School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, China.
School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876, China.
Sensors (Basel). 2021 Sep 3;21(17):5942. doi: 10.3390/s21175942.
Information and communication technologies have essential impacts on people's life. The real time convenience of the internet greatly facilitates the information transmission and knowledge exchange of users. However, network intruders utilize some communication holes to complete malicious attacks. Some traditional machine learning (ML) methods based on business features and deep learning (DL) methods extracting features automatically are used to identify these malicious behaviors. However, these approaches tend to use only one type of data source, which can result in the loss of some features that can not be mined in the data. In order to address this problem and to improve the precision of malicious behavior detection, this paper proposed a one-dimensional (1D) convolution-based fusion model of packet capture files and business feature data for malicious network behavior detection. Fusion models improve the malicious behavior detection results compared with single ones in some available network traffic and Internet of things (IOT) datasets. The experiments also indicate that early data fusion, feature fusion and decision fusion are all effective in the model. Moreover, this paper also discusses the adaptability of one-dimensional convolution and two-dimensional (2D) convolution to network traffic data.
信息技术对人们的生活有着重要的影响。互联网的实时便利性极大地促进了用户的信息传输和知识交流。然而,网络入侵者利用一些通信漏洞来完成恶意攻击。一些基于业务特征的传统机器学习 (ML) 方法和自动提取特征的深度学习 (DL) 方法被用于识别这些恶意行为。然而,这些方法往往只使用一种类型的数据源,这可能导致一些无法从数据中挖掘出来的特征丢失。为了解决这个问题,提高恶意行为检测的准确性,本文提出了一种基于一维 (1D) 卷积的数据包捕获文件和业务特征数据融合模型,用于恶意网络行为检测。融合模型在一些可用的网络流量和物联网 (IOT) 数据集上提高了恶意行为检测的结果,与单一模型相比。实验还表明,在模型中早期的数据融合、特征融合和决策融合都是有效的。此外,本文还讨论了一维卷积和二维 (2D) 卷积对网络流量数据的适应性。
