- Yin Zinuo,Ma Hailong,Hu Tao.A Traffic Anomaly Detection Method Based on the Combination of DAE and GRU[J].Journal of Cyber Security,2023,8(2):11-27 [点击复制]
|流量异常检测能够有效识别网络流量数据中的攻击行为,是一种重要的网络安全防护手段。近年来,深度学习在流量异常检测领域得到了广泛应用,现有的深度学习模型进行流量异常检测存在两个问题:一是数据受噪声影响导致检测鲁棒性差、准确率低;二是数据特征维度高以及模型参数多导致训练和检测速度慢。为了在降低流量数据噪声影响的基础上提高检测速度和准确性,本文提出了一种基于去噪自编码器(Denoising Auto Encoder,DAE)和门控循环单元(Gated Recurrent Unit,GRU)组合的流量异常检测方法。首先设计了基于DAE的流量特征提取算法,采用小批量梯度下降算法对DAE进行训练,通过最小化含噪声数据的重构向量与原始输入向量间的差异,有效提取具有较强鲁棒性的流量特征,降低特征维度。然后设计了基于GRU的异常检测算法,利用提取的低维流量特征数据训练GRU,从而构建异常流量分类器,实现对攻击流量的准确检测。最后在NSL-KDD、UNSW-NB15、CICIDS2017数据集上的实验结果表明:与其他的机器学习、深度学习方法相比,本文所提方法的检测准确率最大提升了18.71%。同时,本文方法可以实现较高的精确率、召回率和检测效率,同时具有较低的误报率。在面对数据受到噪声破坏时,具有较强的检测鲁棒性。
|关键词: 流量异常检测 深度学习 去噪自编码器 门控循环单元
|A Traffic Anomaly Detection Method Based on the Combination of DAE and GRU
|Traffic anomaly detection can effectively identify attack behaviors in network traffic data, so it is an important means of network security protection. In the recent years, deep learning technology has been widely used in the field of traffic anomaly detection. The existing traffic anomaly detection methods based on deep learning models have two problems: one is poor robustness and low detection accuracy, which results from the data being affected by noise; the other is low efficiency, which is due to high data characteristic dimension and multiple model parameters. In order to improve detec-tion speed and accuracy on the basis of reducing the impact of noise on traffic data, this paper proposes a traffic anomaly detection method based on the combination of Denoising Auto Encoder (DAE) and Gated Recurrent Unit (GRU). Firstly, we design a traffic feature extraction algorithm based on DAE and use the Mini-Batch Gradient Descent (MSGD) algo-rithm to train DAE. By minimizing the difference between the reconstructed vector of noise-contained traffic data and the original input vector, the traffic features with strong robustness are effectively extracted and the dimension of the features is reduced. Then, an anomaly detection algorithm based on GRU is designed. The extracted low-dimensional traffic data is used to train the GRU to construct the abnormal traffic classifier and realize the accurate detection of the attack traffic. Finally, we have carried out anomaly detection experiments on the NSL-KDD, UNSW-NB15, and CICIDS2017 datasets and the experimental results fully show that compared with other machine learning and deep learning methods, the detec-tion accuracy of our proposed method can be improved by 18.71% at most. At the same time, the proposed method can achieve higher precision rate, recall rate and detection efficiency with lower false positive rate. When the traffic data is damaged by noise, it has strong detection robustness.
|Key words: traffic anomaly detection deep learning denoising autoencoder gate recurrent unit