基于叶节点密度比的网络异常流量检测

Proceedings of the 2019 9th International Conference on Communication and Network Security Pub Date : 2019-11-15 DOI:10.1145/3371676.3371678

Huajun Liu, Zhanghui Liu, Yanhua Liu, Xiaoling Gao

{"title":"基于叶节点密度比的网络异常流量检测","authors":"Huajun Liu, Zhanghui Liu, Yanhua Liu, Xiaoling Gao","doi":"10.1145/3371676.3371678","DOIUrl":null,"url":null,"abstract":"As the network evolves, cyber-attacks become more and more diverse. In the process of detecting network traffic, the most complicated but also the most important task is to find unknown abnormal network traffic data in time. In the existing abnormal network traffic detection method based on Extended Isolation Forest, there are limitations such as unbalanced detection accuracy and insufficient generalization ability. An improved abnormal network traffic detection method EIF-LNDR is proposed for the above problems. Based on the leaf node density ratio, the anomaly score of the instance can be calculated differently for each iTree. The experiments show that EIF-LNDR has significant improvement in precision, false negative rate, and detector efficiency compared with Extended Isolation Forest and LOF methods.","PeriodicalId":352443,"journal":{"name":"Proceedings of the 2019 9th International Conference on Communication and Network Security","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Abnormal Network Traffic Detection based on Leaf Node Density Ratio\",\"authors\":\"Huajun Liu, Zhanghui Liu, Yanhua Liu, Xiaoling Gao\",\"doi\":\"10.1145/3371676.3371678\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As the network evolves, cyber-attacks become more and more diverse. In the process of detecting network traffic, the most complicated but also the most important task is to find unknown abnormal network traffic data in time. In the existing abnormal network traffic detection method based on Extended Isolation Forest, there are limitations such as unbalanced detection accuracy and insufficient generalization ability. An improved abnormal network traffic detection method EIF-LNDR is proposed for the above problems. Based on the leaf node density ratio, the anomaly score of the instance can be calculated differently for each iTree. The experiments show that EIF-LNDR has significant improvement in precision, false negative rate, and detector efficiency compared with Extended Isolation Forest and LOF methods.\",\"PeriodicalId\":352443,\"journal\":{\"name\":\"Proceedings of the 2019 9th International Conference on Communication and Network Security\",\"volume\":\"52 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-11-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2019 9th International Conference on Communication and Network Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3371676.3371678\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2019 9th International Conference on Communication and Network Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3371676.3371678","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

随着网络的发展，网络攻击变得越来越多样化。在网络流量检测过程中，及时发现未知的异常网络流量数据是最复杂也是最重要的任务。现有的基于扩展隔离森林的网络异常流量检测方法存在检测精度不均衡、泛化能力不足等局限性。针对上述问题，提出了一种改进的网络异常流量检测方法EIF-LNDR。基于叶节点密度比，可以为每个iTree计算不同实例的异常评分。实验表明，与扩展隔离森林和LOF方法相比，EIF-LNDR在检测精度、假阴性率和检测效率方面都有显著提高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Abnormal Network Traffic Detection based on Leaf Node Density Ratio

As the network evolves, cyber-attacks become more and more diverse. In the process of detecting network traffic, the most complicated but also the most important task is to find unknown abnormal network traffic data in time. In the existing abnormal network traffic detection method based on Extended Isolation Forest, there are limitations such as unbalanced detection accuracy and insufficient generalization ability. An improved abnormal network traffic detection method EIF-LNDR is proposed for the above problems. Based on the leaf node density ratio, the anomaly score of the instance can be calculated differently for each iTree. The experiments show that EIF-LNDR has significant improvement in precision, false negative rate, and detector efficiency compared with Extended Isolation Forest and LOF methods.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2019 9th International Conference on Communication and Network Security

自引率

0.00%

发文量