Skip to main content
SpringerLink
Log in

An Improved Parallel Network Traffic Anomaly Detection Method Based on Bagging and GRU

  • Conference paper
  • First Online:
Book cover Wireless Algorithms, Systems, and Applications (WASA 2020)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12384))

Abstract

In the current large-scale and complex network environment, the types of networks are gradually diversified and the scale is constantly expanding. The network traffic has increased dramatically, and has the characteristics of the high-dimensional multivariable structure, which makes network traffic anomaly detection more and more difficult. Therefore, the paper proposes an improved parallel network traffic anomaly detection method based on Bagging and GRU (PB-GRU). This method uses GRU deep neural network to perform efficient hierarchical feature representation and learn the time-dependent characteristics of network traffic data to achieve more accurate detection. Then use Spark technology to process the training and testing of GRU detector in parallel to improve the overall performance. In order to reduce the individual differences between parallel detectors and improve the generalization error, and Bagging algorithm is used to improve the training process of GRU detector, so that the combined GRU detector has better detection performance. Experimental results show that the proposed method achieves a detection accuracy of 99.6\(\%\), and the error rate is only 0.0036\(\%\). In addition, after parallel processing with Spark, the overall efficiency and scalability have been improved.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. He, Z., Cai, Z., Yu, J.: Latent-data privacy preserving with customized data utility for social network data. IEEE Trans. Vehic. Technol. 67(1), 665–673 (2018)

    Article  Google Scholar 

  2. Yu, L., Shen, H.Y., Karan, S., Ye, L., Cai, Z.P.: CoRE: cooperative end-to-end traffic redundancy elimination for reducing cloud bandwidth cost. IEEE Trans. Parallel Distrib. Syst. 28(2), 446–461 (2017). https://doi.org/10.1109/TPDS.2016.2578928

    Article  Google Scholar 

  3. Lakhina, A., Papagiannaki, K., Crovella, M., et al.: Structural analysis of network traffic flows. ACM SIGMETRICS 32(1), 61–72 (2004)

    Article  Google Scholar 

  4. Holme, P.: Efficient local strategies for vaccination and network attack. EPL 68(6), 908–914 (2004)

    Article  Google Scholar 

  5. Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: ACM Symposium on Applied Computing, SAC 2003, Melbourne, pp. 346–350. ACM (2003). https://doi.org/10.1145/952532.952601

  6. Gu, Y., McCallum, A., Towsley, D.: Detecting anomalies in network traffic using maximum entropy estimation. In: 5th ACM SIGCOMM Conference on Internet Measurement, IMC 2005, p. 32. USENIX Association, Berkeley (2005). https://doi.org/10.1145/1330107.1330148

  7. Zaidi, Z.R., Hakami, S., Moors, T., et al.: Detection and identification of anomalies in wireless mesh networks using Principal Component Analysis (PCA). J. Interconnect. Netw. 10(04), 517–534 (2009)

    Article  Google Scholar 

  8. Song, R.N., Liu, F.: Real-time anomaly traffic monitoring based on dynamic k-NN cumulative-distance abnormal detection algorithm. In: 3rd International Conference on Cloud Computing and Intelligence Systems, CCIS 2014, Shenzhen, pp. 187–192. IEEE (2014). https://doi.org/10.1109/CCIS.2014.7175727

  9. Huang, C.T., Thareja, S., Shin, Y.J.: Wavelet-based real time detection of network traffic anomalies. Int. J. Netw. Secur. 6(3), 309–320 (2008)

    Google Scholar 

  10. Han, J., Zhang, J.Z.: Network traffic anomaly detection using weighted self-similarity based on EMD. In: Proceedings of IEEE Southeastcon 2013, SECON, Jacksonville, pp. 1–5. IEEE (2013). https://doi.org/10.1109/SECON.2013.6567395

  11. Ye, X.L., Lan, J.L., Huang, W.W.: Network traffic anomaly detection based on self-similarity using FRFT. In: 4th International Conference on Software Engineering and Service Science, ICSESS 2013, Beijing, pp. 837–840. IEEE (2013). https://doi.org/10.1109/ICSESS.2013.6615435

  12. Pukkawanna, S., Hazeyama, H., Kadobayashi, Y., et al.: Detecting anomalies in massive traffic with sketches. In: Proceedings of the Ninth International Conference on Future Internet Technologies, CFI 2014, p. 14. ACM, New York (2014). https://doi.org/10.1145/2619287.2619301

  13. Chen, Z., Yeo, C.K., Lee, B.S., et al.: Detection of network anomalies using Improved-MSPCA with sketches. Comput. Secur. 65, 314–328 (2017)

    Article  Google Scholar 

  14. Chen, Z., Yeo, C.K., Lee, B.S., et al.: A novel anomaly detection system using feature-based MSPCA with sketch. In: Wireless and Optical Communication Conference, WOCC 2017, Newark, pp. 1–6. IEEE (2017). https://doi.org/10.1109/WOCC.2017.7928975

  15. Huang, S., Huang, Y.: Network traffic anomaly detection based on growing hierarchical SOM. In: 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013, Budapest, pp. 1–2. IEEE (2013). https://doi.org/10.1109/DSN.2013.6575338

  16. Kim, T.Y., Cho, S.B.: Web traffic anomaly detection using C-LSTM neural networks. Expert Syst. Appl. 106, 66–76 (2018)

    Article  Google Scholar 

  17. Lu, X.L., Liu, P.J., Lin, J.Y.: Network traffic anomaly detection based on information gain and deep learning. In: 3rd International Conference on Information System and Data Mining, ICISDM 2019, pp. 11–15. ACM, New York (2019). https://doi.org/10.1145/3325917.3325946

  18. Cho, K., Van Merrënboer, B., Gulcehre, C., et al.: Learning phrase representations using RNN encoder-decoder for statistical machine translation. Comput. Lang. 1724–1734 (2014). arXiv

    Google Scholar 

  19. Cho, K., Van Merriënboer, B., Bahdanau, D., et al.: On the properties of neural machine translation: encoder-decoder approaches. Comput. Lang. 103–111 (2014). arXiv

    Google Scholar 

  20. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference, MilCIS 2015, Canberra, pp. 1–6. IEEE (2015). https://doi.org/10.1109/MilCIS.2015.7348942

  21. Moustafa, N., Slay, J.: The evaluation of Network Anomaly Detection Systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Global Perspect. 25(1), 18–31 (2016)

    Article  Google Scholar 

  22. Vinayakumar, R., Soman, K.P., Poornachandran, P.: Evaluation of recurrent neural network and its variants for Intrusion Detection System (IDS). Int. J. Inf. Syst. Model. Des. 8(3), 43–63 (2017)

    Article  Google Scholar 

  23. Benmessahel, I., Xie, K., Chellal, M.: A new evolutionary neural networks based on intrusion detection systems using multiverse optimization. Appl. Intell. 48(8), 2315–2327 (2017). https://doi.org/10.1007/s10489-017-1085-y

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported by the National Natural Science Foundation of China (No. 61962015), the Natural Science Foundation of Guangxi (No. 2016GXNSFAA380098) and the Science and Technology Program of Guangxi (No. AB17195045).

Author information

Authors and Affiliations

  1. Guangxi Colleges and Universities Key Laboratory of Cloud Computing and Complex Systems, Guilin University of Electronic Technology, Guilin, China

    Xiaoling Tao, Yang Peng, Feng Zhao, SuFang Wang & Ziyi Liu

  2. Guangxi Cooperative Innovation Center of Cloud Computing and Big Data, Guilin University of Electronic Technology, Guilin, China

    Xiaoling Tao

  3. State Key Laboratory of Integrated Service Networks (ISN), Xidian University, Xi’an, China

    Xiaoling Tao

Authors
  1. Xiaoling Tao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yang Peng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Feng Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. SuFang Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ziyi Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yang Peng .

Editor information

Editors and Affiliations

  1. Shandong University, Qingdao, China

    Dongxiao Yu

  2. TU Berlin, Berlin, Germany

    Falko Dressler

  3. Qilu University of Technology, Jinan, China

    Jiguo Yu

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tao, X., Peng, Y., Zhao, F., Wang, S., Liu, Z. (2020). An Improved Parallel Network Traffic Anomaly Detection Method Based on Bagging and GRU. In: Yu, D., Dressler, F., Yu, J. (eds) Wireless Algorithms, Systems, and Applications. WASA 2020. Lecture Notes in Computer Science(), vol 12384. Springer, Cham. https://doi.org/10.1007/978-3-030-59016-1_35

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-59016-1_35

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-59015-4

  • Online ISBN: 978-3-030-59016-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation