基于评分迭代的无监督网络流量异常检测  被引量:7

Unsupervised network traffic anomaly detection based on score iterations

在线阅读下载全文

作  者:平国楼 曾婷玉 叶晓俊[1] PING Guolou;ZENG Tingyu;YE Xiaojun(School of Software,Tsinghua University,Beijing 100084,China)

机构地区:[1]清华大学软件学院,北京100084

出  处:《清华大学学报(自然科学版)》2022年第5期819-824,共6页Journal of Tsinghua University(Science and Technology)

基  金:国家重点研发计划支持项目(20201250027)。

摘  要:针对计算机网络流量异常检测中缺乏标注信息的挑战,该文提出一种基于评分迭代的无监督异常检测方法。设计了基于自编码器的异常评分迭代过程来学习通用异常特征,获取其初始异常评分。设计了基于深度序数回归模型的异常评分迭代过程来学习判别异常特征,进一步提高异常评分准确性。另外,还通过深度模型、多视图特征、集成学习提高检测准确率。在多个数据集上的实验表明,在无标注信息的情况下,该方法的性能相比对照方法具有明显优势,可以有效地用于现实网络流量异常检测。Network traffic anomaly detection is limited by the lack of annotation information in the traffic. This paper presents an unsupervised anomaly detection method based on score iterations that overcomes this limitation. An autoencoder based anomaly score iteration process was designed to learn generic anomaly features to determine an initial anomaly score. A deep ordinal regression model based anomaly score iteration process was then designed to learn discriminative anomaly features to further improve the anomaly score accuracy. Deep models, multi-view features and ensemble learning are also used to improve the detection accuracy. Tests on several datasets show that this method has significant advantages over other methods in the absence of annotation information and can be effectively applied to network traffic anomaly detection.

关 键 词:计算机网络 异常评分 无监督 自编码器 深度序数回归模型 集成学习 

分 类 号:TP393.0[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象