摘 要:为解决网络应用层流量所带来的安全隐患与传统检测方法极大地消耗设备性能的问题,提出一种基于自编码器算法的网络正常流量过滤的解决方案。该方案对数据流量集进行规则预处理后,提取流行为上的统计特征,对提取的特征进行自编码器算法的模型过滤。实验结果表明,该方案可过滤掉大部分网络中的正常流量,相较于传统的流量检测方法,整体的过滤性能显著提升。
关键词:网络正常流量;自编码器算法;CICIDS2017 数据集;Wireshark
DOI:10.19850/j.cnki.2096-4706.2021.17.017
中图分类号:TP393 文献标识码:A 文章编号:2096-4706(2021)17-0069-04
Network Normal Traffic Filtering Scheme Based on AutoEncoder Algorithm
YAN Xiaoyu1 , ZHANG Jing1 , LI Zhimin2 , TANG Wenwei 2
(1.School of Medical Technology and Information Engineering, Zhejiang Chinese Medical University, Hangzhou 310053, China; 2.Information Technology Center, Zhejiang Chinese Medical University, Hangzhou 310053, China)
Abstract: In order to solve the hidden danger caused by network application layer traffic and the problem that traditional detection methods greatly consume equipment performance, a solution of network normal traffic filtering based on AutoEncoder algorithm is proposed. After the rule preprocessing of the data traffic set, statistical features on traffic behavior are extracted, and the extracted features are filtered by the model of the AutoEncoder algorithm. The experimental results show that this scheme can filter out most of normal traffic in the networks. Compared with the traditional traffic detection method, its overall filtration performance is improved greatly.
Keywords: network normal traffic; AutoEncoder algorithm; CICIDS2017 data set; Wireshark
参考文献:
[1] LIU H Y,LANG B. Machine Learning and Deep Learming Methods for Intrusion Detection Systems:A Survey [J].Applied Sciences,2019,9(20):4396-4420.
[2] YEGANEH S H,EFTEKHAR M,GANJALI Y,et al. CUTE:Traffic Classification Using Terms [C]//International Conference on Computer Communications & Networks.IEEE,2012.
[3] YADAV M S,KALPANA R. Data preprocessing for intrusion detection system using encoding and normalization approaches [C]//2019 11th International Conference on Advanced Computing(ICOAC). Chennai:IEEE,2019:265-269.
[4] PANIGRAHI R,Borah S. A Detailed Analysis of CICIDS2017 Dataset for Designing Intrusion Detection Systems [EB/OL].[2021-08-02]. https://www.researchgate.net/publication/329045441_A_detailed_analysis_ of_CICIDS2017_dataset_for_designing_Intrusion_Detection_Systems.
[5] 赵怡 . 利用 Wireshark 实现数据包分析的应用案例 [J]. 电脑编程技巧与维护,2018(5):106-108.
[6] 郑闻尧 .Web 视频流量分析与资源管理 [D]. 北京:北京邮电大学,2019.
[7] MCGREGOR A, HALL M, LORIER P,et al. Flow Clustering Using Machine Learning Techniques [C]//International Passive & Active Network Measurement International Workshop. DBLP,2004.
[8] 王攀,陈雪娇 . 基于堆栈式自动编码器的加密流量识别方法 [J]. 计算机工程,2018,44(11):140-147+153.
[9] 黎佳玥,赵波,李想,等 . 基于深度学习的网络流量异常预测方法 [J]. 计算机工程与应用,2020,56(6):39-50.
[10] 胡宁,方兰婷,秦中元 . 基于随机森林和深度自编码高斯混合模型的无监督入侵检测方法 [J].网络空间安全,2020,11(8): 40-44+50.
[11] 翟宝峰 .SQL 注入攻击的分析与防范 [J]. 辽宁工业大学学报(自然科学版),2021,41(3):141-143+147.
[12] 郭彩霞 . 基于机器学习的 HTTP-DDoS 攻击检测方法研究 [D]. 扬州:扬州大学,2020.
作者简介:闫晓宇(2001—),女,汉族,陕西咸阳人,本科在读,研究方向:网络流量分析技术;张靓(2000—),女,汉族,山西晋城人,本科在读,研究方向:网络流量分析技术;李志敏(1975—),女,汉族,湖北黄冈人,副教授,硕士,研究方向: 大数据处理与分析;通讯作者:唐雯炜(1984—),男,汉族,杭州富阳人,实验师,学士学位,研究方向:网络信息安全。