International Conference on Service Systems and Service Management. Piscataway:IEEE Press, 2018: 1-6. |
[9] | YANG W C , ZUO W , CUI B J . Detecting malicious URLs via a keyword-based convolutional gated-recurrent-unit neural network[J]. IEEE Access, 2019,7: 29891-29900. |
[10] | CHORA? M , KOZIK R . Machine learning techniques applied to detect cyber attacks on web applications[J]. Logic Journal of the IGPL, 2015,23(1): 45-56. |
[11] | KRUEGEL C , VIGNA G . Anomaly detection of Web-based attacks[C]// Proceedings of the 10th ACM conference on Computer and Communications security. New York:ACM Press, 2003: 251-261. |
[12] | CORONA I , TRONCI R , GIACINTO G . SuStorID:a multiple classifier system for the protection of Web services[C]// Proceedings of the 21st International Conference on Pattern Recognition. Piscataway:IEEE Press, 2012: 2375-2378. |
[13] | RINGBERG H , SOULE A , REXFORD J ,et al. Sensitivity of PCA for traffic anomaly detection[C]// ACM SIGMETRICS Performance Evaluation Review. New York:ACM Press, 2007,35(1): 109-120. |
[14] | AL-OBEIDAT F , EL-ALFY E S M . Hybrid multicriteria fuzzy classification of network traffic patterns,anomalies,and protocols[J]. Personal and Ubiquitous Computing, 2019,23(5/6): 777-791. |
[15] | ERFANI S M , RAJASEGARAR S , KARUNASEKERA S ,et al. High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning[J]. Pattern Recognition, 2016,58: 121-134. |
[16] | DU M , LI F F , ZHENG G N ,et al. DeepLog:anomaly detection and diagnosis from system logs through deep learning[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 1285-1298. |
[17] | ZHANG M , LU S B , XU B Y . An anomaly detection method based on multi-models to detect web attacks[C]// 2017 10th International Symposium on Computational Intelligence and Design. Piscataway:IEEE Press, 2017: 404-409. |
[18] | 高妮, 高岭, 贺毅岳 ,等. 基于自编码网络特征降维的轻量级入侵检测模型[J]. 电子学报, 2017,45(3): 730-739. |
GAO N , GAO L , HE Y Y ,et al. A lightweight intrusion detection model based on autoencoder network with feature reduction[J]. Acta Electronica Sinica, 2017,45(3): 730-739. | |
[19] | ALRAWASHDEH K , PURDY C . Toward an online anomaly intrusion detection system based on deep learning[C]// 2016 15th IEEE International Conference on Machine Learning and Applications. Piscataway:IEEE Press, 2016: 195-200. |
[20] | 李艳霞, 柴毅, 胡友强 ,等. 不平衡数据分类方法综述[J]. 控制与决策, 2019,34(4): 673-688. |
LI Y X , CHAI Y , HU Y Q ,et al. Review of imbalanced data classifica-tion methods[J]. Control and Decision, 2019,34(4): 673-688. | |
[21] | 陈建廷, 向阳 . 深度神经网络训练中梯度不稳定现象研究综述[J]. 软件学报, 2018,29(7): 2071-2091. |
CHEN J T , XIANG Y . Survey of unstable gradients in deep neural network training[J]. Journal of Software, 2018,29(7): 2071-2091. | |
[22] | DAS T K , ADEPU S , ZHOU J Y . Anomaly detection in industrial control systems using logical analysis of data[J]. Computers & Security, 2020,96: 101935. |
[23] | 宋勇, 侯冰楠, 蔡志平 . 基于深度学习特征提取的网络入侵检测方法[J]. 华中科技大学学报(自然科学版), 2021,49(2): 115-120. |
SONG Y , HOU B N , CAI Z P . Network intrusion detection method based on deep learning feature extraction[J]. Journal of Huazhong University of Science and Technology (Natural Science Edition), 2021,49(2): 115-120. | |
[24] | 张兴兰, 尹晟霖 . 可变融合的随机注意力胶囊网络入侵检测模型[J]. 通信学报, 2020,41(11): 160-168. |
ZHANG X L , YIN S L . Intrusion detection model of random attention capsule network based on variable fusion[J]. Journal on Communica-tions, 2020,41(11): 160-168. | |
[25] | YANG J , LIANG G , LI B B ,et al. A deep-learning- and reinforcement-learning-based system for encrypted network malicious traffic detection[J]. Electronics Letters, 2021,57(9): 363-365. |
[1] | Hongyan WANG, Hai YUAN. Action recognition method based on fusion of skeleton and apparent features [J]. Journal on Communications, 2022, 43(1): 138-148. |
[2] | Yuntian FENG, Xia WU, Xiong XU, Rongqing ZHANG. Research on ionospheric parameters prediction based on deep learning [J]. Journal on Communications, 2021, 42(4): 202-206. |
[3] | Ruizhang HUANG, Wenfan JIN, Yanping CHEN, Yongbin QIN, Qinghua ZHENG. Research on Chinese predicate head recognition based on Highway-BiLSTM network [J]. Journal on Communications, 2021, 42(1): 100-107. |
[4] | Han ZHANG,Yongjin HU,Yuanbo GUO,Jicheng CHEN. Research on coreference resolution technology of entity in information security [J]. Journal on Communications, 2020, 41(2): 165-175. |
[5] | WANG Li’na,GUO Xiaodong,WANG Run. Automated crowdturfing attack in Chinese user reviews [J]. Journal on Communications, 2019, 40(6): 1-13. |
[6] | Run WANG,Benxiao TANG,Li’na WANG. DeepRD:LSTM-based Siamese network for Android repackaged applications detection [J]. Journal on Communications, 2018, 39(8): 69-82. |
[7] | Shui-fei ZENG,Xiao-yan ZHANG,Xiao-feng DU,Tian-bo LU. New method of text representation model based on neural network [J]. Journal on Communications, 2017, 38(4): 86-98. |
[8] | You-jun LI,Jia-jin HUANG,Hai-yuan WANG,Ning ZHONG. Study of emotion recognition based on fusion multi-modal bio-signal with SAE and LSTM recurrent neural network [J]. Journal on Communications, 2017, 38(12): 109-120. |
[9] | Xiang-kun MU,Jin-song WANG,Yu-feng XUE,Wei HUANG. Abnormal network traffic detection approach based on alive entropy [J]. Journal on Communications, 2013, 34(Z2): 51-57. |
[10] | . Abnormal network traffic detection approach based on alive entropy [J]. Journal on Communications, 2013, 34(Z2): 11-57. |
[11] | Zhi-xin SUN,Yi-wei TANG,Jing GONG. Novel wobble-defended M-MULTOPS structure and its application in detecting network abnormal traffic [J]. Journal on Communications, 2007, 28(8): 92-98. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|