{"title":"基于深度学习的局域网原始网络流量异常检测","authors":"Yuwei Sun, H. Ochiai, H. Esaki","doi":"10.1109/CISS50987.2021.9400241","DOIUrl":null,"url":null,"abstract":"The digitalization occurring in various industries is bringing more information transmitted through networks. More resilient and efficient network traffic monitoring systems are in high demand to safeguard network flows. In this article, we presented a combined approach of anomaly detection in LAN based on raw network traffic observation and measurement, the collected data being converted to regulated chunks of 480 bits. A network traffic dataset including multi-type anomalies from a honeypot device in LAN was employed, with a total of two weeks' data. By further integrating the representation with supervised learning and knowledge-based labeling methods, we aim to classify raw network traffic thus detecting anomaly from raw data measurement without using manually crafted features. We conducted the model training against accuracy and evaluated the scheme based on a separated validation set against a metric of precision. Finally, we achieved a validation precision score of 0.980 for detecting ARP flooding, a score of 0.801 for detecting malicious SMB, and a score of 0.815 for detecting TCP SYN flooding respectively.","PeriodicalId":228112,"journal":{"name":"2021 55th Annual Conference on Information Sciences and Systems (CISS)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Deep Learning-Based Anomaly Detection in LAN from Raw Network Traffic Measurement\",\"authors\":\"Yuwei Sun, H. Ochiai, H. Esaki\",\"doi\":\"10.1109/CISS50987.2021.9400241\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The digitalization occurring in various industries is bringing more information transmitted through networks. More resilient and efficient network traffic monitoring systems are in high demand to safeguard network flows. In this article, we presented a combined approach of anomaly detection in LAN based on raw network traffic observation and measurement, the collected data being converted to regulated chunks of 480 bits. A network traffic dataset including multi-type anomalies from a honeypot device in LAN was employed, with a total of two weeks' data. By further integrating the representation with supervised learning and knowledge-based labeling methods, we aim to classify raw network traffic thus detecting anomaly from raw data measurement without using manually crafted features. We conducted the model training against accuracy and evaluated the scheme based on a separated validation set against a metric of precision. Finally, we achieved a validation precision score of 0.980 for detecting ARP flooding, a score of 0.801 for detecting malicious SMB, and a score of 0.815 for detecting TCP SYN flooding respectively.\",\"PeriodicalId\":228112,\"journal\":{\"name\":\"2021 55th Annual Conference on Information Sciences and Systems (CISS)\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-03-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 55th Annual Conference on Information Sciences and Systems (CISS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CISS50987.2021.9400241\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 55th Annual Conference on Information Sciences and Systems (CISS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CISS50987.2021.9400241","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Deep Learning-Based Anomaly Detection in LAN from Raw Network Traffic Measurement
The digitalization occurring in various industries is bringing more information transmitted through networks. More resilient and efficient network traffic monitoring systems are in high demand to safeguard network flows. In this article, we presented a combined approach of anomaly detection in LAN based on raw network traffic observation and measurement, the collected data being converted to regulated chunks of 480 bits. A network traffic dataset including multi-type anomalies from a honeypot device in LAN was employed, with a total of two weeks' data. By further integrating the representation with supervised learning and knowledge-based labeling methods, we aim to classify raw network traffic thus detecting anomaly from raw data measurement without using manually crafted features. We conducted the model training against accuracy and evaluated the scheme based on a separated validation set against a metric of precision. Finally, we achieved a validation precision score of 0.980 for detecting ARP flooding, a score of 0.801 for detecting malicious SMB, and a score of 0.815 for detecting TCP SYN flooding respectively.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
