动态生成Shapelet的网络流量异常检测
Network traffic anomaly detection with dynamic Shapelet generation
霍帅 1师智斌 1窦建民 1郝伟泽 1石琼1
作者信息
- 1. 中北大学计算机科学与技术学院,山西太原 030000
- 折叠
摘要
当前网络流量异常检测方法大多针对流量特征集构建检测算法,为充分利用网络流量本身数据信息,降低对人为构建特征集的依赖,采用原始网络流量数据,基于对抗性动态Shapelet网络(ADSN),动态学习Shapelet时序特征,提出一种单尺度输入的ADSN(S-ADSN)流量异常检测方法.将网络会话流中用于建立连接的数据转换为时间序列,基于S-ADSN对原始流量序列样本动态学习和生成Shapelet时序特征,计算Shapelet与流量序列之间的距离向量并通过分类器判断流量类别.实验结果表明,所提方法能够动态获取具有辨识性的流量时序特征,具有可解释性和早期检测性优点,实现较高的恶意流量检测精度.
Abstract
Most of the current network traffic anomaly detection methods construct detection algorithms for traffic feature sets.To make full use of the network traffic data information itself and reduce the dependence on artificially constructed feature sets,the original network traffic data was used,and based on the adversarial dynamic Shapelet network(ADSN),the dynamic lear-ning of Shapelet temporal features was used.A single-scale input ADSN(S-ADSN)traffic anomaly detection method was pro-posed.The data used to establish connections in the network session flow were converted into time series,the Shapelet timing features were dynamically learned and generated based on S-ADSN for the original traffic sequence samples,and the distance vec-tor between the Shapelet and the traffic sequence was computed and the traffic category was determined by a classifier.Experi-mental results show that the proposed detection method can dynamically obtain discriminative traffic timing features,has the advantages of interpretability and early detection,and it can realize high malicious traffic detection accuracy.
关键词
网络流量/异常检测/时间序列/时序特征/特征学习/卷积神经网络/生成对抗网络Key words
network traffic/anomaly detection/time series/time series characteristics/feature learning/convolutional neural network/generative adversarial network引用本文复制引用
基金项目
山西省自然科学基金(20210302123075)
山西省重点研发计划(201903D121166)
出版年
2024
NETL
NSTL
维普
万方数据