A Robust and Effective Anomaly Detection Model for Identifying Unknown Network Traffic

Lingjing Kong, Ying Zhou, Huijing Wang
{"title":"A Robust and Effective Anomaly Detection Model for Identifying Unknown Network Traffic","authors":"Lingjing Kong, Ying Zhou, Huijing Wang","doi":"10.2174/2666255816666220920112251","DOIUrl":null,"url":null,"abstract":"Background: Network security is getting more serious and has attracted much attention in recent years. Anomaly detection is an important technology to identify bad network flows and protect the network, which has been a hot topic in the network security field. However, in an anomaly detection system, the unknown network flows are always identified as some known flows in the existing solutions, which results in poorer identification performance. Objective: Aiming at detecting unknown flows and improving the detection performance, based on the KDD’99 dataset from a simulated real network environment, we analyzed the dataset and the main factors which affect the accuracy, and proposed a more robust and effective anomaly detection model (READM) to improve the accuracy of the detection. Methods: Based on unknown flows determination, the extra unknown type class is trained by neural network and identified by deep inspection method. Then, the identification result for unknown class will be updated to the detection system. Finally, the newly proposed robust and effective anomaly detection model (READM) is constructed and validated. Results: Through experiments comparison and analysis, the results indicate that READM achieves higher detection accuracy and less prediction time, which proves more efficient and shows better performance. Conclusion: Our study found that the existence of unknown flows always results in error detection and becomes the main factor influencing the detection performance. So, we propose a robust and effective anomaly detection model based on the construction and training of the extra unknown traffic class. Through the comparison of three experiments with different ways of thinking, it is proved that READM improves detection accuracy and reduces prediction time. Besides, after comparing with other solutions, it also shows better performance and has great application value in this field.","PeriodicalId":36514,"journal":{"name":"Recent Advances in Computer Science and Communications","volume":"69 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Recent Advances in Computer Science and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2174/2666255816666220920112251","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 0

Abstract

Background: Network security is getting more serious and has attracted much attention in recent years. Anomaly detection is an important technology to identify bad network flows and protect the network, which has been a hot topic in the network security field. However, in an anomaly detection system, the unknown network flows are always identified as some known flows in the existing solutions, which results in poorer identification performance. Objective: Aiming at detecting unknown flows and improving the detection performance, based on the KDD’99 dataset from a simulated real network environment, we analyzed the dataset and the main factors which affect the accuracy, and proposed a more robust and effective anomaly detection model (READM) to improve the accuracy of the detection. Methods: Based on unknown flows determination, the extra unknown type class is trained by neural network and identified by deep inspection method. Then, the identification result for unknown class will be updated to the detection system. Finally, the newly proposed robust and effective anomaly detection model (READM) is constructed and validated. Results: Through experiments comparison and analysis, the results indicate that READM achieves higher detection accuracy and less prediction time, which proves more efficient and shows better performance. Conclusion: Our study found that the existence of unknown flows always results in error detection and becomes the main factor influencing the detection performance. So, we propose a robust and effective anomaly detection model based on the construction and training of the extra unknown traffic class. Through the comparison of three experiments with different ways of thinking, it is proved that READM improves detection accuracy and reduces prediction time. Besides, after comparing with other solutions, it also shows better performance and has great application value in this field.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
一种鲁棒有效的未知网络流量异常检测模型
背景:网络安全问题日益严重,近年来备受关注。异常检测是识别不良网络流、保护网络安全的重要技术,一直是网络安全领域的研究热点。然而,在异常检测系统中,未知的网络流总是被识别为现有解决方案中的一些已知流,导致识别性能较差。目的:以检测未知流量并提高检测性能为目标,基于模拟真实网络环境的KDD ' 99数据集,分析了数据集及影响检测精度的主要因素,提出了一种鲁棒性更强、更有效的异常检测模型(READM),以提高检测精度。方法:在确定未知流量的基础上,利用神经网络训练多余的未知类型类,并用深度检测方法进行识别。然后,将未知类的识别结果更新到检测系统。最后,构建并验证了新提出的鲁棒有效的异常检测模型(READM)。结果:通过实验对比和分析,结果表明READM的检测精度更高,预测时间更短,效率更高,性能更好。结论:我们的研究发现,未知流的存在往往会导致检测误差,成为影响检测性能的主要因素。因此,我们提出了一种基于额外未知流量类的构造和训练的鲁棒有效的异常检测模型。通过三个不同思维方式的实验对比,证明了READM提高了检测精度,缩短了预测时间。此外,经过与其他解决方案的比较,也显示出更好的性能,在该领域具有很大的应用价值。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Recent Advances in Computer Science and Communications
Recent Advances in Computer Science and Communications Computer Science-Computer Science (all)
CiteScore
2.50
自引率
0.00%
发文量
142
期刊最新文献
Flood Mapping and Damage Analysis Using Multispectral Sentinel-2 Satellite Imagery and Machine Learning Techniques Efficacy of Keystroke Dynamics-Based User Authentication in the Face of Language Complexity Innovation in Knowledge Economy: A Case Study of 3D Printing's Rise in Global Markets and India Cognitive Inherent SLR Enabled Survey for Software Defect Prediction An Era of Communication Technology Using Machine Learning Techniques in Medical Imaging
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1