基于时空注意力特征的异常流量检测方法  被引量:4

NETWORK TRAFFIC ANOMALY DETECTION BASED ON SPATIAL-TEMPORAL ATTENTION FEATURE

在线阅读下载全文

作  者:孟献轲 张硕 熊诗 王波[2] Meng Xianke;Zhang Shuo;Xiong Shi;Wang Bo(The 28th Research Institute of China Electronics Technology Group Corporation,Nanjing 210000,Jiangsu,China;School of Information and Systems Engineering,PLA Information Engineering University,Zhengzhou 450002,Henan,China)

机构地区:[1]中国电子科技集团公司第二十八研究所,江苏南京210000 [2]解放军信息工程大学信息系统工程学院,河南郑州450002

出  处:《计算机应用与软件》2023年第4期99-106,共8页Computer Applications and Software

摘  要:针对当前基于循环神经网络的异常流量检测方法无法并行利用全局流量数据包挖掘时序特征的问题,提出一种基于时空注意力特征的异常流量检测方法。将原始流量以会话为单元切分为网络流,网络流中的数据包均转换为灰度图并归一化;利用卷积网络层提取数据包的空间特征,进而通过多头自注意力机制对流中的全部数据包空间特征并行建模,计算数据包之间显著的时序关联特征表示;将该特征表示输入到全连接神经网络层和Softmax层,输出识别概率完成检测。在UNSW-NB15数据集上的实验结果表明该方法切实可行,相较于对比方法,在取得较高的准确率和精度的同时,保持了最低的误警率。Aimed at the problem that the current RNN-based methods cannot exploit global flow data packets to mine time series features in parallel,a network traffic anomaly detection method based on spatial-temporal attention feature is proposed.The original traffic was divided into network flows in units of sessions,and the data packets in the network flows were converted into grayscale images and normalized.The convolutional network layer was used to extract the spatial features of the data packets,and the spatial features were modeled in parallel by the multi-head self-attention mechanism to calculate the significant temporal correlation feature representation between the data packets.The predicted probabilities of the spatial-temporal attention features were output by fully connected layer and the Softmax layer.Experimental results on UNSW-NB15 dataset indicate that the proposed method is practical and feasible.Compared with the comparison method,while achieving higher accuracy and precision,it maintains the lowest false alarm rate.

关 键 词:时空注意力特征 卷积神经网络 多头注意力机制 灰度图 异常流量 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象