[1]SUN Jun,XIE Zhenping,WANG Hongbo.An explainable network traffic anomaly detection model with coupled evolutionary sampling and deep decoding[J].CAAI Transactions on Intelligent Systems,2023,18(5):1070-1078.[doi:10.11992/tis.202211035]
Copy

An explainable network traffic anomaly detection model with coupled evolutionary sampling and deep decoding

CAAI Transactions on Intelligent Systems[ISSN 1673-4785/CN 23-1538/TP] Volume: 18 Number of periods: 2023 5 Page number: 1070-1078 Column: 学术论文—机器学习 Public date: 2023-09-05
Title:
An explainable network traffic anomaly detection model with coupled evolutionary sampling and deep decoding
Author(s):
SUN Jun12 XIE Zhenping12 WANG Hongbo3
1. School of Artificial Intelligence and Computer Science, Jiangnan University, Wuxi 214122, China;
2. Jiangsu Key Laboratory of Media Design and Software Technology, Jiangnan University, Wuxi 214122, China;
3. TRS Topwalk Information Techololgy Co., Ltd, Beijing 100089, China
Keywords:
machine learningunsupervised learningtraffic anomaly detectiondeep neural networkexplainabilityevolutionary samplingdeep encondingautoencoder
CLC:
TP391
DOI:
10.11992/tis.202211035
Abstract:
Regarding the lack of explainability in existing network traffic anomaly detection models, this study proposed an explainable network traffic anomaly detection model with coupled evolutionary sampling and deep decoding. First, evolutionary sampling learning is introduced to extract representative feature samples, whereby a strongly explainable sample encoding process is implemented. Second, a coupled learning model of the explainable evolutionary sample encoding process and the unexplainable deep neural network decoding process is constructed. Finally, anomaly detection is performed using the sample encoding results and reconstruction errors. The experimental analysis on NSL-KDD and CICIDS2017 datasets are executed for our model and some existing methods, and corresponding results show that our model can significantly improve model explainability and scale efficiency and achieve the same level of detection performance as existing optimal methods. In addition, our proposed joint learning strategy may provide a highly distinctive scheme reference for the development of explainable machine learning methods.
References:
[1] LIU Hongyu, LANG Bo. Machine learning and deep learning methods for intrusion detection systems: a survey[J]. Applied sciences, 2019, 9(20): 4396.
[2] BHATTACHARYYA D K, KALITA J K. Network anomaly detection: a machine learning perspective[M]. Boca Raton: Crc Press, 2013.
[3] 杨月麟, 毕宗泽. 基于深度学习的网络流量异常检测[J]. 计算机科学, 2021, 48(S2): 540-546
YANG Yuelin, BI Zongze. Network anomaly detection based on deep learning[J]. Computer science, 2021, 48(S2): 540-546
[4] ZONG Bo, SONG Qi, MIN M R, et al. Deep autoencoding Gaussian mixture model for unsupervised anomaly detection[C]//International Conference on Learning Representations. Vancouver: OpenReview, 2018: 1?19.
[5] 席亮, 王瑞东, 樊好义, 等. 基于样本关联感知的无监督深度异常检测模型[J]. 计算机学报, 2021, 44(11): 2317-2331
XI Liang, WANG Ruidong, FAN Haoyi, et al. Sample-correlation-aware unsupervised deep anomaly detection model[J]. Chinese journal of computers, 2021, 44(11): 2317-2331
[6] TAN Zhiyuan, JAMDAGNI A, HE Xiangjian, et al. A system for denial-of-service attack detection based on multivariate correlation analysis[J]. IEEE transactions on parallel and distributed systems, 2014, 25(2): 447-456.
[7] AHMED M, NASER M A, HU Jiankun. A survey of network anomaly detection techniques[J]. Journal of network and computer applications, 2016, 60: 19-31.
[8] TRAN C P, TRAN D K. Anomaly detection in POSTFIX mail log using principal component analysis[C]//2018 10th International Conference on Knowledge and Systems Engineering. Ho Chi Minh City: IEEE, 2018: 107?112.
[9] 李贝贝, 彭力, 戴菲菲. 结合马氏距离与自编码器的网络流量异常检测方法[J]. 计算机工程, 2022, 48(4): 133-142
LI Beibei, PENG Li, DAI Feifei. Abnormal network traffic detection method combining mahalanobis distance and autoencoder[J]. Computer engineering, 2022, 48(4): 133-142
[10] SCHLEGL T, SEEB?CK P, WALDSTEIN S M, et al. Unsupervised anomaly detection with generative adversarial networks to guide marker discovery[C]//International Conference on Information Processing in Medical Imaging. Cham: Springer, 2017: 146?157.
[11] ZENATI H, ROMAIN M, FOO C S, et al. Adversarially learned anomaly detection[C]//2018 IEEE International Conference on Data Mining. Singapore. IEEE, 2018: 727?736.
[12] ZHANG Kunzhong, KANG Xudong, LI Shutao. Isolation forest for anomaly detection in hyperspectral images[C]// 2019 IEEE International Geoscience and Remote Sensing Symposium. Yokohama: IEEE, 2019: 437?440.
[13] SINGH K, MATHAI K J. Performance comparison of intrusion detection system between deep belief network (DBN)algorithm and state preserving extreme learning machine (SPELM) algorithm[C]//2019 IEEE International Conference on Electrical, Computer and Communication Technologies. Coimbatore: IEEE, 2019: 1?7.
[14] 王倩倩, 苗夺谦, 张远健. 深度自编码与自更新稀疏组合的异常事件检测算法[J]. 智能系统学报, 2020, 15(6): 1197-1203
WANG Qianqian, MIAO Duoqian, ZHANG Yuanjian. Abnormal event detection method based on deep auto-encoder and self-updating sparse combination[J]. CAAI transactions on intelligent systems, 2020, 15(6): 1197-1203
[15] ZHAI Shuangfei, CHENG Yu, LU Weining, et al. Deep structured energy based models for anomaly detection[C]//International conference on machine learning. New York: PMLR, 2016: 1100?1109.
[16] GONG Dong, LIU Lingqiao, LE V, et al. Memorizing normality to detect anomaly: memory-augmented deep autoencoder for unsupervised anomaly detection[C]//IEEE/CVF International Conference on Computer Vision. Seoul: IEEE, 2020: 1705?1714.
[17] GOODFELLOW I J, POUGET-ABADIE J, MIRZA M, et al. Generative adversarial nets[C]//Proceedings of the 27th International Conference on Neural Information Processing Systems-Volume 2. New York: ACM, 2014: 2672?2680.
[18] 黄训华, 张凤斌, 樊好义, 等. 基于多模态对抗学习的无监督时间序列异常检测[J]. 计算机研究与发展, 2021, 58(8): 1655-1667
HUANG Xunhua, ZHANG Fengbin, FAN Haoyi, et al. Multimodal adversarial learning based unsupervised time series anomaly detection[J]. Journal of computer research and development, 2021, 58(8): 1655-1667
[19] AUDIBERT J, MICHIARDI P, GUYARD F, et al. USAD: UnSupervised anomaly detection on multivariate time series[C]//Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. New York: ACM, 2020: 3395?3404.
[20] TING Kaiming, XU Bicun, WASHIO T, et al. Isolation distributional kernel: a new tool for kernel based anomaly detection[C]//Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. New York: ACM, 2020: 198?206.
[21] CHEN Yuanhong, TIAN Yu, PANG Guansong, et al. Deep one-class classification via interpolated Gaussian descriptor[J]. Proceedings of the AAAI conference on artificial intelligence, 2022, 36(1): 383-392.
[22] XIE Zhenping, SUN Jun, PALADE V, et al. Evolutionary sampling: a novel way of machine learning within a probabilistic framework[J]. Information sciences, 2015, 299: 262-282.
[23] TAVALLAEE M, BAGHERI E, LU Wei, et al. A detailed analysis of the KDD CUP 99 data set[C]//2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. Ottawa: IEEE, 2009: 1?6.
[24] SHARAFALDIN I, HABIBI L A, GHORBANI A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]//Proceedings of the 4th International Conference on Information Systems Security and Privacy. Portugal: SCITEPRESS-Science and Technology Publications, 2018: 108?116.
[25] LI Kunlun, HUANG Houkuan, TIAN Shengfeng, et al. Improving one-class SVM for anomaly detection[C]//Proceedings of the 2003 International Conference on Machine Learning and Cybernetics. Xi’an: IEEE, 2004: 3077?3081.
[26] AN J, CHO S. Variational autoencoder based anomaly detection using reconstruction probability[J]. Special lecture on IE, 2015, 2(1): 1-18.
Similar References:

Memo

-

Last Update: 1900-01-01

Copyright © CAAI Transactions on Intelligent Systems