Anomaly Detection Method of Network Traffic Based on Secondary Feature Extraction and BiLSTM-Attention

PAN Chengsheng; LI Zhixiang; YANG Wensheng; CAI Lingyun; JIN Aixin

doi:10.11999/JEIT221296

Volume 45 Issue 12

Dec. 2023

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2023 > 45(12): 4539-4547

PAN Chengsheng, LI Zhixiang, YANG Wensheng, CAI Lingyun, JIN Aixin. Anomaly Detection Method of Network Traffic Based on Secondary Feature Extraction and BiLSTM-Attention[J]. Journal of Electronics & Information Technology, 2023, 45(12): 4539-4547. doi: 10.11999/JEIT221296

Citation:

PAN Chengsheng, LI Zhixiang, YANG Wensheng, CAI Lingyun, JIN Aixin. Anomaly Detection Method of Network Traffic Based on Secondary Feature Extraction and BiLSTM-Attention[J]. Journal of Electronics & Information Technology, 2023, 45(12): 4539-4547. doi: 10.11999/JEIT221296

Citation:

PAN Chengsheng, LI Zhixiang, YANG Wensheng, CAI Lingyun, JIN Aixin. Anomaly Detection Method of Network Traffic Based on Secondary Feature Extraction and BiLSTM-Attention[J]. Journal of Electronics & Information Technology, 2023, 45(12): 4539-4547. doi: 10.11999/JEIT221296

PDF( 3114 KB)

Anomaly Detection Method of Network Traffic Based on Secondary Feature Extraction and BiLSTM-Attention

doi: 10.11999/JEIT221296

Nanjing University of Information Science and Technology, Nanjing 210044, China

Funds: The National Natural Science Foundation of China (61931004), Jiangsu Innovation & Entrepreneurship Group Talents Plan

Received Date: 2022-10-13
Accepted Date: 2023-02-28
Rev Recd Date: 2023-02-20

Available Online: 2023-03-06

Publish Date: 2023-12-26

Abstract

Abstract

Focusing on the problems of the traditional network traffic anomaly detection methods, such as low recognition accuracy, weak representation ability, poor generalization ability, and ignoring the relationship between features, a network traffic anomaly detection method based on quadratic feature extraction and BiLSTM-Attention is proposed. By using the Bidirectional Long Short-Term Memory network (BiLSTM) to learn the feature relationship between the data, the feature of the data is extracted, on this basis, a feature importance weight evaluation rule based on attention mechanism is defined, and the feature vector generated by BiLSTM is given corresponding weight according to the feature importance to complete the secondary feature extraction of data. Finally, a design idea of “total score first and then subdivision” is proposed to construct a network traffic anomaly detection model to implement anomaly detection of multi-classified network traffic. The experimental results show that the method proposed in this paper is better than the traditional single model in performance, and has good representation ability and generalization ability.
- Traffic anomaly detection,
- Deep learning,
- Secondary feature extraction,
- Bidirectional Long Short-Term Memory network (BiLSTM),
- Attention mechanism

FullText(HTML)

References(20)

References

[1]	康潆允, 孟凡宇, 冯永新. 一种面向军事物联网的网络流量异常检测模型[J]. 火力与指挥控制, 2021, 46(2): 120–125,132. doi: 10.3969/j.issn.1002-0640.2021.02.021 KANG Yingyun, MENG Fanyu, and FENG Yongxin. A network traffic anomaly detection model for military internet of things[J]. Fire Control &Command Control, 2021, 46(2): 120–125,132. doi: 10.3969/j.issn.1002-0640.2021.02.021
[2]	王馨彤, 王璇, 孙知信. 基于多尺度记忆残差网络的网络流量异常检测模型[J]. 计算机科学, 2022, 49(8): 314–322. doi: 10.11896/jsjkx.220200011 WANG Xintong, WANG Xuan, and SUN Zhixin. Network traffic anomaly detection method based on multi-scale memory residual network[J]. Computer Science, 2022, 49(8): 314–322. doi: 10.11896/jsjkx.220200011
[3]	WESTER P, HEIDING F and LAGERSTROM R. Anomaly-based intrusion detection using tree augmented naive Bayes[C]. 2021 IEEE 25th International Enterprise Distributed Object Computing Workshop (EDOCW), Gold Coast, Australia, 2021: 112–121.
[4]	HUANG Meigen and CAI Yunqiang. A DDoS attack detection method based on time series and random forest in SDN[C]. 2021 International Conference on Intelligent Computing, Automation and Systems (ICICAS), Chongqing, China, 2021: 323–327.
[5]	EL-SAYED R, EL-GHAMRY A, GABER T, et al. Zero-day malware classification using deep features with support vector machines[C]. 2021 Tenth International Conference on Intelligent Computing and Information Systems (ICICIS), Cairo, Egypt, 2021: 311–317.
[6]	KACHAVIMATH A V, NAZARE S V, and AKKI S S. Distributed denial of Service attack detection using naive Bayes and k-nearest neighbor for network forensics[C]. 2020 2nd International Conference on Innovative Mechanisms for Industry Applications (ICIMIA), Bangalore, India, 2020: 711–717.
[7]	NGUYEN T T T and ARMITAGE G. A survey of techniques for internet traffic classification using machine learning[J]. IEEE Communications Surveys & Tutorials, 2008, 10(4): 56–76. doi: 10.1109/SURV.2008.080406
[8]	杭梦鑫, 陈伟, 张仁杰. 基于改进的一维卷积神经网络的异常流量检测[J]. 计算机应用, 2021, 41(2): 433–440. doi: 10.11772/j.issn.1001-9081.2020050734 HANG Mengxin, CHEN Wei, and ZHANG Renjie. Abnormal flow detection based on improved one-dimensional convolutional neural network[J]. Journal of Computer Applications, 2021, 41(2): 433–440. doi: 10.11772/j.issn.1001-9081.2020050734
[9]	YIN Chuanlong, ZHU Yuefei, FEI Jinlong, et al. A deep learning approach for intrusion detection using recurrent neural networks[J]. IEEE Access, 2017, 5: 21954–21961. doi: 10.1109/ACCESS.2017.2762418
[10]	PEI Jiaming, ZHONG Kaiyang, JAN M A, et al. Personalized federated learning framework for network traffic anomaly detection[J]. Computer Networks, 2022, 209: 108906. doi: 10.1016/j.comnet.2022.108906
[11]	FOTIADOU K, VELIVASSAKI T H, VOULKIDIS A, et al. Network traffic anomaly detection via deep learning[J]. Information, 2021, 12(5): 215. doi: 10.3390/info12050215
[12]	皇甫雨婷, 李丽颖, 王海洲, 等. 自注意力的多特征网络流量异常检测与分类[J]. 华东师范大学学报:自然科学版, 2021(6): 161–173. doi: 10.3969/j.issn.1000-5641.2021.06.016 HUANGFU Yuting, LI Liying, WANG Haizhou, et al. Multi-feature network traffic anomaly detection and classification based on self-attention[J]. Journal of East China Normal University:Natural Science, 2021(6): 161–173. doi: 10.3969/j.issn.1000-5641.2021.06.016
[13]	DING Defeng, ZHU Lu, XIE Jiaying, et al. In-vehicle network intrusion detection system based on Bi-LSTM[C]. 2022 7th International Conference on Intelligent Computing and Signal Processing (ICSP), Xi’an, China, 2022: 580–583.
[14]	ZHANG Xin, CHEN Zhuang, and WEI Qingjie. Research and application of facial expression recognition based on attention mechanism[C]. 2021 IEEE Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC), Dalian, China, 2021: 282–285.
[15]	ANDERSON J P. Computer security threat monitoring and surveillance[R]. Washington: James P. Anderson Company, 1980.
[16]	THAKKAR V, TEWARY S, and CHAKRABORTY C. Batch normalization in convolutional neural networks — a comparative study with CIFAR-10 data[C]. 2018 Fifth International Conference on Emerging Applications of Information Technology (EAIT), Kolkata, India, 2018: 1–5.
[17]	CAI Ningning, MA Can, WANG Weiping et al. Effective Self Attention modeling for aspect based sentiment analysis[C]. 19th International Conference on Computational Science, Faro, Portugal, 2019: 3–14.
[18]	SHARAFALDIN I, LASHKARI A H, and GHORBANI A A. A detailed analysis of the CICIDS2017 data set[C]. 4th International Conference on Information Systems Security and Privacy, Funchal-Madeira, Portugal, 2019: 172–188.
[19]	SHARAFALDIN I, LASHKARI A H, and GHORBANI A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]. The 4th International Conference on Information Systems Security and Privacy, Funchal-Madeira, Portugal, 2018: 108–116.
[20]	ZHU Mingyi, YE Kejiang, WANG Yang, et al. A deep learning approach for network anomaly detection based on AMF-LSTM[C]. The 15th IFIP WG 10.3 International Conference on Network and Parallel Computing, Muroran, Japan, 2018: 137–141.