北京交通大学学报2020,Vol.44Issue(2):17-26,10.DOI:10.11860/j.issn.1673-0291.20200005
结合二次特征提取和LSTM-Autoencoder的网络流量异常检测方法
Anomaly detection method based on LSTM-Autoencoder and double feature extraction method
摘要
Abstract
In order to solve the problem of low detection accuracy and high false positive rate in a-nomaly detection. A Long Short Term Memory(LSTM) based anomaly detection method is proposed. First,the features are extracted from data packages and the session flows. To enrich the data features,the Discrete Wavelet Transform(DWT) technique is used to decompose the original data into the feature vectors with higher dimension. Considering the non-human abnormal data in the real network environment,the Grubbs Criterion is used to eliminate the non-human abnormal data in case of disturbing modeling LSTM-Autoencoder. Then,the reconstruction errors of input feature vectors are calculated by the LSTM-Autoencoder model. The distribution of the reconstruction errors is fitted and the detection threshold is determined. At last,the experiments are conducted on the real network data. The influences of the model structure and the environment noise on the detection performance are analyzed. The experimental results verified the feasibility of the proposed method and shown that the proposed method can effectively identify the abnormal data and has a better performance in detection accuracy compared with other detection methods.关键词
信息安全/长短期记忆网络/离散小波变换/自编码/Grubbs准则/数据重构量/异常检测Key words
information safety/long short term memory/discrete wavelet transform/autoencoder/Grubbs criterion/data reconstruction/anomaly detection分类
信息技术与安全科学引用本文复制引用
孙旭日1,刘明峰1,程辉1,彭博1,赵宇飞2..结合二次特征提取和LSTM-Autoencoder的网络流量异常检测方法[J].北京交通大学学报,2020,44(2):17-26,10.基金项目
国家自然科学基金(U1636211) (U1636211)
