Abstract
In the current large-scale and complex network environment, the types of networks are gradually diversified and the scale is constantly expanding. The network traffic has increased dramatically, and has the characteristics of the high-dimensional multivariable structure, which makes network traffic anomaly detection more and more difficult. Therefore, the paper proposes an improved parallel network traffic anomaly detection method based on Bagging and GRU (PB-GRU). This method uses GRU deep neural network to perform efficient hierarchical feature representation and learn the time-dependent characteristics of network traffic data to achieve more accurate detection. Then use Spark technology to process the training and testing of GRU detector in parallel to improve the overall performance. In order to reduce the individual differences between parallel detectors and improve the generalization error, and Bagging algorithm is used to improve the training process of GRU detector, so that the combined GRU detector has better detection performance. Experimental results show that the proposed method achieves a detection accuracy of 99.6\(\%\), and the error rate is only 0.0036\(\%\). In addition, after parallel processing with Spark, the overall efficiency and scalability have been improved.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
He, Z., Cai, Z., Yu, J.: Latent-data privacy preserving with customized data utility for social network data. IEEE Trans. Vehic. Technol. 67(1), 665–673 (2018)
Yu, L., Shen, H.Y., Karan, S., Ye, L., Cai, Z.P.: CoRE: cooperative end-to-end traffic redundancy elimination for reducing cloud bandwidth cost. IEEE Trans. Parallel Distrib. Syst. 28(2), 446–461 (2017). https://doi.org/10.1109/TPDS.2016.2578928
Lakhina, A., Papagiannaki, K., Crovella, M., et al.: Structural analysis of network traffic flows. ACM SIGMETRICS 32(1), 61–72 (2004)
Holme, P.: Efficient local strategies for vaccination and network attack. EPL 68(6), 908–914 (2004)
Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: ACM Symposium on Applied Computing, SAC 2003, Melbourne, pp. 346–350. ACM (2003). https://doi.org/10.1145/952532.952601
Gu, Y., McCallum, A., Towsley, D.: Detecting anomalies in network traffic using maximum entropy estimation. In: 5th ACM SIGCOMM Conference on Internet Measurement, IMC 2005, p. 32. USENIX Association, Berkeley (2005). https://doi.org/10.1145/1330107.1330148
Zaidi, Z.R., Hakami, S., Moors, T., et al.: Detection and identification of anomalies in wireless mesh networks using Principal Component Analysis (PCA). J. Interconnect. Netw. 10(04), 517–534 (2009)
Song, R.N., Liu, F.: Real-time anomaly traffic monitoring based on dynamic k-NN cumulative-distance abnormal detection algorithm. In: 3rd International Conference on Cloud Computing and Intelligence Systems, CCIS 2014, Shenzhen, pp. 187–192. IEEE (2014). https://doi.org/10.1109/CCIS.2014.7175727
Huang, C.T., Thareja, S., Shin, Y.J.: Wavelet-based real time detection of network traffic anomalies. Int. J. Netw. Secur. 6(3), 309–320 (2008)
Han, J., Zhang, J.Z.: Network traffic anomaly detection using weighted self-similarity based on EMD. In: Proceedings of IEEE Southeastcon 2013, SECON, Jacksonville, pp. 1–5. IEEE (2013). https://doi.org/10.1109/SECON.2013.6567395
Ye, X.L., Lan, J.L., Huang, W.W.: Network traffic anomaly detection based on self-similarity using FRFT. In: 4th International Conference on Software Engineering and Service Science, ICSESS 2013, Beijing, pp. 837–840. IEEE (2013). https://doi.org/10.1109/ICSESS.2013.6615435
Pukkawanna, S., Hazeyama, H., Kadobayashi, Y., et al.: Detecting anomalies in massive traffic with sketches. In: Proceedings of the Ninth International Conference on Future Internet Technologies, CFI 2014, p. 14. ACM, New York (2014). https://doi.org/10.1145/2619287.2619301
Chen, Z., Yeo, C.K., Lee, B.S., et al.: Detection of network anomalies using Improved-MSPCA with sketches. Comput. Secur. 65, 314–328 (2017)
Chen, Z., Yeo, C.K., Lee, B.S., et al.: A novel anomaly detection system using feature-based MSPCA with sketch. In: Wireless and Optical Communication Conference, WOCC 2017, Newark, pp. 1–6. IEEE (2017). https://doi.org/10.1109/WOCC.2017.7928975
Huang, S., Huang, Y.: Network traffic anomaly detection based on growing hierarchical SOM. In: 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013, Budapest, pp. 1–2. IEEE (2013). https://doi.org/10.1109/DSN.2013.6575338
Kim, T.Y., Cho, S.B.: Web traffic anomaly detection using C-LSTM neural networks. Expert Syst. Appl. 106, 66–76 (2018)
Lu, X.L., Liu, P.J., Lin, J.Y.: Network traffic anomaly detection based on information gain and deep learning. In: 3rd International Conference on Information System and Data Mining, ICISDM 2019, pp. 11–15. ACM, New York (2019). https://doi.org/10.1145/3325917.3325946
Cho, K., Van Merrënboer, B., Gulcehre, C., et al.: Learning phrase representations using RNN encoder-decoder for statistical machine translation. Comput. Lang. 1724–1734 (2014). arXiv
Cho, K., Van Merriënboer, B., Bahdanau, D., et al.: On the properties of neural machine translation: encoder-decoder approaches. Comput. Lang. 103–111 (2014). arXiv
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference, MilCIS 2015, Canberra, pp. 1–6. IEEE (2015). https://doi.org/10.1109/MilCIS.2015.7348942
Moustafa, N., Slay, J.: The evaluation of Network Anomaly Detection Systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Global Perspect. 25(1), 18–31 (2016)
Vinayakumar, R., Soman, K.P., Poornachandran, P.: Evaluation of recurrent neural network and its variants for Intrusion Detection System (IDS). Int. J. Inf. Syst. Model. Des. 8(3), 43–63 (2017)
Benmessahel, I., Xie, K., Chellal, M.: A new evolutionary neural networks based on intrusion detection systems using multiverse optimization. Appl. Intell. 48(8), 2315–2327 (2017). https://doi.org/10.1007/s10489-017-1085-y
Acknowledgements
This work was supported by the National Natural Science Foundation of China (No. 61962015), the Natural Science Foundation of Guangxi (No. 2016GXNSFAA380098) and the Science and Technology Program of Guangxi (No. AB17195045).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Tao, X., Peng, Y., Zhao, F., Wang, S., Liu, Z. (2020). An Improved Parallel Network Traffic Anomaly Detection Method Based on Bagging and GRU. In: Yu, D., Dressler, F., Yu, J. (eds) Wireless Algorithms, Systems, and Applications. WASA 2020. Lecture Notes in Computer Science(), vol 12384. Springer, Cham. https://doi.org/10.1007/978-3-030-59016-1_35
Download citation
DOI: https://doi.org/10.1007/978-3-030-59016-1_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-59015-4
Online ISBN: 978-3-030-59016-1
eBook Packages: Computer ScienceComputer Science (R0)