基于RF-BiLSTM的网络异常流量检测方法  

作　　者：王梦寒 邓永晖 魏波[2] WANG Menghan;DENG Yonghui;WEI Bo(No.30 Institute of CETC,Chengdu Sichuan 610041,China;Southwest Jiaotong University,Chengdu Sichuan 611756,China)

机构地区：[1]中国电子科技集团公司第三十研究所,四川成都610041 [2]西南交通大学,四川成都611756

出　　处：《通信技术》2024年第12期1297-1304,共8页Communications Technology

基　　金：四川省自然科学基金创新研究群体项目(2024NSFTD0015)。

摘　　要：随着网络技术的快速发展和网络流量的急剧增长,网络攻击事件屡见不鲜,对网络、系统和业务安全构成严重威胁。安全管理员在尝试识别和应对潜在的威胁、攻击及系统中存在的漏洞时面临诸多挑战,因此,有效检测和处置网络异常流量已成为网络安全领域亟待解决的重要问题。提出了一种基于随机森林-双向长短期记忆网络(Random Forest-Bidirectional Long Short-Term Memory,RF-BiLSTM)的网络异常流量检测方法。首先构建基于RF的初步分类器,对正常和异常网络流量进行初步筛选;其次引入Bi LSTM进一步处理RF分类器筛选出的疑似异常流量,旨在提高网络环境中异常流量的识别效率和准确性。为了验证方法的有效性,在CIC-IDS2017数据集上对所提方法进行了验证。实验结果表明,所提方法取得了较高的检测率和较低的误报率,解决了数据不平衡造成的模型评估指标失真的问题。与现有对比方法相比,所提方法具有更高的检测精度和显著的优越性。With the rapid development of network technology and the sharp increase of network traffic,cyber attacks are common and pose a serious threat to network,system and business security.Security administrators face many challenges when trying to identify and respond to potential threats,attacks,and vulnerabilities in the system.Therefore,effective detection and defense of network abnormal traffic becomes an important issue to be addressed in the field of cyber security.This paper proposes a network abnormal traffic detection method based on RF-BiLSTM(Random Forest-Bidirectional Long Short-Term Memory).First,a preliminary classifier based on RF(Random Forest)is constructed to initially screen normal and abnormal network traffic.Then,BiLSTM is introduced to further process the suspected abnormal traffic screened by the RF classifier,aiming to improve the efficiency and accuracy of identifying abnormal traffic in the network environment.In order to verify the effectiveness of the method,the proposed method is validated on the CIC-IDS2017 dataset.The experimental results indicate that the proposed method achieves a high detection rate and a low false alarm rate,and addresses the problem of model evaluation metrics distortion caused by data imbalance.Compared with existing comparative methods,it has higher detection accuracy and significant advantages.

关 键 词：异常流量检测 深度学习 RF-BiLSTM 数据不平衡性 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]