Cargando…
Research on Anomaly Network Detection Based on Self-Attention Mechanism
Network traffic anomaly detection is a key step in identifying and preventing network security threats. This study aims to construct a new deep-learning-based traffic anomaly detection model through in-depth research on new feature-engineering methods, significantly improving the efficiency and accu...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10255318/ https://www.ncbi.nlm.nih.gov/pubmed/37299786 http://dx.doi.org/10.3390/s23115059 |
| _version_ | 1785056841975201792 |
|---|---|
| author | Hu, Wanting Cao, Lu Ruan, Qunsheng Wu, Qingfeng |
| author_facet | Hu, Wanting Cao, Lu Ruan, Qunsheng Wu, Qingfeng |
| author_sort | Hu, Wanting |
| collection | PubMed |
| description | Network traffic anomaly detection is a key step in identifying and preventing network security threats. This study aims to construct a new deep-learning-based traffic anomaly detection model through in-depth research on new feature-engineering methods, significantly improving the efficiency and accuracy of network traffic anomaly detection. The specific research work mainly includes the following two aspects: 1. In order to construct a more comprehensive dataset, this article first starts from the raw data of the classic traffic anomaly detection dataset UNSW-NB15 and combines the feature extraction standards and feature calculation methods of other classic detection datasets to re-extract and design a feature description set for the original traffic data in order to accurately and completely describe the network traffic status. We reconstructed the dataset DNTAD using the feature-processing method designed in this article and conducted evaluation experiments on it. Experiments have shown that by verifying classic machine learning algorithms, such as XGBoost, this method not only does not reduce the training performance of the algorithm but also improves its operational efficiency. 2. This article proposes a detection algorithm model based on LSTM and the recurrent neural network self-attention mechanism for important time-series information contained in the abnormal traffic datasets. With this model, through the memory mechanism of the LSTM, the time dependence of traffic features can be learned. On the basis of LSTM, a self-attention mechanism is introduced, which can weight the features at different positions in the sequence, enabling the model to better learn the direct relationship between traffic features. A series of ablation experiments were also used to demonstrate the effectiveness of each component of the model. The experimental results show that, compared to other comparative models, the model proposed in this article achieves better experimental results on the constructed dataset. |
| format | Online Article Text |
| id | pubmed-10255318 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-102553182023-06-10 Research on Anomaly Network Detection Based on Self-Attention Mechanism Hu, Wanting Cao, Lu Ruan, Qunsheng Wu, Qingfeng Sensors (Basel) Article Network traffic anomaly detection is a key step in identifying and preventing network security threats. This study aims to construct a new deep-learning-based traffic anomaly detection model through in-depth research on new feature-engineering methods, significantly improving the efficiency and accuracy of network traffic anomaly detection. The specific research work mainly includes the following two aspects: 1. In order to construct a more comprehensive dataset, this article first starts from the raw data of the classic traffic anomaly detection dataset UNSW-NB15 and combines the feature extraction standards and feature calculation methods of other classic detection datasets to re-extract and design a feature description set for the original traffic data in order to accurately and completely describe the network traffic status. We reconstructed the dataset DNTAD using the feature-processing method designed in this article and conducted evaluation experiments on it. Experiments have shown that by verifying classic machine learning algorithms, such as XGBoost, this method not only does not reduce the training performance of the algorithm but also improves its operational efficiency. 2. This article proposes a detection algorithm model based on LSTM and the recurrent neural network self-attention mechanism for important time-series information contained in the abnormal traffic datasets. With this model, through the memory mechanism of the LSTM, the time dependence of traffic features can be learned. On the basis of LSTM, a self-attention mechanism is introduced, which can weight the features at different positions in the sequence, enabling the model to better learn the direct relationship between traffic features. A series of ablation experiments were also used to demonstrate the effectiveness of each component of the model. The experimental results show that, compared to other comparative models, the model proposed in this article achieves better experimental results on the constructed dataset. MDPI 2023-05-25 /pmc/articles/PMC10255318/ /pubmed/37299786 http://dx.doi.org/10.3390/s23115059 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Hu, Wanting Cao, Lu Ruan, Qunsheng Wu, Qingfeng Research on Anomaly Network Detection Based on Self-Attention Mechanism |
| title | Research on Anomaly Network Detection Based on Self-Attention Mechanism |
| title_full | Research on Anomaly Network Detection Based on Self-Attention Mechanism |
| title_fullStr | Research on Anomaly Network Detection Based on Self-Attention Mechanism |
| title_full_unstemmed | Research on Anomaly Network Detection Based on Self-Attention Mechanism |
| title_short | Research on Anomaly Network Detection Based on Self-Attention Mechanism |
| title_sort | research on anomaly network detection based on self-attention mechanism |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10255318/ https://www.ncbi.nlm.nih.gov/pubmed/37299786 http://dx.doi.org/10.3390/s23115059 |
| work_keys_str_mv | AT huwanting researchonanomalynetworkdetectionbasedonselfattentionmechanism AT caolu researchonanomalynetworkdetectionbasedonselfattentionmechanism AT ruanqunsheng researchonanomalynetworkdetectionbasedonselfattentionmechanism AT wuqingfeng researchonanomalynetworkdetectionbasedonselfattentionmechanism |