当前位置: X-MOL 学术J. Big Data › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Model fusion of deep neural networks for anomaly detection
Journal of Big Data ( IF 8.1 ) Pub Date : 2021-08-05 , DOI: 10.1186/s40537-021-00496-w
Nouar AlDahoul 1 , Hezerul Abdul Karim 1 , Abdulaziz Saleh Ba Wazir 1
Affiliation  

Network Anomaly Detection is still an open challenging task that aims to detect anomalous network traffic for security purposes. Usually, the network traffic data are large-scale and imbalanced. Additionally, they have noisy labels. This paper addresses the previous challenges and utilizes million-scale and highly imbalanced ZYELL’s dataset. We propose to train deep neural networks with class weight optimization to learn complex patterns from rare anomalies observed from the traffic data. This paper proposes a novel model fusion that combines two deep neural networks including binary normal/attack classifier and multi-attacks classifier. The proposed solution can detect various network attacks such as Distributed Denial of Service (DDOS), IP probing, PORT probing, and Network Mapper (NMAP) probing. The experiments conducted on a ZYELL’s real-world dataset show promising performance. It was found that the proposed approach outperformed the baseline model in terms of average macro Fβ score and false alarm rate by 17% and 5.3%, respectively.



中文翻译:

用于异常检测的深度神经网络模型融合

网络异常检测仍然是一项开放的具有挑战性的任务,旨在出于安全目的检测异常网络流量。通常,网络流量数据规模庞大且不平衡。此外,它们有嘈杂的标签。本文解决了之前的挑战,并利用了百万级且高度不平衡的 ZYELL 数据集。我们建议使用类权重优化训练深度神经网络,以从交通数据中观察到的罕见异常中学习复杂模式。本文提出了一种新的模型融合,它结合了两个深度神经网络,包括二元正常/攻击分类器和多攻击分类器。所提出的解决方案可以检测各种网络攻击,例如分布式拒绝服务 (DDOS)、IP 探测、端口探测和网络映射器 (NMAP) 探测。在 ZYELL 的真实世界数据集上进行的实验显示出有希望的性能。结果表明,所提出的方法在平均宏观 Fβ 分数和误报率方面分别优于基线模型 17% 和 5.3%。

更新日期:2021-08-10
down
wechat
bug