| 摘要: |
| 异常检测技术已成为维护物联网安全的重要技术之一。物联网设备的流量与一般的互联网流量不同, 具有不同的流量通信模式。应对物联网基础设施的复杂性, 基于机器学习的方法具有自动化检测、环境适应性强以及对大规模数据处理能力, 成为异常检测的主要方法。然而现有的基于机器学习的异常检测模型普遍存在两个问题:一是忽略了异常信息的复杂演化特征, 缺乏对信息时空依赖关系的总体建模能力; 二是存在噪声数据和冗余特征导致模型计算量大、训练不稳定、检测准确性差等问题。为此, 本文提出了一种基于动态流量图的时空图注意力网络(Spatio-Temporal Graph Attention Network, STGAT)异常检测方法。引入动态流量图的概念, 通过将网络流量数据构建为包含时序关联的动态图快照, 分析网络节点流量的时空演化模式; 通过STGAT从动态图的视角分析网络节点的流量通信, 实现对异常节点的检测; 此外, 还提出一种协同检测模型训练的自适应特征选择机制, 通过筛减噪声和冗余特征, 提升模型训练的稳定性以及检测的准确性。在UNSW-NB15、CICIDS-2017、CICIDS-001数据集上的实验结果表明, 相比传统的异常检测模型, 本文的模型在误报率FAR与F1分数等性能指标上有较大提升; 而且协同学习模型自适应地筛选出和监督任务最紧密相关的特征子集, 更加准确地检测物联网异常。 |
| 关键词: 可信人工智能 网络安全 图神经网络 异常检测 自适应特征选择 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2025.09.11 |
| 投稿时间:2023-06-28修订日期:2024-03-19 |
| 基金项目:本课题得到国家自然科学基金项目(No: 62176036, No. 6177210)资助。 |
|
| IoT Anomaly Detection based on Spatiotemporal Graph Attention Network |
| SU Xianshi,YANG Liping,MA Runze,JIANG Tongbang,QU Tiange,LIU Hongbo |
| College of Artificial Intelligence, Dalian Maritime University, Dalian 116026, China |
| Abstract: |
| Anomaly detection technology has become one of the most essential technologies for maintaining the security of the Internet of Things (IoT). The traffic from IoT devices differs from typical internet traffic and follows distinct communication patterns. To deal with the complexity of IoT infrastructure, methods based on machine learning have become the primary method for anomaly detection, owing to their capabilities in automated detection, strong environmental adaptability, and handling of large-scale data. However, the existing machine learning-based anomaly detection models generally suffer from two issues: Firstly, they ignore the complex evolution characteristics of anomaly information, resulting in a lack of modeling capability of spatiotemporal dependencies within the information. Secondly, the presence of noisy data and redundant features often bring problems such as large calculation, instability and poor accuracy to the model's training. To solve these challenges. This paper proposes a Spatiotemporal Graph Attention Network (STGAT) anomaly detection method based on Dynamic Traffic Graph (DTG). This method uses the concept of DTG to construct dynamic graph snapshots, which contain temporal correlation from network traffic data, and analyzes the spatiotemporal evolution pattern of network node traffic; Then, STGAT is used to analyze the traffic communication of network nodes from a dynamic graph perspective, achieving the detection of abnormal nodes; In addition, we propose an adaptive feature selection mechanism for collaborative detection model training to reduce noise and redundant features, which in turn improves the stability of model training and the accuracy of detection. The experimental results on three network security benchmark datasets, the UNSW-NB15, CICIDS-2017, and CICIDS-001, show that compared to traditional anomaly detection models, our model has significant improvements in performance indicators such as False Alarm Rate (FAR) and F1 score. Moreover, the collaborative learning model adaptively filters out feature subsets that are most closely related to the supervisory task, thereby enabling more accurate detection of IoT anomalies. |
| Key words: trustworthy artificial intelligence network security graph neural networks anomaly detection adaptive feature selection |
