Anomaly Traffic Detection Based on Deep Metric Learning
The identification of network anomalous traffic is one of the important tasks of cyber security nowadays.However,traditional traffic classification models are trained based on traffic data,and most of the traffic data are unevenly distributed,leading to fuzzy classification boundaries,which will greatly limits the classification performance of the model.In order to solve the above problems,this paper proposed a deep metric learning based abnormal traffic detection method.Firstly,a new double-proxy mechanism was designed to improve the efficiency of model training by guiding the optimization direction of updateable proxy through the target proxy compared with the traditional deep metric learning algorithm of single proxy for each category,and to enhance the ability of aggregating traffic data of the same category and separating traffic data of different categories to minimize the intra-class distance and maximized the inter-class distance,which in turn maked the classification of data boundaries more clearly,breaking the performance bottleneck of traditional traffic classification models.Secondly,this paper built neural networks based on 1D-CNN and Bi-LSTM,which can efficiently extract traffic features from spatial and temporal perspectives.The experimental results show that the intra-class distance of NSL-KDD traffic data is significantly reduced and the inter-class distance is significantly increased after the model processing.The intra-class distance decreased by 73.5%compared to the original intra-class distance and the inter-class distance increased by 52.7%compared to the original inter-class distance.And the neural network built in this paper is compared to the widely used deep residual network for deep metric learning with shorter training time and better results.Applying the model proposed in this paper to the traffic classification task on the NSL-KDD and CICIDS2017 datasets,the classification effect is also significantly improved compared to the traditional traffic classification algorithms.
deep metric learningabnormal traffic detectiontraffic data distributionneural network
NETL
NSTL
万方数据
