Journal of Computer Applications ›› 2024, Vol. 44 ›› Issue (8): 2493-2499.DOI: 10.11772/j.issn.1001-9081.2023081112

• Cyber security • Previous Articles    

Class-imbalanced traffic abnormal detection based on 1D-CNN and BiGRU

Hong CHEN, Bing QI(), Haibo JIN, Cong WU, Li’ang ZHANG   

  1. College of Software,Liaoning Technical University,Huludao Liaoning 125105,China
  • Received:2023-08-18 Revised:2023-10-24 Accepted:2023-11-14 Online:2023-12-18 Published:2024-08-10
  • Contact: Bing QI
  • About author:bio graphy:CHEN Hong, born in 1967, M. S., associate professor. Her research interests include information security, network security.
    bio graphy:JIN Haibo, born in 1983, Ph. D., associate professor. His research interests include stochastical process, decision theory, complex system optimal maintenance, system reliability.
    bio graphy:WU Cong, born in 1979, Ph. D. candidate, lecturer. His research interests include e-commerce, data analysis, intelligent decision-making.
    bio graphy:ZHANG Li’ang, born in 1998, M. S. candidate. His research interests include network and information security, internet of vehicles security.
  • Supported by:
    National Natural Science Foundation of China(62173171);Scientific Research Project of Liaoning Provincial Department of Education(LJKFZ20220198)

融合1D-CNN与BiGRU的类不平衡流量异常检测

陈虹, 齐兵(), 金海波, 武聪, 张立昂   

  1. 辽宁工程技术大学 软件学院,辽宁 葫芦岛 125105
  • 通讯作者: 齐兵
  • 作者简介:陈虹(1967—),女,辽宁阜新人,副教授,硕士,CCF会员,主要研究方向:信息安全、网络安全
    齐兵(1999—),女,辽宁锦州人,硕士研究生,CCF学生会员,主要研究方向:网络安全 1148721871@qq.com
    金海波(1983—),男,辽宁沈阳人,副教授,博士,CCF会员,主要研究方向:随机过程、决策理论、复杂系统优化维护、系统可靠性
    武聪(1979—),男,山西怀仁人,讲师,博士研究生,主要研究方向:电子商务、数据分析、智能决策
    张立昂(1998—),男,辽宁阜新人,硕士研究生,CCF学生会员,主要研究方向:网络与信息安全、车联网安全。
  • 基金资助:
    国家自然科学基金资助项目(62173171);辽宁省教育厅科研项目(LJKFZ20220198)

Abstract:

Network traffic anomaly detection is a network security defense method that involves analyzing and determining network traffic to identify potential attacks. A new approach was proposed to address the issue of low detection accuracy and high false positive rate caused by imbalanced high-dimensional network traffic data and different attack categories. One Dimensional Convolutional Neural Network(1D-CNN) and Bidirectional Gated Recurrent Unit (BiGRU) were combined to construct a model for traffic anomaly detection. For class-imbalanced data, balanced processing was performed by using an improved Synthetic Minority Oversampling TEchnique (SMOTE), namely Borderline-SMOTE, and an undersampling clustering technique based on Gaussian Mixture Model (GMM). Subsequently, a one-dimensional CNN was utilized to extract local features in the data, and BiGRU was used to better extract the time series features in the data. Finally, the proposed model was evaluated on the UNSW-NB15 dataset, achieving an accuracy of 98.12% and a false positive rate of 1.28%. The experimental results demonstrate that the proposed model outperforms other classic machine learning and deep learning models, it improves the recognition rate for minority attacks and achieves higher detection accuracy.

Key words: traffic anomaly detection, imbalance processing, feature selection, Convolutional Neural Network (CNN), Bidirectional Gated Recurrent Unit (BiGRU)

摘要:

网络流量异常检测是利用各种检测技术分析判断网络流量,发现网络中潜在的攻击,是一种有效的网络安全防护方法。针对高维海量数据和不同攻击类别的网络流量数据不均衡而导致检测准确率低、误报率高的问题,提出一种融合一维卷积神经网络(1D-CNN)和双向门控循环单元(BiGRU)的类不平衡流量异常检测模型。首先,针对类不平衡数据,通过使用改进的合成少数类过采样技术(SMOTE)即Borderline-SMOTE和基于高斯混合模型(GMM)的欠采样聚类技术进行平衡处理;然后,使用1D-CNN提取数据的局部特征,并利用BiGRU更好地提取数据中的时序特征;最后,在UNSW-NB15数据集对所提模型进行验证,所提模型的准确率为98.12%,误报率为1.28%。结果表明,所提模型提高了对少数攻击的识别率,检测精度高于其他经典机器学习和深度学习模型。

关键词: 流量异常检测, 不平衡处理, 特征选择, 卷积神经网络, 双向门控循环单元

CLC Number: