基于多尺度特征的网络流量异常检测方法  被引量：25

作　　者：段雪源 付钰[1] 王坤 刘涛涛[1] 李彬 DUAN Xueyuan;FU Yu;WANG Kun;LIU Taotao;LI Bin(Department of Information Security,Naval University of Engineering,Wuhan 430033,China;College of Computer and Information Technology,Xinyang Normal University,Xinyang 464000,China;Henan Key Laboratory of Analysis and Applications of Education Big Data,Xinyang Normal University,Xinyang 464000,China;School of Mathematics and Information Engineering,Xinyang Vocational and Technical College,Xinyang 464000,China)

机构地区：[1]海军工程大学信息安全系,湖北武汉430033 [2]信阳师范学院计算机与信息技术学院,河南信阳464000 [3]信阳师范学院河南省教育大数据分析与应用重点实验室,河南信阳464000 [4]信阳职业技术学院数学与信息工程学院,河南信阳464000

出　　处：《通信学报》2022年第10期65-76,共12页Journal on Communications

基　　金：国家重点研发计划基金资助项目(No.2018YFB0804104)。

摘　　要：针对传统的网络流量异常检测方法大都只关注流量数据的细粒度特征,对多尺度特征信息利用不充分,可能导致异常检测结果准确率不高的问题,提出了一种基于多尺度特征的网络流量异常检测方法。使用多个不同尺度的滑动窗口将原始流量划分为多个观察跨度的子序列,利用小波变换技术重构各个子序列的多层级序列,链式SAE通过特征空间映射生成多层级重构序列,各层级的分类器根据重构序列的误差进行异常的初步判定,采用加权投票策略对各层级的初步判定结果进行汇总,形成最终结果判定。实验结果表明,所提方法可有效挖掘网络流量的多尺度特征信息,对异常流量的检测性能较传统方法有明显提升。Aiming at the problem that most of the traditional network traffic anomaly detection methods only pay attention to the fine-grained features of traffic data,and make insufficient use of multi-scale feature information,which may lead to low accuracy of anomaly detection results,a network traffic anomaly detection method based on multi-scale features was proposed.The original traffic was divided into sub-sequences with multiple observation spans by using multiple sliding windows of different scales,and the multi-level sequences of each sub-sequence were reconstructed by wavelet transform technology.Multi-level reconstructed sequences were generated by Chain SAE through feature space mapping,and a preliminary judgment of abnormality was made by the classifiers of each level according to the errors of the reconstructed sequences.The weighted voting strategy was adopted to summarize the preliminary judgment results of each level to form the final result judgment.Experimental results show that the proposed method can effectively mine the multi-scale feature information of network traffic,and the detection performance of abnormal traffic is obviously improved compared with traditional methods.

关 键 词：网络流量 异常检测 多尺度特征 小波变换 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]