Anomaly Detection of Network Traffic Based on Autoencoder

doi:10.3969/j.issn.1006-2475.2024.12.006

Abstract

Abstract: In the face of increasingly complex network traffic and data structures with increasing dimensions， the existing traffic anomaly detection schemes have problems such as high false positive rate， low efficiency and poor practicability. To solve these problems， an autoencoder based network traffic anomaly detection model is proposed. Firstly， the model extracts the features of network traffic based on random forest algorithm and selects the optimal collection， and divides the feature vector set into several subsets by hierarchical clustering algorithm to reduce the feature dimension. Then the feature subset is processed in parallel by the autoencoder and the RMSE value is calculated. The maximum average RMSE value of multiple experiments is defined as the normal flow threshold. The average RMSE value and threshold of the test data are used to determine the abnormal traffic. The experimental results show that the recall rate of this model is 4.3 percentage points higher than that of the traditional anomaly detection method， and the running time is reduced by about 37%.

Key words: anomaly detection, autoencoder, hierarchical clustering, random forest algorithm

CLC Number:

TP393

LYU Meijing1, NIAN Mei1, ZHANG Jun1, 2, FU Lusen1. Anomaly Detection of Network Traffic Based on Autoencoder [J]. Computer and Modernization, 2024, 0(12): 40-44.

References

［1］王航. 基于半监督的恶意流量识别深度学习方法研究与实现［D］. 南京：南京邮电大学， 2021.
［2］苏永才. 基于时空图神经网络的网络异常检测与流量分类［D］. 南京：东南大学， 2021.
［3］黄超. 基于深度学习的网络流量异常检测研究［D］. 上海：华东师范大学， 2022.
［4］ CHAKRABARTY B， CHANDA O， ISLAM S. Anomaly based intrusion detection system using genetic algorithm and K-centroid clustering［J］. International Journal of Computer Applications， 2017，163（11）：13-17.
［5］倪谢俊. 基于数据挖掘的异常流量检测技术［D］. 上海：华东师范大学， 2016.
［6］ LANDRESS A D. A hybrid approach to reducing the false positive rate in unsupervised machine learning intrusion detection［C］// Southeastcon. IEEE， 2016. DOI:10.1109/SEC-
ON.2016.7506773.
［7］ CUI B J， HE S S， JIN H F. Multi-layer anomaly detection for internet traffic based on data mining［C］// 2015 9th International Conference on Innovative Mobile & Internet Services in Ubiquitous Computing. IEEE， 2015：277-282.
［8］翟圣杰. 基于机器学习的网络流量异常检测方法研究［D］. 成都：电子科技大学， 2023.
［9］陈戈. 基于机器学习的网络异常流量检测方法研究［D］.沈阳：沈阳理工大学， 2023.
［10］李腾. SDN中基于机器学习的网络流量分类研究［D］. 青岛：青岛理工大学， 2023.
［11］张芷有. 基于数据挖掘的入侵检测方法的研究［D］. 南京：南京邮电大学， 2020.
［12］靳梦晓. 基于软件定义网络的网络异常流量检测算法研究［D］. 南京：南京邮电大学， 2020.
［13］ CHOI H， KIM M， LEE G， et al. Unsupervised learning approach for network intrusion detection system using autoencoders［J］. The Journal of Supercomputing，2019，75（9）：5597-5621.
［14］ PU G， WANG L J， SHEN J， et al. A hybrid unsupervised clustering-based anomaly detection method［J］.Tsinghua Science and Technology， 2021，26（2）：146-153.
［15］ MIRSKY Y， DOITSHMAN T， ELOVICI Y， et al. Kitsune： An ensemble of autoencoders for online network intrusion detection［J］. arXiv preprint arXiv：1802.09089， 2018.
［16］ SHONE N， NGOC T N， PHAI V D， et al. A deep learning approach to network intrusion detection［J］. IEEE Transactions on Emerging Topics in Computational Intelligence， 2018，2（1）：41-50.
［17］ PREETHI D， KHARE N. Sparse auto encoder driven support vector regression based deep learning model for predicting network intrusions［J］. Peer-to-Peer Networking and Applications， 2021，14（4）：2419-2429.
［18］ LEE J， PAK J G， LEE M. Network intrusion detection system using feature extraction based on deep sparse autoencoder［C］// 2020 International Conference on Information and Communication Technology Convergence （ICTC）. IEEE， 2020：1282-1287.
［19］高妮，高岭，贺毅岳，等. 基于自编码网络特征降维的轻量级入侵检测模型［J］. 电子学报， 2017，45（3）：730-739.
［20］ YU Y， LONG J， CAI Z P. Network intrusion detection through stacking dilated convolutional autoencoders［J］. Security and Communication. Networks， 2017，2017（1）. DOI： 10.1155/2017/4184196.
［21］王涛. 基于自编码器与生成对抗网络的网络入侵检测研究［D］. 南宁：广西民族大学， 2023.
［22］吴佩. 基于混合马尔科夫树模型的ICS异常检测方法研究［D］. 合肥：合肥工业大学， 2018.
［23］潘成胜，李志祥，杨雯升，等. 基于二次特征提取和BiLSTM-Attention的网络流量异常检测方法［J］. 电子与信息学报，2023，45（12）：4539-4547.
［24］黄奇文，李丽颖，沈富可，等. 基于集成特征选择的网络异常流量检测［J］. 华东师范大学学报（自然科学版）， 2021（6）：100-111.
［25］ MICHELUCCI U. An introduction to autoencoders［J］. arXiv preprint arXiv：2201.03898， 2022.
［26］ BREIMAN L. Random forests［J］. Machine learning， 2001，45（1）：5-32.
［27］ SHARAFALDIN I， LASHKARI A H， GHORBANI A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization［C］// 4th International Conference on Information Systems Security and Privacy （ICISSP）， Portugal， January 2018.
［28］熊露露，年梅，张俊. 非平衡数据集下的高职学生就业预测模型［J］. 计算机与数字工程， 2023，51（3）：675-678.
［29］郁滨，熊俊. 基于平衡迭代规约层次聚类的无线传感器网络流量异常检测方案［J］. 电子与信息学报， 2022，44（1）：305-313.
［30］ ZONG B， SONG Q， MIN M R Q， et al. Deep autoencoding Gaussian mixture model for unsupervised anomaly detection［C］// 2018 International Conference on Learning Representations. 2018.
［31］王金元，王宇，张亚松，等. 基于Hadoop的分布式财务异常数据分析系统设计［J］. 信息技术， 2022（1）：21-25.
［32］岳欣. 相似性特征识别的网络流量异常检测技术研究［D］. 天津：天津理工大学， 2021.

[1]	YANG Jun1, HU Wei1, ZHU Wenfu2. Visual SLAM Loop Closure Detection Algorithm Based on Improved MobileNetV3 [J]. Computer and Modernization, 2024, 0(10): 21-26.
[2]	XUE Hao, MA Jing, GUO Xiaoyu. Water Supply Pipeline Burr Data Detection Based on Improved LightGBM by Focal Loss [J]. Computer and Modernization, 2024, 0(09): 74-81.
[3]	MA Cai-sha, JIAO Li-nan, LIU You-quan, LI Xin. Anomalous Behavior Detection Network Based on Dilated Convolution and Fused Temporal#br# Features [J]. Computer and Modernization, 2024, 0(02): 75-80.
[4]	TANG Shi-qi, ZHOU Rui-ping, XIE Shi-bin, LIU Meng-chi, XIAO Wen, . Cross-language Multi-label Sentiment Classification Based on Stacked Denoising AutoEncoder [J]. Computer and Modernization, 2023, 0(11): 6-12.
[5]	Denoising Autoencoders. Cross-project Software Defect Number Prediction Method Based on Stacked [J]. Computer and Modernization, 2023, 0(04): 32-38.
[6]	LU Xiao-min, LIU Fan, CAI Li-hua, LI Xue-ding, XU Xiao. Ensemble Stacked Autoencoders and XGBoost Based Deep Learning Model for Significant Wave Height Forecasting [J]. Computer and Modernization, 2021, 0(04): 32-36.
[7]	WANG Wei1,2. Intelligent Text Classification Method Based on VAE-DBN Dual-Model [J]. Computer and Modernization, 2018, 0(12): 77-.
[8]	WU Ling-mei, LU Jian-bo, LIU Chun-xia. A Recommendation Algorithm Based on Denoising Autoencoders [J]. Computer and Modernization, 2018, 0(03): 78-.
[9]	GAN Lu, ZANG Lie, LI Hang. Software Defect Prediction Model Based on DA-SVM [J]. Computer and Modernization, 2017, 0(2): 36-39+44.
[10]	NIU Yu-hu. Convolutional Sparse Autoencoder Neural Networks [J]. Computer and Modernization, 2017, 0(2): 22-29+35.
[11]	XIE Lin-quan1, LIANG Bo-qun2. A Recommendation Algorithm Based on Denoising Autoencoders [J]. Computer and Modernization, 2016, 0(2): 38-41.