留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

一种基于少样本且不均衡的网络攻击流量检测系统

石欣然 张奇支 赵淦森 郑伟平

石欣然, 张奇支, 赵淦森, 郑伟平. 一种基于少样本且不均衡的网络攻击流量检测系统[J]. 华南师范大学学报(自然科学版), 2021, 53(1): 100-108. doi: 10.6054/j.jscnun.2021016
引用本文: 石欣然, 张奇支, 赵淦森, 郑伟平. 一种基于少样本且不均衡的网络攻击流量检测系统[J]. 华南师范大学学报(自然科学版), 2021, 53(1): 100-108. doi: 10.6054/j.jscnun.2021016
SHI Xinran, ZHANG Qizhi, ZHAO Gansen, ZHENG Weiping. A Network Attack Traffic Detection System Based on a Small Sample and Imbalanced Data[J]. Journal of South China normal University (Natural Science Edition), 2021, 53(1): 100-108. doi: 10.6054/j.jscnun.2021016
Citation: SHI Xinran, ZHANG Qizhi, ZHAO Gansen, ZHENG Weiping. A Network Attack Traffic Detection System Based on a Small Sample and Imbalanced Data[J]. Journal of South China normal University (Natural Science Edition), 2021, 53(1): 100-108. doi: 10.6054/j.jscnun.2021016

一种基于少样本且不均衡的网络攻击流量检测系统

doi: 10.6054/j.jscnun.2021016
基金项目: 

国家重点领域研发计划项目 2018YFB1404402

国家重点领域研发计划项目 2019YFB1804003

国家社会科学基金项目 19ZDA041

广东省重点领域研发计划项目 2019B010137003

广东省重点领域研发计划项目 2018A07071702

广东省重点领域研发计划项目 2016B030305006

广州市科技计划项目 201802030004

广州市科技计划项目 201804010314

详细信息
    通讯作者:

    赵淦森,Email: gzhao@m.scnu.edu.cn

  • 中图分类号: TP393

A Network Attack Traffic Detection System Based on a Small Sample and Imbalanced Data

  • 摘要: 为解决网络攻击流量检测中使用的有监督学习方法严重依赖标签数据规模的问题,针对一种少样本且不均衡的攻击流量检测场景,即训练数据仅包含少量蜜罐捕获的攻击流量且无正常流量,设计了一个攻击流量检测系统,并构建了基于孪生网络和深度学习卷积神经网络(CNN)的网络攻击流量检测模型(CNN-Siamese),以实现少样本且不均衡的攻击流量检测目的;随后为了解决CNN-Simaese在训练样本对构造采样时造成的预测不稳定的问题,结合迁移学习的思路,构建了基于预训练的检测模型(AE-CNN-Siamese);此外,对孪生网络中常用的对比损失函数进行了改进. 实验结果表明:CNN-Siamese可以准确地检测攻击流量,与CNN、CNN-SVM相比,在漏报率无明显差距情况下,可将误报率从30%降低至2%;AE-CNN-Siamese的预测结果比CNN-Siamese更稳定;改进后的损失函数提高了模型的收敛速度,加速了模型训练.
  • 图  1  孪生网络结构

    Figure  1.  The structure of siamese network

    图  2  基于少样本且不均衡的攻击流量检测系统框架

    Figure  2.  The framework of attack traffic detection system based on a small sample and imbalance data

    图  3  CNN-Siamese的子模型结构

    Figure  3.  The structure of sub-models of CNN-Siamese

    图  4  自编码器的网络结构

    Figure  4.  The network structure of Auto-Encoder

    图  5  基于预训练改进的攻击流量检测系统

    Figure  5.  The improved attack traffic detection system based on pre-training

    图  6  3种模型的实验对比

    Figure  6.  The experimental comparison of three models

    图  7  检测模型有无预训练的实验结果对比

    注:模型名称后面的括号中数值为样本采样次数T的取值.

    Figure  7.  The experimental comparison of the detection models with and without pre-training

    图  8  不同损失函数设置下模型预测准确率的变化趋势

    Figure  8.  The trend of model prediction accuracy under different loss function settings

    表  1  不同子模型结构的实验结果

    Table  1.   Experimental results of different sub-model structures  %

    模型名称 准确率 漏报率 误报率
    CNN-Siamese 72.36 0.08 37.23
    CNN2-Siamese 52.77 0.07 50.72
    LeNet-Siamese 41.98 0.08 55.13
    下载: 导出CSV

    表  2  AE-CNN-Siamese的运行效率分析

    Table  2.   The analysis of AE-CNN-Siamese operating efficiency

    参数设置 模型选择 执行效率
    C T 是否预训练 是否降噪 平均训练时长/s 平均预测时长/s 平均运行总时长/s
    1 1 95 191 317
    3 1 103 341 483
    5 1 98 734 869
    1 5 596 183 820
    1 1 1 876 184 2 105
    1 1 1 831 202 2 093
    1 5 1 905 207 2 153
    1 5 1 849 199 2 133
    下载: 导出CSV
  • [1] 付钰, 李洪成, 吴晓平, 等. 基于大数据分析的APT攻击检测研究综述[J]. 通信学报, 2015, 36(11): 1-14. doi: 10.11959/j.issn.1000-436x.2015184

    FU Y, LI H C, WU X P, et al. Detecting APT attacks: a survey from the perspective of big data analysis[J]. Journal on Communications, 2015, 36(11): 1-14. doi: 10.11959/j.issn.1000-436x.2015184
    [2] 张蕾, 崔勇, 刘静, 等. 机器学习在网络空间安全研究中的应用[J]. 计算机学报, 2018, 41(9): 1943-1975.

    ZHANG L, CUI Y, LIU J, et al. Application of machine learning in cyberspace security research[J]. Chinese Journal of Computers, 2018, 41(9): 1943-1975.
    [3] 张玉清, 董颖, 柳彩云, 等. 深度学习应用于网络空间安全的现状、趋势与展望[J]. 计算机研究与发展, 2018, 55(6): 1117-1142.

    ZHANG Y Q, DONG Y, LIU C Y, et al. Situation, trends and prospects of deep learning applied to cyberspace security[J]. Journal of Computer Research and Development, 2018, 55(6): 1117-1142.
    [4] WANG M, LU Y, QIN J. A dynamic MLP-based DDoS attack detection method using feature selection and feedback[J]. Computers & Security, 2020, 88: 101645/1-14. http://www.sciencedirect.com/science/article/pii/S0167404819301890
    [5] NASEER S, SALEEM Y, KHALID S, et al. Enhanced network anomaly detection based on deep neural networks[J]. IEEE Access, 2018, 6: 48231-48246. doi: 10.1109/ACCESS.2018.2863036
    [6] KIM T, CHO S. Web traffic anomaly detection using C-LSTM neural networks[J]. Expert Systems with Applications, 2018, 106: 66-76. doi: 10.1016/j.eswa.2018.04.004
    [7] 赵双, 陈曙晖. 基于机器学习的流量识别技术综述与展望[J]. 计算机工程与科学, 2018, 40(10): 1746-1756. doi: 10.3969/j.issn.1007-130X.2018.10.005

    ZHAO S, CHEN S H. Review: traffic identification based on machine learning[J]. Computer Engineering & Science, 2018, 40(10): 1746-1756. doi: 10.3969/j.issn.1007-130X.2018.10.005
    [8] CHOPRA S, HADSELL R, LECUN Y. Learning a similarity metric discriminatively, with application to face verification[C]//Proceedings of the 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition(CVPR'05). Piscataway, NJ: IEEE, 2005: 539-546.
    [9] KOCH G, ZEMEL R, SALAKHUTDINOV R. Siamese neural networks for one-shot image recognition[C]//Proceedings of 32nd International Conference on Machine Learning. New York: ACM, 2015: 2252-2259.
    [10] TAO R, GAVVES E, SMEULDERS A. Siamese instance search for tracking[J/OJ]. ArXiv, (2016-05-19)[2020-02-05]. https://arxiv.org/abs/1605.05863.
    [11] BERTINETTO L, VALMADRE J, HENRIQUES J F, et al. Fully-convolutional siamese networks for object tracking[J/OL]. ArXiv, (2016-09-14)[2020-02-05]. https://arxiv.org/abs/1606.09549.
    [12] TAN C Q, SUN F C, KONG T, et al. A survey on deep transfer learning[C]//Proceedings of Artificial Neural Networks and Machine Learning-ICANN 2018. Berlin: Springer, 2018: 270-279.
    [13] SUN G L, LIANG L L, CHEN T, et al. Network traffic classification based on transfer learning[J]. Computers & Electrical Engineering, 2018, 69: 920-927. http://www.sciencedirect.com/science/article/pii/S004579061732829X
    [14] 诸葛建伟, 唐勇, 韩心慧, 等. 蜜罐技术研究与应用进展[J]. 软件学报, 2013, 24(4): 167-184.

    ZHUGE J W, TANG Y, HAN X H, et al. Honeypot technology research and application[J]. Journal of Software, 2013, 24(4): 167-184.
    [15] HADSELL R, CHOPRA S, LECUN Y. Dimensionality reduction by learning an invariant mapping[C]//Procee-dings of the 2006 IEEE Computer Society Conference on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2006: 1735-1742.
    [16] WANG W, ZHU M, ZENG X W, et al. Malware traffic classification using convolutional neural network for representation learning[C]//Proceedings of 2017 IEEE International Conference on Information Networking. Pisca-taway, NJ: IEEE, 2017: 712-717.
    [17] AGARAP A F. Towards building an intelligent anti-malware system: a deep learning approach using support vector machine (SVM) for malware classification[J/OL]. ArXiv, (2019-02-07)[2020-02-05]. https://arxiv.org/abs/1801.00318.
    [18] LIN W H, LIN H C, WANG P, et al. Using convolutional neural networks to network intrusion detection for cyber threats[C]//Proceedings of 2018 IEEE International Conference on Applied System Invention. Piscataway, NJ: IEEE, 2018: 1107-1110.
  • 加载中
图(8) / 表(2)
计量
  • 文章访问数:  372
  • HTML全文浏览量:  166
  • PDF下载量:  33
  • 被引次数: 0
出版历程
  • 收稿日期:  2020-02-25
  • 网络出版日期:  2021-03-24
  • 刊出日期:  2021-02-25

目录

    /

    返回文章
    返回