Abnormal traffic detection method based on LSTM and improved residual neural network optimization

被引：0

作者：

Ma W. ^{[1
]}

Zhang Y. ^{[1
]}

Guo J. ^{[1
]}

机构：

[1] School of Information Science and Technology, Southwest Jiaotong University, Chengdu

来源：

Tongxin Xuebao/Journal on Communications | 2021年 / 42卷 / 05期

基金：

中央高校基本科研业务费专项资金资助; 中国国家自然科学基金;

关键词：

Abnormal traffic detection; Data pooling layer; Dilated con-volution; Improved residual neural network; LSTM;

D O I：

10.11959/j.issn.1000-436x.2021109

中图分类号：

学科分类号：

摘要：

Problems such as a difficulty in feature selection and poor generalization ability were prone to occur when traditional method was exploited to detect abnormal network traffic. Therefore, an abnormal traffic detection method based on the long short term memory network (LSTM) and improved residual neural network optimization was proposed. Firstly, the features and attributes of network traffic were analyzed, and the variability of the fea-ture values was reduced by preprocessing of network traffic. Then, a three-layer stacked LSTM network was designed to extract network traffic features of different depths. More-over, the problem of weak adaptability of feature extraction was solved. Finally, an im-proved residual neural network with skipping connecting line was designed to optimize the LSTM. The defects of deep neural network such as overfitting and gradient vanishing were optimized. The accuracy of abnormal traffic detection was improved. Experimental results show that the proposed method has higher training accuracy and better visibility of data processing. The classification accuracy rates under two classifications and multiple classi-fications are 92.3% and 89.3%. It has the lowest false positive rate when the parameters such as precision rate and recall rate are optimal. Moreover, it has strong robustness when the sample is destroyed. Furthermore, better generalization ability can be achieved. © 2021, Editorial Board of Journal on Communications. All right reserved.

引用

页码：23 / 40

页数：17

共 25 条

[1] ZHANG D H, HU Y B, CAO G Y, Et al., Dataflow feature anal-ysis for industrial networks communication security, Journal of Northwestern Polytechnical University, 38, 1, pp. 199-208, (2020)
[2] LI S F, YAN L S, GUO W, Et al., SD-SSDN: software-defined signal safety data network for high-speed railway systems, Journal of the China Railway Society, 40, 12, pp. 81-92, (2018)
[3] DING J W, SONG J Y, LIN S Y, Et al., Feasibility of train-ground safety data transmission for CTCS-3 train control system based on GPRS packet switching network, China Railway Science, 36, 3, pp. 119-126, (2015)
[4] LI S F, YAN L S, LI H Z, Et al., Analysis and test-ing of network security for China railway communication networks and proposed architecture based on trusted computing, Journal of Southwest Jiaotong University, 53, 6, pp. 1130-1136, (2018)
[5] ZHANG X, ZHAO J B, LECUN Y., Character-level convolutional networks for text classi-fication, Advances in Neural Information Processing Systems, pp. 649-657, (2015)
[6] LU X H, ZHENG B, VELIVELLI A, Et al., Enhancing text categorization with seman-tic-enriched representation and training data augmentation, Journal of the American Medical In-formatics Association, 13, 5, pp. 526-535, (2006)
[7] PARK S, KIM M, LEE S., Anomaly detection for HTTP using convolutional autoencod-ers, IEEE Access, 6, pp. 70884-70901, (2018)
[8] YU Y Q, LIU G, N YAN H B, Et al., Attention-based Bi-LSTM model for anomalous HTTP traffic detection, 2018 15th International Conference on Service Systems and Service Manage-ment, pp. 1-6, (2018)
[9] YANG W C, ZUO W, CUI B J., Detecting malicious URLs via a keyword-based convolu-tional gated-recurrent-unit neural network, IEEE Access, 7, pp. 29891-29900, (2019)
[10] CHORAS M, KOZIK R., Machine learning techniques applied to detect cyber attacks on web applications, Logic Journal of the IGPL, 23, 1, pp. 45-56, (2015)

← 1 2 3 →