Abstract
At present, concealed attacks such as exploit, generics, SQL injection and APT are becoming more and more serious, and shallow machine learning is no longer a good way to detect these hidden forms of attack. In this paper, an intrusion detection model based on principal component analysis optimization for Long Short Term Memory Networks is designed. The main principle is to remove the noise information in the sample data through principal component analysis, and utilize the memory function of Long Short Term Memory Networks and the powerful sequence data learning ability. The key issues of abnormal behavior detection combined with principal component analysis and Long Short-Term Memory Networks are studied in detail, including model structure, processing flow, hyperparameter analysis in LSTM and data preprocessing.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Rass, S., Zhu, Q.: GADAPT: a sequential game-theoretic framework for designing defense-in-depth strategies against advanced persistent threats. In: International Conference on Decision and Game Theory for Security, pp. 314–326. Springer International Publishing (2016)
http://www.cert.org.cn/publish/main/46/2018/20180802135136854322283/20180802135136854322283_.html
Qin, S., Jiang, J., Ma, H., et al.: Research on intrusion detection techniques: a survey. J. Commun. 25(7), 19–29 (2004)
Lee, W., Stolfo, S.J., Mok, K.W.: A data mining framework for building intrusion detection models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344), pp. 120–132, Oakland, CA, USA (1999)
Yu, F.U., Hongcheng, L.I., Xiaoping, W.U., et al.: Detecting APT attacks: a survey from the perspective of big data analysis. J. Commun. 36(11), 1–14 (2015)
Owezarski, P., Mazel, J., Labit, Y.: 0day anomaly detection made possible thanks to machine learning. In: Wired/Wireless Internet Communications. Springer, Berlin, Heidelberg (2010)
Schmidhuber, J.: Deep learning in neural networks: an overview. Neural Netw. 61, 85–117 (2015)
Zhijun, S.U.N., Lei, X.U.E., Yangming, X.U., et al.: Overview of deep learning. Appl. Res. Comput. 29(8), 2806–2810 (2012)
Wang, W.: Deep Learning for Network Traffic Classification and Anomaly Detection. University of Science and Technology of China, Hefei (2018)
Wang, W., Zhu, M., Zeng, X., et al.: Malware traffic classification using convolutional neural network for representation learning. In: International Conference on Information Networking. IEEE (2017)
Pektaş, A., Acarman T.: A deep learning method to detect network intrusion through flow-based features. Int. J. Netw. Manage. (2018)
Kim, J., Kim, J., Thu, H.L.T., et al.: Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 International Conference on Platform Technology and Service (PlatCon). IEEE (2016)
Tao, M., Fen, W., Jianjun, C., et al.: A hybrid spectral clustering and deep neural network ensemble algorithm for intrusion detection in sensor networks. Sensors 16(10), 1701 (2016)
YE, X., LAN, J., GUO, T.: Algorithm of network traffic feature selection based on PCA and tabu search. Comput. Sci. 41(1), 187–191 (2014)
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
Aditya, R., Fabio, D.T., Mark, S.: Hidden Markov models with random restarts versus boosting for malware detection. J. Comput. Virol. Hacking Tech. (2018)
Greff, K., Srivastava, R.K., Koutník, J., et al.: LSTM: a search space odyssey. IEEE Transac. Neural Netw. Learn. Syst. 28(10), 2222–2232 (2015)
DAPPA.KDD Cup99 dataset.[EB/OL]. [2019-03-10]. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
UNSW-NB15. [EB/OL]. [2019-03-10]. http://www.cybersecurity.unsw.adfa.edu.au/ADFA%20NB15%20Datasets/
Xinming, T.A.O., Furong, L.I.U., Baoxiang, D.U.: Unbalanced Data SVM Classification Algorithm and its Application, pp. 43–45. Heilongjiang Science and Technology Press, Harbin (2011)
Acknowledgements
This work is supported by National Cryptography Development Fund of China Under Grants No. MMJJ20170112, National Natural Science Foundation of China (Grant Nos. 61772550, U1636114, 61572521), The Key National Key Research and Development Program of China Under Grants No. 2017YFB0802000, Natural Science Basic Research Plan in Shaanxi Province of china (Grant Nos.2018JM6028). This work is also supported by Innovation Team Research Fund No. KYTD201805 of Engineering University of People’s Armed Police Force.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Gao, Zs., Su, Y., Ding, Y., Liu, Yd., Wang, Xa., Shen, Jw. (2020). Key Technologies of Anomaly Detection Using PCA-LSTM. In: Barolli, L., Xhafa, F., Hussain, O. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing . IMIS 2019. Advances in Intelligent Systems and Computing, vol 994. Springer, Cham. https://doi.org/10.1007/978-3-030-22263-5_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-22263-5_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-22262-8
Online ISBN: 978-3-030-22263-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)