基于LSTM的动态图模型异常检测算法研究  被引量:13

Research on Algorithm of Dynamic Graph Anomaly Detection Based on LSTM

在线阅读下载全文

作  者:王凯 陈丹伟[1] WANG Kai;CHEN Danwei(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210003,China)

机构地区:[1]南京邮电大学计算机学院软件学院网络空间安全学院,南京210003

出  处:《计算机工程与应用》2019年第5期76-82,共7页Computer Engineering and Applications

基  金:国家自然科学基金(No.61672016)

摘  要:传统异常检测模型往往基于内容特征,随着攻击手段的提高,该方法易于被绕过,因此图挖掘技术逐渐成为了国内外学术研究的热点。为了提高异常检测的准确率,提出了一种基于长短时记忆网络的动态图模型异常检测算法。首先通过对动态图的变化特征进行分析,总结了Egonet图结构距离和编辑距离两类特征,高效地表示动态图结构的变化情况。其次,通过基于LSTM的时间序列分类算法,进行模型的训练。最后对抓取的网络数据流进行入侵检测,对超过6万节点和300万条边的拓扑图进行测试。最终实验结果表明,该算法具有更高的准确率和召回率,可以有效地检测出网络入侵事件。Traditional anomaly detection method most is based on content features,with the increase of attack technology,this kind of method is easy to be circumvented.Therefore,graph mining technology has become a hot topic in academic research both at home and abroad.In order to improve the accuracy of anomaly detection,a dynamic graph anomaly detection algorithm based on long-short term memory network is proposed.First,by analyzing the change characteristics of dynamic graph,it extracts two kinds of characteristics of Egonet:graph structure distance and edit distance,which efficiently express the structural change of dynamic graph.Secondly,the model is trained by the time series classification algorithm based on LSTM.Finally,the captured network flow is used to detect intrusion,and test the dynamic graph topology of more than 60 thousand nodes and 3 million edges.The final experimental results show that the algorithm has a higher accuracy and recall,and can effectively detect network intrusion events.

关 键 词:异常检测 图挖掘 时间序列 长短时记忆(LSTM) 

分 类 号:TP391[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象