• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

基于自注意力机制的异常网络检测研究。

Research on Anomaly Network Detection Based on Self-Attention Mechanism.

机构信息

University of Xiamen, Xiamen 361005, China.

出版信息

Sensors (Basel). 2023 May 25;23(11):5059. doi: 10.3390/s23115059.

DOI:10.3390/s23115059
PMID:37299786
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC10255318/
Abstract

Network traffic anomaly detection is a key step in identifying and preventing network security threats. This study aims to construct a new deep-learning-based traffic anomaly detection model through in-depth research on new feature-engineering methods, significantly improving the efficiency and accuracy of network traffic anomaly detection. The specific research work mainly includes the following two aspects: 1. In order to construct a more comprehensive dataset, this article first starts from the raw data of the classic traffic anomaly detection dataset UNSW-NB15 and combines the feature extraction standards and feature calculation methods of other classic detection datasets to re-extract and design a feature description set for the original traffic data in order to accurately and completely describe the network traffic status. We reconstructed the dataset DNTAD using the feature-processing method designed in this article and conducted evaluation experiments on it. Experiments have shown that by verifying classic machine learning algorithms, such as XGBoost, this method not only does not reduce the training performance of the algorithm but also improves its operational efficiency. 2. This article proposes a detection algorithm model based on LSTM and the recurrent neural network self-attention mechanism for important time-series information contained in the abnormal traffic datasets. With this model, through the memory mechanism of the LSTM, the time dependence of traffic features can be learned. On the basis of LSTM, a self-attention mechanism is introduced, which can weight the features at different positions in the sequence, enabling the model to better learn the direct relationship between traffic features. A series of ablation experiments were also used to demonstrate the effectiveness of each component of the model. The experimental results show that, compared to other comparative models, the model proposed in this article achieves better experimental results on the constructed dataset.

摘要

网络流量异常检测是识别和预防网络安全威胁的关键步骤。本研究旨在通过深入研究新的特征工程方法,构建一种新的基于深度学习的流量异常检测模型,显著提高网络流量异常检测的效率和准确性。具体研究工作主要包括以下两个方面:

  1. 为了构建更全面的数据集,本文首先从经典流量异常检测数据集 UNSW-NB15 的原始数据入手,结合其他经典检测数据集的特征提取标准和特征计算方法,重新提取和设计原始流量数据的特征描述集,以准确、完整地描述网络流量状态。我们使用本文设计的特征处理方法对数据集 DNTAD 进行了重建,并对其进行了评估实验。实验表明,通过验证经典机器学习算法,如 XGBoost,这种方法不仅不会降低算法的训练性能,反而提高了其运行效率。

  2. 本文提出了一种基于 LSTM 和递归神经网络自注意力机制的检测算法模型,用于异常流量数据集中包含的重要时间序列信息。通过该模型,通过 LSTM 的记忆机制,可以学习流量特征的时间依赖性。在 LSTM 的基础上,引入了自注意力机制,可以对序列中不同位置的特征进行加权,使模型能够更好地学习流量特征之间的直接关系。还进行了一系列消融实验,以证明模型中每个组件的有效性。实验结果表明,与其他对比模型相比,本文提出的模型在构建的数据集上取得了更好的实验结果。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4cfd/10255318/1d8dc9f05c56/sensors-23-05059-g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4cfd/10255318/f37fd498412f/sensors-23-05059-g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4cfd/10255318/8a1a95c90e7b/sensors-23-05059-g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4cfd/10255318/a1c83e264de3/sensors-23-05059-g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4cfd/10255318/96af764f545c/sensors-23-05059-g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4cfd/10255318/1d8dc9f05c56/sensors-23-05059-g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4cfd/10255318/f37fd498412f/sensors-23-05059-g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4cfd/10255318/8a1a95c90e7b/sensors-23-05059-g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4cfd/10255318/a1c83e264de3/sensors-23-05059-g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4cfd/10255318/96af764f545c/sensors-23-05059-g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/4cfd/10255318/1d8dc9f05c56/sensors-23-05059-g005.jpg

相似文献

1
Research on Anomaly Network Detection Based on Self-Attention Mechanism.基于自注意力机制的异常网络检测研究。
Sensors (Basel). 2023 May 25;23(11):5059. doi: 10.3390/s23115059.
2
A hybrid feature weighted attention based deep learning approach for an intrusion detection system using the random forest algorithm.基于混合特征加权注意力的深度学习方法与随机森林算法在入侵检测系统中的应用。
PLoS One. 2024 May 23;19(5):e0302294. doi: 10.1371/journal.pone.0302294. eCollection 2024.
3
DOC-IDS: A Deep Learning-Based Method for Feature Extraction and Anomaly Detection in Network Traffic.文档 ID:一种基于深度学习的网络流量特征提取和异常检测方法。
Sensors (Basel). 2022 Jun 10;22(12):4405. doi: 10.3390/s22124405.
4
Deep Encrypted Traffic Detection: An Anomaly Detection Framework for Encryption Traffic Based on Parallel Automatic Feature Extraction.深度加密流量检测:一种基于并行自动特征提取的加密流量异常检测框架。
Comput Intell Neurosci. 2023 Mar 10;2023:3316642. doi: 10.1155/2023/3316642. eCollection 2023.
5
GSOOA-1DDRSN: Network traffic anomaly detection based on deep residual shrinkage networks.GSOOA-1DDRSN:基于深度残差收缩网络的网络流量异常检测
Heliyon. 2024 May 29;10(11):e32087. doi: 10.1016/j.heliyon.2024.e32087. eCollection 2024 Jun 15.
6
Anomalous Network Traffic Detection Method Based on an Elevated Harris Hawks Optimization Method and Gated Recurrent Unit Classifier.基于提升型哈里斯鹰优化算法和门控循环单元分类器的异常网络流量检测方法。
Sensors (Basel). 2022 Oct 5;22(19):7548. doi: 10.3390/s22197548.
7
Network Anomaly Traffic Detection Algorithm Based on RIC-SC-DeCN.基于 RIC-SC-DeCN 的网络异常流量检测算法。
Comput Intell Neurosci. 2022 May 24;2022:8315442. doi: 10.1155/2022/8315442. eCollection 2022.
8
An effective method for anomaly detection in industrial Internet of Things using XGBoost and LSTM.一种使用XGBoost和长短期记忆网络(LSTM)在工业物联网中进行异常检测的有效方法。
Sci Rep. 2024 Oct 14;14(1):23969. doi: 10.1038/s41598-024-74822-6.
9
A multi-information fusion anomaly detection model based on convolutional neural networks and AutoEncoder.一种基于卷积神经网络和自动编码器的多信息融合异常检测模型。
Sci Rep. 2024 Jul 12;14(1):16147. doi: 10.1038/s41598-024-66760-0.
10
Malicious Network Traffic Detection Based on Deep Neural Networks and Association Analysis.基于深度神经网络和关联分析的恶意网络流量检测。
Sensors (Basel). 2020 Mar 6;20(5):1452. doi: 10.3390/s20051452.

引用本文的文献

1
Text intelligent correction in English translation: A study on integrating models with dependency attention mechanism.英文翻译中的文本智能校正:一项关于集成具有依存注意力机制模型的研究。
PLoS One. 2025 Jun 24;20(6):e0319690. doi: 10.1371/journal.pone.0319690. eCollection 2025.
2
MFF-YOLO: An Accurate Model for Detecting Tunnel Defects Based on Multi-Scale Feature Fusion.MFF-YOLO:一种基于多尺度特征融合的隧道缺陷检测精确模型。
Sensors (Basel). 2023 Jul 18;23(14):6490. doi: 10.3390/s23146490.

本文引用的文献

1
A Hybrid Intrusion Detection Model Using EGA-PSO and Improved Random Forest Method.基于 EGA-PSO 和改进随机森林的混合入侵检测模型
Sensors (Basel). 2022 Aug 10;22(16):5986. doi: 10.3390/s22165986.
2
A Framework for Malicious Traffic Detection in IoT Healthcare Environment.物联网医疗环境中的恶意流量检测框架。
Sensors (Basel). 2021 Apr 26;21(9):3025. doi: 10.3390/s21093025.