计算机工程与应用 ›› 2020, Vol. 56 ›› Issue (6): 39-50.DOI: 10.3778/j.issn.1002-8331.1910-0243

• 热点与综述 • 上一篇    下一篇

基于深度学习的网络流量异常预测方法

黎佳玥,赵波,李想,刘会,刘一凡,邹建文   

  1. 武汉大学 国家网络安全学院 空天信息安全与可信计算教育部重点实验室,武汉 430072
  • 出版日期:2020-03-15 发布日期:2020-03-13

Network Traffic Anomaly Prediction Method Based on Deep Learning

LI Jiayue, ZHAO Bo, LI Xiang, LIU Hui, LIU Yifan, ZOU Jianwen   

  1. Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China
  • Online:2020-03-15 Published:2020-03-13

摘要:

针对网络入侵检测系统(NIDS)能够检测当前系统中存在的网络安全事件,但由于自身的高误报率和识别安全事件产生的时延,无法提前对网络安全事件进行准确率较高的预警功能,严重制约了NIDS的实际应用和未来发展的问题,提出了基于深度学习的网络流量异常预测方法。该方法提出了一种结合深度学习算法中长短期记忆网络和卷积神经网络的预测模型,能够训练得到网络流量数据的时空特征,实现预测下一时段网络流量特征变化和网络安全事件分类识别,为NIDS实现网络安全事件的预警功能提供了方法分析。实验通过使用设计好的神经网络框架对入侵检测系统流量数据集CICIDS2017进行了训练和性能测试,在该方法下流量分类的误报率下降到0.26%,总体准确率达到了99.57%,流量特征预测模型R2的最佳效果达到了0.762。

关键词: 网络入侵检测, 深度学习, 流量异常检测, 流量预测, 神经网络

Abstract:

The Network Intrusion Detection System(NIDS) can detect network security events in the current system. However, due to its high false alarm rate and the delay in identifying security events, it is not possible to provide a high-precision early warning function for network security events in advance, which seriously restricts the practical application and future development of NIDS. A network traffic anomaly prediction method based on deep learning is proposed. This method proposes a prediction model that combines long-short-term memory network and convolutional neural network of deep learning algorithms, which can learn the spatiotemporal characteristics of network traffic data and realizes the prediction of changes in traffic characteristics and network security event classification in the next period. It provides method analysis for NIDS to realize the early warning function of network security events. The experiment uses the designed neural network framework to train and test the intrusion detection system traffic dataset CICIDS2017. Under this method, the false alarm rate of traffic classification decreases to 0.26%, the overall accuracy rate reaches 99.57% and the best effect of traffic feature prediction model R2 reaches 0.762.

Key words: network intrusion detection, deep learning, traffic anomaly detection, traffic forecast, neural network