Unsupervised network traffic anomaly detection based on score iterations

被引：0

作者：

Ping G. ^{[1
]}

Zeng T. ^{[1
]}

Ye X. ^{[1
]}

机构：

[1] School of Software, Tsinghua University, Beijing

来源：

Qinghua Daxue Xuebao/Journal of Tsinghua University | 2022年 / 62卷 / 05期

关键词：

Anomaly scores; Autoencoder; Computer networks; Deep ordinal regression model; Ensemble learning; Unsupervised;

D O I：

10.16511/j.cnki.qhdxxb.2021.21.045

中图分类号：

学科分类号：

摘要：

Network traffic anomaly detection is limited by the lack of annotation information in the traffic. This paper presents an unsupervised anomaly detection method based on score iterations that overcomes this limitation. An autoencoder based anomaly score iteration process was designed to learn generic anomaly features to determine an initial anomaly score. A deep ordinal regression model based anomaly score iteration process was then designed to learn discriminative anomaly features to further improve the anomaly score accuracy. Deep models, multi-view features and ensemble learning are also used to improve the detection accuracy. Tests on several datasets show that this method has significant advantages over other methods in the absence of annotation information and can be effectively applied to network traffic anomaly detection. © 2022, Tsinghua University Press. All right reserved.

引用

页码：819 / 824

页数：5

共 16 条

[1] LIU F T, TING K M, ZHOU Z H., Isolation forest, Proceedings of the 2008 8th IEEE International Conference on Data Mining, pp. 413-422, (2008)
[2] ZHANG J, JONES K, SONG T Y, Et al., Comparing unsupervised learning approaches to detect network intrusion using netflow data, Proceedings of the 2017 Systems and Information Engineering Design Symposium, pp. 122-127, (2017)
[3] ESKIN E, ARNOLD A, PRERAU M, Et al., A geometric framework for unsupervised anomaly detection, Applications of Data Mining in Computer Security, pp. 77-101, (2002)
[4] RINGBERG H, SOULE A, REXFORD J, Et al., Sensitivity of PCA for traffic anomaly detection, Proceedings of the 2007 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, pp. 109-120, (2007)
[5] PASCOAL C, DE OLIVEIRA M R, VALADAS R, Et al., Robust feature selection and robust PCA for internet traffic anomaly detection, 2012 Proceedings IEEE INFOCOM, pp. 1755-1763, (2012)
[6] MIRZA A H, COSAN S., Computer network intrusion detection using sequential LSTM neural networks autoencoders, Proceedings of the 2018 26th Signal Processing and Communications Applications Conference, pp. 1-4, (2018)
[7] MUNZ G, LI S, CARLE G., Traffic anomaly detection using k-means clustering, Proceedings of Leistungs-, Zuverlässigkeits- und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, 4 GI/ITG Workshop MMBnet, pp. 13-14, (2007)
[8] BOHARA A, THAKORE U, SANDERS W H., Intrusion detection in enterprise systems by combining and clustering diverse monitor data, Proceedings of the Symposium and Bootcamp on the Science of Security, pp. 7-16, (2016)
[9] VINCENT P, LAROCHELLE H, LAJOIE I, Et al., Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion, Journal of Machine Learning Research, 11, pp. 3371-3408, (2010)
[10] MANDIC D P, CHAMBERS J., Recurrent neural networks for prediction: Learning algorithms, architectures and stability, (2001)

← 1 2 →