基于自适应集成学习的异常流量检测

信息安全研究 ›› 2024, Vol. 10 ›› Issue (1): 34-.

基于自适应集成学习的异常流量检测

倪嘉翼1陈伟1,2童家铖1李频1

1(南京邮电大学计算机学院、软件学院、网络空间安全学院南京210023)
2(江苏省大数据安全与智能处理重点实验室南京210023)

出版日期:2024-01-10 发布日期:2024-01-21
通讯作者: 倪嘉翼硕士.主要研究方向为网络安全、网络入侵检测. njiay@outlook.com
作者简介:倪嘉翼硕士.主要研究方向为网络安全、网络入侵检测. njiay@outlook.com 陈伟博士，教授.主要研究方向为无线网络安全、移动互联网安全. chenwei@njupt.edu.cn 童家铖硕士.主要研究方向为网络安全、加密恶意流量检测. Oc34nus@outlook.com 李频硕士，副教授.主要研究方向为网络与信息安全. lipin7421@163.com

Abnormal Traffic Detection Based on Adaptive Integrated Learning

Ni Jiayi1, Chen Wei1,2, Tong Jiacheng1, and Li Pin1#br#

#br#

1(School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023)
2(Jiangsu Key Laboratory of Big Data Security and Intelligent Processing, Nanjing 210023)

Online:2024-01-10 Published:2024-01-21

摘要/Abstract

摘要： 提出了一种基于自适应集成学习的异常流量检测方法，使用离散傅里叶变换提取流量的频域特征，使得对流量特征提取过程中信息损失较小.用一种基于稳定性和准确性波动的评估指标来动态评估当前流量特征的可靠性，通过评估的特征数据块用于生成新的子分类器.同时，设计了一种集成自适应分类器，其参数和子分类器会根据当前的情况进行实时调整.实验结果表明，该方法对于解决异常流量检测中的概念漂移问题和机器学习对抗攻击问题有良好的效果.

关键词: 异常流量检测, 频域特征, 概念漂移, 集成学习, 自适应学习

Abstract: We propose an adaptive integratelearningbased anomalous traffic detection method in this paper that uses the discrete Fourier transform to extract the frequency domain features of traffic, resulting in less information loss during the extraction of traffic features. An evaluation metric based on stability and accuracy fluctuations is used to dynamically assess the reliability of the current traffic features, and the feature data blocks that pass the evaluation are used to generate new subclassifiers. Meanwhile, an integrated adaptive classifier is designed, whose parameters and subclassifiers are adjusted in real time according to the current situation. The experimental results show that the method is effective for solving the concept drift problem in anomalous traffic detection and machine learning against attacks.

Key words: anomalous traffic detection, frequency domain feature, concept drift, integration learning, adaptive learning

中图分类号:

TP393.08

倪嘉翼, 陈伟, 童家铖, 李频, . 基于自适应集成学习的异常流量检测[J]. 信息安全研究, 2024, 10(1): 34-.

参考文献

［1］何红艳, 黄国言, 张炳, 等. 基于多种特征选择策略的入侵检测模型研究［J］. 信息安全研究, 2021, 7(3): 225232［2］蹇诗婕, 卢志刚, 姜波, 等. 基于层次聚类方法的流量异常检测［J］. 信息安全研究, 2020, 6(6): 474481［3］Liu H, Hao G, Xing B. Entropy clusteringbased granular classifiers for network intrusion detection［J］. EURASIP Journal on Wireless Communications and Networking, 2020, 2020(1): 110［4］Zheng J, Li Q, Gu G, et al. Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis［J］. IEEE Trans on Information Forensics and Security, 2018, 13(7): 18381853［5］Vinayakumar R, Soman K P, Poornachandran P. Applying convolutional neural network for network intrusion detection［C］ Proc of the 2017 Int Conf on Advances in Computing, Communications and Informatics. Piscataway, NJ: IEEE, 2017: 12221228［6］Javaid A, Niyaz Q, Sun W, et al. A deep learning approach for network intrusion detection system［C］ Proc of the 9th EAI Int Conf on Bioinspired Information and Communications Technologies. New York: ACM, 2016: 2126［7］Chowdhury M M U, Hammond F, Konowicz G, et al. A fewshot deep learning approach for improved intrusion detection［C］ Proc of the 8th IEEE Annual Ubiquitous Computing, Electronics and Mobile Communication Conf. Piscataway, NJ: IEEE, 2017: 456462［8］Zong B, Song Q, Min M R, et al. Deep autoencoding gaussian mixture model for unsupervised anomaly detection［COL］ Proc of Int Conf on learning representations. 2018 ［20230619］. https:openreview.netpdf?id=BJJLHbb0［9］Callegari C, Giordano S, Pagano M. Statistical network anomaly detection: An experimental study［C］ Proc of the 2nd Int Conf on Future Network Systems and Security. Berlin: Springer, 2016: 1225［10］Fu C, Li Q, Shen M, et al. Realtime robust malicious traffic detection via frequency domain analysis［C］ Proc of the 2021 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2021: 34313446［11］Gao X, Shan C, Hu C, et al. An adaptive ensemble machine learning model for intrusion detection［J］. IEEE Access, 2019, 7: 8251282521［12］Farid D M, Zhang L, Hossain A, et al. An adaptive ensemble classifier for mining concept drifting data streams［J］. Expert Systems with Applications, 2013, 40(15): 58955906［13］Wang X. ENIDrift: A Fast and Adaptive Ensemble System for Network Intrusion Detection under Realworld Drift［C］ Proc of the 38th Annual Computer Security Applications Conf. New York: ACM, 2022: 785798［14］Sharafaldin I, Lashkari A H, Ghorbani A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization［C］ Proc of Int Conf on Information Systems Security and Privacy. Setúbal, PT: Scitevents, 2018: 108116

[1]	张鹏飞. 基于机器学习的入侵检测模型对比研究[J]. 信息安全研究, 2023, 9(8): 739-.
[2]	王志强, 王姿旖, 倪安发, . 基于Stacking集成学习的区块链异常交易检测技术研究[J]. 信息安全研究, 2023, 9(2): 98-.
[3]	谷勇浩郭振洋. 基于网络流量的Fast-flux僵尸网络域名检测方法[J]. 信息安全研究, 2020, 6(5): 388-395.