半监督异常流量检测研究综述  被引量：9

作　　者：李杰铃 张浩 LI Jie-ling;ZHANG Hao(College of Mathematics and Computer Science,Fuzhou University,Fuzhou 350116,China;Fujian Key Laboratory of Network Computing and Intelligent Information Processing,Fuzhou University,Fuzhou 350116,China)

机构地区：[1]福州大学数学与计算机科学学院,福州350116 [2]福建省网络计算与智能信息处理重点实验室,福州350116

出　　处：《小型微型计算机系统》2020年第11期2371-2379,共9页Journal of Chinese Computer Systems

基　　金：国家自然科学基金海峡联合基金重点项目(U1705262)资助;国家自然科学基金项目(61672159)资助.

摘　　要：随着信息网络的高速发展,特别是高速互联网、5G网络、物联网等的发展,网络流量信息的获取也变得更加容易,但对流量数据进行标记面临着不可逾越的困难.半监督学习能够将少量标记的流量与大量未标记的流量同时进行训练,也因此成为网络安全领域的研究热点.学术界已有半监督技术的相关综述,尚未有对半监督技术在异常流量检测方法上进行总结的文献.因此,本文对近年来半监督异常流量检测技术进行综述,首先论述异常流量检测的特性与关联性,然后对半监督学习的研究内容进行介绍,其次,对基于半监督的异常流量检测方法进行分析和比较,包括半监督聚类、半监督分类、半监督降维、半监督集成和增量半监督,最后指出当前半监督检测方法中存在的不足和未来值得研究的方向.With the rapid development of information networks,especially the development of high-speed Internet,5G networks,Internet of Things,etc.,the acquisition of network traffic information has also become easier,but marking traffic data faces insurmountable difficulties.Semi-supervised learning can simultaneously train a small amount of marked traffic and a large amount of unmarked traffic,so it has become a research hotspot in the field of network security.There have been relevant reviews of semi-supervised technology in academic community,but there is no literature that summarizes semi-supervised technology on anomaly traffic detection methods.Therefore,this paper overviews the anomaly traffic detection technology based on semi-supervised learning in recent years.Firstly,it discusses the characteristics and relevance of anomaly traffic detection.Secondly,it introduces the research content of semi-supervised learning.Next,it analyzes and compares the anomaly traffic detection based on semi-supervised learning,including semi-supervised clustering,semi-supervised classification,semi-supervised dimensionality reduction,semi-supervised integration and incremental semi-supervised.Finally,it points out the shortcomings of the current semi-supervised detection methods and the future research direction.

关 键 词：半监督学习 网络安全 异常流量 检测方法 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]