摘要
随着网络攻击手段的日益精进和多样化,传统安全防护面临准确识别恶意流量困难的挑战。文章针对恶意流量检测中常见的无效特征众多、数据不平衡以及攻击手段复杂化等问题,开发了一种较高效的检测方法。首先,文章提出一种数据清洗和均衡化方法,能够提升流量特征数据的质量和有效性;然后,文章结合简单循环神经网络(Recurrent Neural Network,RNN)与多头注意力机制,使检测模型能够更精确处理序列数据,有效捕捉和识别各类信息及其依赖关系,大幅提升特征提取的准确度;最后,文章利用集成学习、深度学习和机器学习的优势,使检测模型能够在有限的样本上高效学习,并快速适应不同的网络特征。实验结果表明,该方法在多个公共数据集上展现了较好的检测性能。
With the increasing sophistication and diversification of cyber attack methods,traditional security defenses face a significant challenge in accurately identifying malicious traffic.This study addresses common issues in malicious traffic detection,such as numerous ineffective features,data imbalance,and the complexity of attack methods,by developing an efficient detection method.The main contributions include:proposing a data cleansing and Firstly,this paper balancing technique to effectively enhance the quality of traffic feature data;Secondly,innovatively the combination of a simple recurrent neural network with a multihead attention mechanism,enabled proposed the detection model to precisely handle sequential data,effectively captured and identified various types of information and their dependencies,thereby significantly improved the accuracy of feature extraction;Finaly,the advantages of ensemble learning,deep learning,and machine learned to enable the detection model to efficiently learn from limited samples and quickly adapt to different network characteristics.Through experimental validation,this method demonstrates prominent detection performance on multiple public datasets.
作者
屠晓涵
张传浩
刘孟然
TU Xiaohan;ZHANG Chuanhao;LIU Mengran(Department of Cybersecurity and Smart Police,Zhengzhou Police University,Zhengzhou 450053,China;Tianjin Public Security Division,Beijing Railway Public Security Bureau,Tianjin 300100,China)
出处
《信息网络安全》
CSCD
北大核心
2024年第4期520-533,共14页
Netinfo Security
基金
中央高校基本科研业务费[2022TJJBKY002,2023TJJBKY012,2022TJJBKY009]
河南省重点研发与推广专项[222102210302,232102210022]
河南省高等学校重点科研项目[23A520042]。
关键词
恶意流量检测
RNN
特征提取
集成学习
malicious traffic detection
RNN
feature extraction
ensemble learning
