网络异常检测领域概念漂移问题研究综述  

作　　者：杜冠瑶[1] 郭勇杰 龙春[1] 赵静[1] 万巍[1] DU Guanyao;GUO Yongjie;LONG Chun;ZHAO Jing;WAN Wei(Computer Network Information Center,Chinese Academy of Sciences,Beijing 100083,China;University of Chinese Academy of Sciences,Beijing 100190,China)

机构地区：[1]中国科学院计算机网络信息中心,北京100083 [2]中国科学院大学,北京100190

出　　处：《数据与计算发展前沿》2024年第1期162-178,共17页Frontiers of Data & Computing

基　　金：中国科学院战略性先导科技专项(C类)项目(XDC02030600);网络安全保障体系建设工程(三期)(CAS-WX2022GC-04);面向新兴业务应用的自动化安全防护关键技术研究(SGTYHT/21-JS-223);中国科学院网络安全和信息化专项应用示范项目(CAS-WX2022SF-0401)。

摘　　要：【目的】随着网络技术的快速发展和广泛应用,网络异常检测作为保护网络安全和维护系统正常运行的手段变得越来越重要。然而,网络中异常行为和攻击手段不断变化,给异常检测带来了新的挑战。其中,概念漂移问题是网络异常检测领域中受到广泛关注的难点之一。【方法】本综述旨在对网络异常检测领域中概念漂移问题进行研究分析和总结。与前人的研究相比,本文将专注于网络异常检测领域的流数据。【文献范围】首先,对概念漂移进行详细介绍,包括定义、产生原因和特点。通过对概念漂移的全面理解,可以为后续的检测方法提供指导。其次,系统性地介绍了概念漂移检测方法,主要包括基于统计的方法、机器学习方法和深度学习方法等,并对比了各类方法的优缺点和适用场景。最后,探讨了概念漂移在未来可能的研究方向。【结论】本文聚焦于网络异常检测领域的概念漂移问题,通过详细介绍概念漂移的定义、产生原因和特点,以及深入分析和总结针对流数据概念漂移的检测方法,为未来研究方向提供了有价值的参考和指导。[Purpose]With the rapid development and widespread application of network technology,network anomaly detection has become increasingly crucial as a means to safeguard network security and maintain the normal operation of systems.However,the evolving nature of abnormal behaviors and attack methods in networks presents new challenges to anomaly detection.Among these challenges,the concept drift problem is one of the widely recognized complexities in the field of network anomaly detection.[Methods]This review aims to conduct research analysis and summarization on the concept drift problem in the field of network anomaly detection.In comparison to previous studies,this paper will focus specifically on the field of flow data in network anomaly detection.[Literature Scope]Firstly,a detailed introduction to concept drift is provided,including its definition,causes,and characteristics.A comprehensive understanding of concept drift is intended to guide subsequent detection methods.Secondly,a systematic introduction to concept drift detection methods is presented,primarily including statistical methods,machine learning methods,and deep learning methods,while comparing the advantages,disadvantages,and application scenarios of each method.Finally,potential future research directions for concept drift are discussed.[Conclusion]This paper centers on the concept drift problem in the field of network anomaly detection.By providing a detailed introduction to the definition,causes,and characteristics of concept drift and conducting an in-depth analysis and summarization of concept drift detection methods tailored for flow data,the paper offers valuable references and guidance for future research directions.

关 键 词：概念漂移 网络异常检测 数据分布 模型更新 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]