An Anomaly Detection Method for Network Traffic of Servers #br# in Smart Grid Based on Deep Encoder-Decoder Neural Network

doi:10.3969/j.issn.1006-2475.2019.10.013

Abstract

Abstract: Traditonal network traffic anomaly detection is usually based on single original characteristic variable to judge the threshold value, or to judge the threshold value after the dimensionality reduction design statistics of multiple related variables.Although this kind of method is simple, it cannot cope with the nonlinear relationship between variables changing with time. In this paper, a deep neural network is designed for network traffic anomaly detection, which can dynamically identify the non-linear relationship between variables. Two layers of attention mechanism are introduced into Encoder-Decoder neural network, which improves the utilization of long-term historical information and realizes accurate estimation of the normal state of the network traffic. Based on the normal behavior of the estimated network traffic, the distribution of the residual error between the measured value and the estimated value is analyzed, the confidence interval is finally obtained and regarded as the control limit to distinguish abnormal behavior.

Key words: smart grid, network traffic anomaly detection, deep neural network, normal behavior model, confidence interval, control limit

CLC Number:

TP393.06

YANG Yong-jiao, TANG Liang-liang. An Anomaly Detection Method for Network Traffic of Servers #br# in Smart Grid Based on Deep Encoder-Decoder Neural Network[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2019.10.013.

References

［1］梅生伟,陈来军,陈颖. 智能电网信息安全及其对电力系统生存性影响初探［C］// 2010年分散式发电与智能电网技术研讨会论文集. 2010:74-78.
［2］ FAN B, WANG C, YANG Q M, et al. Performance guaranteed control of flywheel energy storage system for pulsed power load accommodation［J］. IEEE Transactions on Power Systems, 2018,33(4):3994-4004.
［3］陈来军,梅生伟,陈颖. 智能电网信息安全及其对电力系统生存性的影响［J］. 控制理论与应用, 2012,29(2):240-244.
［4］ YANG Q M, JAGANNATHAN S, SUN Y X. Robust integral of neural network and error sign control of MIMO nonlinear systems［J］. IEEE Transactions on Neural Networks and Learning Systems, 2015,26(12):3278-3286.
［5］杨青. 基于大数据分析的网络异常流量检测［J］. 机械设计与制造工程, 2018,47(11):79-82.
［6］付延友. DDoS异常检测的网络流量分析方法［J］. 中国新通信, 2018,20(8):66-67.
［7］王劲松,李军燕,张洪玮,等. 基于IPv6的大规模网络异常流量检测系统设计［J］. 计算机工程, 2018,44(10):14-21.
［8］许晓东,杨燕,李刚. 基于K-means聚类的网络流量异常检测［J］. 无线通信技术, 2013,22(4):21-26.
［9］吕军晖,周刚,金毅. 一种基于时间序列的自适应网络异常检测算法［J］. 北京航空航天大学学报, 2009,35(5):636-639.
［10］郑黎明,邹鹏,韩伟红,等. 基于多维熵值分类的骨干网流量异常检测研究［J］. 计算机研究与发展, 2012,49(9):1972-1981.
［11］YE X M, CHEN X S, WANG H Z, et al. An anomalous behavior detection model in cloud computing［J］. Tsinghua Science and Technology, 2016,21(3):322-332.
［12］陈兴蜀,江天宇,曾雪梅,等. 基于多维时间序列分析的网络异常检测［J］. 工程科学与技术, 2017,49(1):144-150.
［13］田嫱. 时间序列的相关性与相似性分析［D］. 北京:北京交通大学, 2016.
［14］陈胜,朱国胜,祁小云,等. 基于机器学习的网络异常流量检测研究［J］. 信息通信, 2017(12):39-42.
［15］CHO K, VAN MERRIE NBOER B, GULCEHRE C, et al. Learning phrase representations using RNN encoder-decoder for statistical machine translation［J/OL］. Computer Science, 2014, arXiv:1406.1078. ［2018-12-01］.https://arxiv.org/abs/1406.1078.
［16］李轶璋,王冼,段平,等. 基于历史与当前短时特征的异常流量检测［J］. 计算机工程, 2017,43(12):73-77.
［17］李秀龙. 基于网络流量监测与预测的用户流量行为分析方法研究［D］. 北京:北京工业大学, 2013.
［18］邱雪松,张珣,宋彦斌,等. 基于熵和线性关系的两级流量异常检测方法［J］. 北京邮电大学学报, 2018,41(4):56-62.
［19］曾建华. 一种基于核PCA的网络流量异常检测算法［J］. 计算机应用与软件, 2018,35(3):140-144.
［20］王伟. 基于深度学习的网络流量分类及异常检测方法研究［D］. 合肥:中国科学技术大学, 2018.
［21］张艳升,李喜旺,李丹,等. 基于卷积神经网络的工控网络异常流量检测［J/OL］. 计算机应用, ［2019-03-01］.http://www.joca.cn/CN/10.11722/j.issn.1001-9081.2018091928.
［22］WU Y, SCHUSTER M, CHEN Z, et al. Google’s neural machine translation system: Bridging the gap between human and machine translation［J/OL］. Computer Science，2016，arXiv:1609.08144. ［2018-12-01］. https://arxiv.org/abs/1609.08144.
［23］尚云艳,郭鹏江,夏志明. 自相关过程的EWMA残差控制图的设计与性能评价［J］. 统计与决策, 2018,34(17):174-176.

[1]	CHEN Zi-jian, DUAN Chun-hong. Automatic Epistemic Emotion Recognition Based on Facial Expression in E-learning [J]. Computer and Modernization, 2023, 0(10): 92-98.
[2]	CUI Shao-guo, ZHANG Gang, WANG Ao-di. Deep Cross Network Recommendation Model Based on Attention Perception [J]. Computer and Modernization, 2023, 0(07): 54-60.
[3]	BAI Kai-feng, ZHAO Hong-bin, ZHANG Yun, LI Yan, CUI Jing-an, LIU Qian-jin, YANG Hua, NI Na. Review of Abnormal Service Data Detection Methods in Power Grid [J]. Computer and Modernization, 2023, 0(03): 79-83.
[4]	ZHANG Yun, BAI Kai-feng, WANG Xing, CANG Tian, ZHOU Tong, DUAN Jin-wen, SU Han. Review of Electricity Theft Detection in Smart Grid Environment [J]. Computer and Modernization, 2023, 0(03): 60-65.
[5]	LU Yue, CAO Chun-ping. Microblog Rumor Detection Integrating User’s History and Dissemination Information [J]. Computer and Modernization, 2022, 0(06): 37-42.
[6]	ZHEN Chao, TIAN Yu, JI Kun, ZHANG Zheng-kai, HUANG Dao-you. Prediction of Gearbox Oil Temperature Based on FFT and DNN [J]. Computer and Modernization, 2022, 0(04): 17-20.
[7]	WANG Jian-hua, RAN Yu-kun. Eye-movement Tracking Based on Deep Neural Network for Portable Devices [J]. Computer and Modernization, 2021, 0(08): 58-63.
[8]	WU Hai-wei, WANG Xiao-zhong, ZHU Fa-shun, . A Scheduling Method of Smart Grid Based on Genetic Algorithm [J]. Computer and Modernization, 2020, 0(09): 122-126.
[9]	PENG Lu1, ZHU Jun2, ZOU Yun-feng2. Prediction of Power Customer Demands Based on Deep Neural Network [J]. Computer and Modernization, 2020, 0(05): 22-.
[10]	YANG Yong-jiao, XIAO Jian-yi, ZHAO Chuang-ye, ZHOU Kai-dong. An Anomaly Detection Algorithm for Smart Grid Time Series Data #br# Based on Combination of Isolation Forest and Random Forest [J]. Computer and Modernization, 2020, 0(03): 99-.
[11]	ZHANG Xue-xiang, LEI Ju-yang. Speaker Recognition Based on DNN and Pitch Period [J]. Computer and Modernization, 2020, 0(01): 122-.
[12]	Gengzang-Cuomao1,2, HUANG He-ming1,2. Application of Bidirectional Recurrent Neural Network in Speech Recognition [J]. Computer and Modernization, 2019, 0(10): 1-.
[13]	YANG Yong-jiao， QIU Yu， ZHAN Li-chao. An Anomaly Detection Approach on Servers Traffic in Smart #br# Grid Based on Breadth Learning Algorithm [J]. Computer and Modernization, 2019, 0(09): 77-.
[14]	LIU Zhi-yong1, WANG Hong-kai2, LI Gao-lei3, WU Jun3, SU Ya-ting1. A Dynamic Recognition System of Unknown Malicious Programs Based on Host Characteristics [J]. Computer and Modernization, 2016, 0(3): 105-110.
[15]	YIN Bo;CHEN Lu;CHEN Liang;WANG Yu-fei. Application of Information Security Key Technologies for Smart Grid in Sino-Singapore Tianjin Eco-city [J]. Computer and Modernization, 2013, 1(9): 186-189.