Abnormal traffic detection method based on LSTM and improved residual neural network optimization

被引：0

作者：

Ma W. ^{[1
]}

Zhang Y. ^{[1
]}

Guo J. ^{[1
]}

机构：

[1] School of Information Science and Technology, Southwest Jiaotong University, Chengdu

来源：

Tongxin Xuebao/Journal on Communications | 2021年 / 42卷 / 05期

基金：

中央高校基本科研业务费专项资金资助; 中国国家自然科学基金;

关键词：

Abnormal traffic detection; Data pooling layer; Dilated con-volution; Improved residual neural network; LSTM;

D O I：

10.11959/j.issn.1000-436x.2021109

中图分类号：

学科分类号：

摘要：

Problems such as a difficulty in feature selection and poor generalization ability were prone to occur when traditional method was exploited to detect abnormal network traffic. Therefore, an abnormal traffic detection method based on the long short term memory network (LSTM) and improved residual neural network optimization was proposed. Firstly, the features and attributes of network traffic were analyzed, and the variability of the fea-ture values was reduced by preprocessing of network traffic. Then, a three-layer stacked LSTM network was designed to extract network traffic features of different depths. More-over, the problem of weak adaptability of feature extraction was solved. Finally, an im-proved residual neural network with skipping connecting line was designed to optimize the LSTM. The defects of deep neural network such as overfitting and gradient vanishing were optimized. The accuracy of abnormal traffic detection was improved. Experimental results show that the proposed method has higher training accuracy and better visibility of data processing. The classification accuracy rates under two classifications and multiple classi-fications are 92.3% and 89.3%. It has the lowest false positive rate when the parameters such as precision rate and recall rate are optimal. Moreover, it has strong robustness when the sample is destroyed. Furthermore, better generalization ability can be achieved. © 2021, Editorial Board of Journal on Communications. All right reserved.

引用

页码：23 / 40

页数：17

共 25 条

[11] KRUEGEL C, VIGNA G., Anomaly detection of Web-based attacks, Proceedings of the 10th ACM conference on Computer and Communications security, pp. 251-261, (2003)
[12] CORONA I, TRONCI R, GIACINTO G., SuStorID: a multiple classifier system for the pro-tection of Web services, Proceedings of the 21st International Conference on Pattern Recogni-tion, pp. 2375-2378, (2012)
[13] RINGBERG H, SOULE A, REXFORD J, Et al., Sensitivity of PCA for traffic anomaly de-tection, ACM SIGMETRICS Performance Evaluation Review, 35, 1, pp. 109-120, (2007)
[14] AL-OBEIDAT F, EL-ALFY E S M., Hybrid multicriteria fuzzy classification of network traffic patterns, anomalies, and protocols, Personal and Ubiquitous Computing, 23, 5, pp. 777-791, (2019)
[15] ERFANI S M, RAJASEGARAR S, KARUNASEKERA S, Et al., High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning, Pattern Recogni-tion, 58, pp. 121-134, (2016)
[16] DU M, LI F F, ZHENG G N, Et al., DeepLog: anomaly detection and diagnosis from system logs through deep learning, Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1285-1298, (2017)
[17] ZHANG M, LU S B, XU B Y., An anomaly detection method based on multi-models to detect web attacks, 2017 10th International Symposium on Computational Intelligence and De-sign, pp. 404-409, (2017)
[18] GAO N, GAO L, HE Y Y, Et al., A lightweight intrusion detection mod-el based on autoencoder network with feature reduction, Acta Electronica Sinica, 45, 3, pp. 730-739, (2017)
[19] ALRAWASHDEH K, PURDY C., Toward an online anomaly intrusion detection system based on deep learning, 2016 15th IEEE International Conference on Machine Learning and Applications, pp. 195-200, (2016)
[20] LI Y X, CHAI Y, HU Y Q, Et al., Review of imbalanced data classification methods, Control and Decision, 34, 4, pp. 673-688, (2019)

← 1 2 3 →