Research on Anomaly Network Detection Based on Self-Attention Mechanism
Network traffic anomaly detection is a key step in identifying and preventing network security threats. This study aims to construct a new deep-learning-based traffic anomaly detection model through in-depth research on new feature-engineering methods, significantly improving the efficiency and accu...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2023-05-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/23/11/5059 |
| _version_ | 1827739246478229504 |
|---|---|
| author | Wanting Hu Lu Cao Qunsheng Ruan Qingfeng Wu |
| author_facet | Wanting Hu Lu Cao Qunsheng Ruan Qingfeng Wu |
| author_sort | Wanting Hu |
| collection | DOAJ |
| description | Network traffic anomaly detection is a key step in identifying and preventing network security threats. This study aims to construct a new deep-learning-based traffic anomaly detection model through in-depth research on new feature-engineering methods, significantly improving the efficiency and accuracy of network traffic anomaly detection. The specific research work mainly includes the following two aspects: 1. In order to construct a more comprehensive dataset, this article first starts from the raw data of the classic traffic anomaly detection dataset UNSW-NB15 and combines the feature extraction standards and feature calculation methods of other classic detection datasets to re-extract and design a feature description set for the original traffic data in order to accurately and completely describe the network traffic status. We reconstructed the dataset DNTAD using the feature-processing method designed in this article and conducted evaluation experiments on it. Experiments have shown that by verifying classic machine learning algorithms, such as XGBoost, this method not only does not reduce the training performance of the algorithm but also improves its operational efficiency. 2. This article proposes a detection algorithm model based on LSTM and the recurrent neural network self-attention mechanism for important time-series information contained in the abnormal traffic datasets. With this model, through the memory mechanism of the LSTM, the time dependence of traffic features can be learned. On the basis of LSTM, a self-attention mechanism is introduced, which can weight the features at different positions in the sequence, enabling the model to better learn the direct relationship between traffic features. A series of ablation experiments were also used to demonstrate the effectiveness of each component of the model. The experimental results show that, compared to other comparative models, the model proposed in this article achieves better experimental results on the constructed dataset. |
| first_indexed | 2024-03-11T02:58:07Z |
| format | Article |
| id | doaj.art-de1e4d5eb3534d9c8da603aae5c7d2f6 |
| institution | Directory Open Access Journal |
| issn | 1424-8220 |
| language | English |
| last_indexed | 2024-03-11T02:58:07Z |
| publishDate | 2023-05-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj.art-de1e4d5eb3534d9c8da603aae5c7d2f62023-11-18T08:31:59ZengMDPI AGSensors1424-82202023-05-012311505910.3390/s23115059Research on Anomaly Network Detection Based on Self-Attention MechanismWanting Hu0Lu Cao1Qunsheng Ruan2Qingfeng Wu3University of Xiamen, Xiamen 361005, ChinaUniversity of Xiamen, Xiamen 361005, ChinaUniversity of Xiamen, Xiamen 361005, ChinaUniversity of Xiamen, Xiamen 361005, ChinaNetwork traffic anomaly detection is a key step in identifying and preventing network security threats. This study aims to construct a new deep-learning-based traffic anomaly detection model through in-depth research on new feature-engineering methods, significantly improving the efficiency and accuracy of network traffic anomaly detection. The specific research work mainly includes the following two aspects: 1. In order to construct a more comprehensive dataset, this article first starts from the raw data of the classic traffic anomaly detection dataset UNSW-NB15 and combines the feature extraction standards and feature calculation methods of other classic detection datasets to re-extract and design a feature description set for the original traffic data in order to accurately and completely describe the network traffic status. We reconstructed the dataset DNTAD using the feature-processing method designed in this article and conducted evaluation experiments on it. Experiments have shown that by verifying classic machine learning algorithms, such as XGBoost, this method not only does not reduce the training performance of the algorithm but also improves its operational efficiency. 2. This article proposes a detection algorithm model based on LSTM and the recurrent neural network self-attention mechanism for important time-series information contained in the abnormal traffic datasets. With this model, through the memory mechanism of the LSTM, the time dependence of traffic features can be learned. On the basis of LSTM, a self-attention mechanism is introduced, which can weight the features at different positions in the sequence, enabling the model to better learn the direct relationship between traffic features. A series of ablation experiments were also used to demonstrate the effectiveness of each component of the model. The experimental results show that, compared to other comparative models, the model proposed in this article achieves better experimental results on the constructed dataset.https://www.mdpi.com/1424-8220/23/11/5059anomaly detectionfeature engineeringattention mechanism |
| spellingShingle | Wanting Hu Lu Cao Qunsheng Ruan Qingfeng Wu Research on Anomaly Network Detection Based on Self-Attention Mechanism Sensors anomaly detection feature engineering attention mechanism |
| title | Research on Anomaly Network Detection Based on Self-Attention Mechanism |
| title_full | Research on Anomaly Network Detection Based on Self-Attention Mechanism |
| title_fullStr | Research on Anomaly Network Detection Based on Self-Attention Mechanism |
| title_full_unstemmed | Research on Anomaly Network Detection Based on Self-Attention Mechanism |
| title_short | Research on Anomaly Network Detection Based on Self-Attention Mechanism |
| title_sort | research on anomaly network detection based on self attention mechanism |
| topic | anomaly detection feature engineering attention mechanism |
| url | https://www.mdpi.com/1424-8220/23/11/5059 |
| work_keys_str_mv | AT wantinghu researchonanomalynetworkdetectionbasedonselfattentionmechanism AT lucao researchonanomalynetworkdetectionbasedonselfattentionmechanism AT qunshengruan researchonanomalynetworkdetectionbasedonselfattentionmechanism AT qingfengwu researchonanomalynetworkdetectionbasedonselfattentionmechanism |