摘要
针对传统动态网络异常行为检测方法对不同种类的入侵行为检测率低、检测速度慢的问题,提出一种基于长短时记忆模型(LSTM)的异常行为检测方法。该方法首先通过对动态网络结构的变化特征进行分析,总结出图结构距离特征,用来表示动态网络的变化趋势;其次,使用增量并行式算法(DPADS)通过最小长度原理(MDL)压缩图结构,并计算图结构之间的差异度,以减少内存消耗,提高检测效率;最后使用LSTM算法对数据集进行训练,完成异常行为检测。通过使用IDS2018数据集进行仿真实验,验证方法的有效性。实验结果表明,基于LSTM的动态网络异常行为检测方法与其他传统的异常检测方法相比,准确率提高了7%,召回率提高了5%以上,检测效果良好。
Aiming at the problem of low detection rate and slow detection speed for different types of intrusion behaviors in traditional abnormal behavior detection methods,detection method of abnormal behavior of dynamic network based on LSTM is proposed.This method first analyzes the ever-changing characteristics of the dynamic network structure,and summarizes the distance characteristics of the Egonet graph structure,which is used to indicate the change trend of the dynamic network.Secondly the(Dynamic ParallelAnomaly Detections,DPADS)algorithm is used to compress the graph structure through the principle of minimum length(Minimum Description Length,MDL),and the difference between the graph structures is calculated to reduce memory consumption and improve detection efficiency.Finally,the LSTM algorithm is used to train the data set to complete the detection metnod of abnormal behavior.In the Python3 environment,simulation experiments are carried out through the IDS2018 data set to verify the effectiveness of the method.Experimental results show that,compared with other traditional anomaly detection methods,the detection method of abnormal behavior of dynamic network based on LSTM has improved accuracy by 7% and recall by more than 5%,achieving a good detection effect.
作者
孙先亮
谭小波
SUN Xianliang;TAN Xiaobo(Shenyang Ligong University,Shenyang 110159,China)
出处
《沈阳理工大学学报》
CAS
2021年第6期22-26,共5页
Journal of Shenyang Ligong University
关键词
异常行为检测
长短时记忆模型
图结构特征
最小长度原理
abnormal behaviour detection
long short-term memory
dynamic network model
minimum length principle
