摘要
基于深度学习的网络流量异常检测模型通常存在现实环境适应性差、表征能力有限以及泛化能力弱的问题。为此,提出了一种基于多尺度记忆残差网络的网络流量异常检测模型。基于高维特征空间分布分析,证明网络流量数据预处理方法的有效性;将多尺度一维卷积与长短期记忆网络相结合,通过深度学习算法提高模型的表征能力;基于残差网络的思想,实现深度特征提取,同时防止梯度消失、梯度爆炸、过拟合及网络退化现象,加快模型收敛速度,从而实现准确高效的网络流量异常检测。数据预处理可视化结果表明,经独热编码处理后,相较于标准化处理,归一化处理可使正常流量与异常流量数据有效分离;有效性验证实验及性能评估实验结果表明,通过增加恒等映射可加快模型收敛速度,并有效解决网络退化问题;对比实验结果表明,多尺度一维卷积及长短期记忆网络可提升模型的表征能力并使模型具备较强的泛化能力,且本文模型相比当前部分深度学习模型呈现更优的性能指标。
Network traffic anomaly detection based on deep learning usually has the problems of poor adaptability to real-world environments,limited representation ability and week generalization ability.From the perspective of these problems,a network traffic anomaly detection method based on multi-scale memory residual network is proposed.Based on the analysis of high-dimensional feature space distribution,this paper demon-strates the validity of the approach to network traffic data preprocessing.Combining multi-scale one-dimensional convolution and long short-term memory network,the representation ability is enhanced by deep learning classifiers.To make the network traffic anomaly detection accurate and efficient,by the idea of residual network,the deep feature extraction is implemented,the problems of vanishing/exploding gradients,the over-fitting and network degradation are prevented,and the convergence speed of the model is accelerated.The visualizations of data preprocessing result suggest that,compared with standardization,normalization has better capability to separate the abnormal traffic data from the normal traffic data.The result of validity verification and performance evaluation experiment reveal that,by inserting identity mapping,the convergence speed of the model can be accelerated,and the network degradation problem can be efficiently addressed.The result of contrast experiment indicates the one-dimensional convolution and long short-term memory network can reinforce the representation and generalization ability of our model,and the performance metrics of our model is better than that of the current deep learning model.
作者
王馨彤
王璇
孙知信
WANG Xin-tong;WANG Xuan;SUN Zhi-xin(Post Big Data Technology and Application Engineering Research Center of Jiangsu Province,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Post Industry Technology Research and Development Center of the State Posts Bureau(Internet of Things Technology),Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Key Lab of Broadband Wireless Communication and Sensor Network Technology,Ministry of Education,Nanjing University of Posts and Telecommunications,Nanjing 210023,China)
出处
《计算机科学》
CSCD
北大核心
2022年第8期314-322,共9页
Computer Science
基金
国家自然科学基金(61972208)。
关键词
网络流量异常检测
多尺度记忆残差网络
多尺度一维卷积
长短期记忆网络
残差网络
网络入侵检测
Network traffic anomaly detection
Multi-scale memory residual network
Multi-scale one-dimensional convolution
Long short-term memory network
Residual network
Network intrusion detection
