Network traffic anomaly detection method based on small amount of annotation data

A network traffic and labeling data technology, applied in the field of network traffic anomaly detection based on a small amount of labeling data, can solve the problems of wasting labeling cost, not applying abnormal sample data information, difficult to cover, etc., to ensure stability and improve loss sensitivity. Learning ability, the effect of alleviating the overfitting problem

Active Publication Date: 2020-08-25
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT +1
View PDF4 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the performance of this method is significantly better than that of the traditional Autoencoder, Shrink AE does not apply the data information of abnormal samples, which wastes the cost of labeling, and it is difficult to cover all situations of network anomaly detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network traffic anomaly detection method based on small amount of annotation data
  • Network traffic anomaly detection method based on small amount of annotation data
  • Network traffic anomaly detection method based on small amount of annotation data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention will be described in further detail below in conjunction with the accompanying drawings and specific embodiments.

[0027] Such as figure 1 As shown, a method for detecting network traffic anomalies provided by the present invention includes the following steps:

[0028] (1) Training autoencoder (Autoencoder, referred to as AE): download the intrusion detection public dataset NSL-KDD from the network, each piece of data in the dataset includes TCP connection duration, protocol type, target host network service type, access There are 41 characteristics related to network traffic such as the number of control files, and there are flag information to indicate whether this piece of data is normal traffic or abnormal traffic on the network. The normal traffic flag value is 1, which is called a positive sample, and the abnormal traffic flag value is -1. It is called a negative sample; if all non-numeric features are encoded as numerical features, each p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network traffic anomaly detection method based on a small amount of annotation data, and the method comprises the steps: carrying out the dimension reduction of a feature vector through employing double auto-encoders, and then carrying out the supervised training through employing a deep neural network; dividing the network traffic into two types of positive samples and negative samples, and finally screening out a part of important samples in unlabeled data and submitting the samples to experts for labeling, increasing the number of labeled samples, iteratively updating an auto-encoder and a classifier, and then employing the trained classifier for detecting network traffic abnormality. According to the invention, a double-auto-encoder architecture is proposed, pure positive and negative samples are used for respectively training the auto-encoders, and the stability of the classifier is improved. Meanwhile, the loss function of the deep neural network is improved, the sample weight is adjusted in a finer-grained manner, the problem of overfitting caused by imbalance of positive and negative samples and small training sets is solved, a new method for calculating the marking value of the unmarked data is provided, the samples with high marking value are selected to be delivered to experts, and the marking cost is reduced.

Description

technical field [0001] The invention relates to a network flow anomaly detection technology, in particular to a network flow anomaly detection method based on a small amount of labeled data. Background technique [0002] As the scale of cyber attacks increases and the amount of network data grows exponentially, many companies and organizations must develop new methods to protect their networks and data in order to reduce the impact of changing threat factors. As more and more security tools and sensors are deployed in modern enterprise networks, the volume of security event and alert data continues to increase, making accurately identifying anomalies like finding a needle in a haystack. Therefore, it is imperative to rely on new technologies to assist human analysts when dealing with the monitoring, prevention, detection, and response of cybersecurity incidents and potential cyber attacks. However, most of the network traffic anomaly detection based on traditional machine l...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62G06N3/04G06N3/08
CPCH04L63/1425G06N3/08G06N3/045G06F18/24
Inventor 李文龙张家琦邢燕祯刘中金何跃鹰高杨王新根鲁萍黄滔
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap