Abnormal traffic detection method based on autoencoder network

An auto-encoder, abnormal traffic technology, applied in neural learning methods, biological neural network models, electrical components, etc., can solve the imbalance in the distribution of normal traffic data and intrusion data, and cannot predict intrusion traffic. Different attack types, no Considering the unbalanced state of data distribution and other issues, it achieves the effects of excellent expression ability, small footprint, and self-learning expression ability

Active Publication Date: 2019-04-16
DALIAN UNIV OF TECH
View PDF6 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, when the neural network-based anomaly detection method is actually implemented in a real application scenario, there are still some bottlenecks and problems
[0004] First of all, the current neural network-based anomaly detection methods use complex network structures or even deep neural networks to learn the characteristics of existing samples, which usually requires a lot of resources and computing power to complete, and most of the algorithms are Training in a supervised manner, the process of labeling data categories is very time-consuming and energy-consuming, and whenever a new type of traffic appears, the entire neural network needs to be retrained, otherwise the correct classification cannot be obtained, and manual Only by constantly updating the model can we get a high-accuracy intrusion detection system
KitNET proposed by Mirsky is an efficient unsupervised anomaly detection algorithm based on neural networks, but it can only be used for binary classification anomaly detection, and cannot predict different attack types of intrusion traffic, which has limitations in application scenarios
[0005] Secondly, for the real Internet environment, traffic data usually has the following characteristics: there are many types of abnormal traffic, but the amount is far less than that of normal traffic data, that is to say, the distribution of normal traffic data and intrusion data is usually unbalanced in quantity, Most of the current algorithms do not take into account the unbalanced state of data distribution, but simply classify the data through the trained neural network, resulting in suboptimal detection results

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal traffic detection method based on autoencoder network
  • Abnormal traffic detection method based on autoencoder network
  • Abnormal traffic detection method based on autoencoder network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] Embodiments of the present invention will be described in detail below.

[0023] An abnormal traffic detection method based on autoencoder network, refer to figure 2 , the method is implemented based on four modules: traffic data acquisition module, data preprocessing module, hash coding module based on autoencoder network, and anomaly detection module, specifically:

[0024] (1) Traffic data acquisition module

[0025] Finding out valuable available data information is the first step to realize intrusion detection, and it is also the key of the whole intrusion detection. The data information collected by the intrusion detection system mainly comes from different network segments or hosts, among which user activity status and network systems are the main data sources. In order to maximize the effectiveness of the detection system and make fast and accurate attacks Response, which requires data information to have a certain degree of reliability. In this module, some...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an abnormal traffic detection method based on an autoencoder network and belongs to the crossing field of a computer network and machine learning. The method comprises the steps of capturing data through utilization of a traffic data obtaining module; preprocessing the data through utilization of a data preprocessing module; outputting hash codes of the traffic data throughutilization of an improved multi-autoencoder network; and carrying out abnormal detection multi-classification on the obtained hash codes through adoption of a detection module based on a data distribution proportion. According to the method, advantages of a neural network and the hash codes are combined; through utilization of a hash encoding technology, consumed memory space and computing resources are reduced; a KitNET autoencoder network which only can be applied to a binary-classification intrusion detection scene is improved into a multi-classification intrusion detection method; and atraffic hash code classification method based on the data distribution proportion is designed. According to the method, an operation rate and expansibility of an abnormal detection technology can be improved. The method is relatively applicable to solution of the abnormal detection problem that new attack types emerge in endlessly at present.

Description

technical field [0001] The invention belongs to the intersecting field of computer network and machine learning, and relates to an abnormal flow detection method based on an automatic encoder network. Background technique [0002] Nowadays, with the increasing popularity of application devices connected to the Internet, more and more businesses need to rely on the network to complete. Due to the continuous iterative development of network attack methods and attack scales, network intrusion has become one of the biggest threats to cyberspace. The main goal of intrusion detection is to identify abnormal behaviors and attempts in the network and computer systems. There are various types of attacks. At the same time, with the development of the Internet, various new types of attacks emerge in an endless stream. The traditional feature-based attack detection is time-sensitive. And generalization defects make new attacks undetectable, so it is difficult to adapt to the needs of th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06N3/08
CPCG06N3/088H04L63/1416H04L63/1425
Inventor 齐恒周文蘂曹媛李克秋王军晓
Owner DALIAN UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap