Abstract
In order to study the application of deep learning in the design of network traffic anomaly detection device, aiming at two common problems in the field of network anomaly detection: characteristic dependence and high false positive rate, the convolutional neural network (CNN) is combined with recurrent neural network (RNN) to propose the network anomaly detection method based on hierarchical spatiotemporal feature learning (HAST-NAD) based on deep learning. It automatically learns the traffic characteristics and improves the network traffic anomaly detection efficiency. First, the CNN is used to learn the spatial feature algorithm of data, and long-short term memory of RNN is used to learn the temporal feature algorithm of data. Then the two original data sets DARPA1998 and ISCX2012 are preprocessed. The accuracy, detection rate, and false positive rate of normal traffic and Dos, Probe, U2R, and R2L attack traffic are compared in DARPA1998 data set. The accuracy, detection rate, and false positive rate of normal traffic and Brute force SSH, DDoS, HttpDoS, and buffering attack traffic are compared in ISCX2012 data set. Finally, it is compared with other network traffic anomaly detection methods. The results show that when the network flow length is 800, the model shows good performance on the DARPA1998 data set (accuracy, detection rate and false positive rate are 98.68%, 97.78%, and 0.07%, respectively). When the network flow length is 600, the model performs better on the ISCX2012 dataset (accuracy, detection rate and false positive rate are 99.69%, 96.91%, and 0.22%, respectively). At the same time, when the packet length is 100 and the number of packets is 6, the model shows high precision, high detection rate, and low false positive rate on ISCX2012 data set. In the same data set, the temporal feature algorithm has better performance and lower false positive rate than the spatial feature algorithm. Compared with other network traffic anomaly detection methods, HAST-NAD has better comprehensive test results. In conclusion, the combination of CNN and RNN can better realize abnormal detection of network traffic, which has practical application and theoretical value.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Abadía-Barrero CE (2018) Kangaroo mother care in Colombia: a subaltern health innovation against for-profit biomedicine. Med Anthropol Q 32(3):384–403
Ait-Kaddour A, Loudiyi M, Ferlay A, Gruffat D (2018) Performance of fluorescence spectroscopy for beef meat authentication: effect of excitation mode and discriminant algorithms. Meat Sci 137:58–66
Al Tobi AM, Duncan I (2018) KDD 1999 generation faults: a review and analysis. J Cyber Secur Technol 2(3–4):164–200
Banerjee I, Ling Y, Chen MC et al (2019) Comparative effectiveness of convolutional neural network (CNN) and recurrent neural network (RNN) architectures for radiology text report classification. Artif Intell Med 97:79–88
Bang JH, Cho YJ, Kang K (2017) Anomaly detection of network-initiated LTE signaling traffic in wireless sensor and actuator networks based on a hidden semi-Markov model. Comput Secur 65:108–120
Caliskan A, Yuksel ME, Badem H, Basturk A (2018) Performance improvement of deep neural network classifiers by a simple training strategy. Eng Appl Artif Intell 67:14–23
Choi E, Kim J (2020) Deep learning based defect inspection using the intersection over minimum between search and abnormal regions. Int J Precis Eng Manuf 21:747–758
Chouhan N, Khan A (2019) Network anomaly detection using channel boosted and residual learning based deep convolutional neural network. Appl Soft Comput 83:105612
Cong L, Longhua M, Feng L (2017) Multi-timescale gated neural network for video recognition. Rec Pat Comput Sci 10(1):96–103
Dwivedi S, Vardhan M, Tripathi S, Shukla AK (2020) Implementation of adaptive scheme in evolutionary technique for anomaly-based intrusion detection. Evol Intell 13(1):103–117
Faris H, Hassonah MA, Ala’M AZ, Mirjalili S, Aljarah I (2018) A multi-verse optimizer approach for feature selection and optimizing SVM parameters based on a robust system architecture. Neural Comput Appl 30(8):2355–2369
Fengming Z, Shufang L, Zhimin G, Bo W, Shiming T, Mingming P (2017) Anomaly detection in smart grid based on encoder–decoder framework with recurrent neural network. J China Univ Posts Telecommun 24(6):67–73
Guo C, Lu J, Tian Z, Guo W, Darvishan A (2019) Optimization of critical parameters of PEM fuel cell using TLBO-DE based on Elman neural network. Energy Convers Manag 183:149–158
Hawas AR, El-Khobby HA, Abd-Elnaby M, Abd El-Samie FE (2019) Gait identification by convolutional neural networks and optical flow. Multimed Tools Appl 78(18):25873–25888
Iakovidis DK, Georgakopoulos SV, Vasilakakis M et al (2018) Detecting and locating gastrointestinal anomalies using deep learning and iterative cluster unification. IEEE Trans Med Imaging 37(10):2196–2210
Kanarachos S, Christopoulos SRG, Chroneos A, Fitzpatrick ME (2017) Detecting anomalies in time series data via a deep learning algorithm combining wavelets, neural networks and Hilbert transform. Expert Syst Appl 85:292–304
Kasai H, Kellerer W, Kleinsteuber M (2016) Network volume anomaly detection and identification in large-scale networks based on online time-structured traffic tensor tracking. IEEE Trans Netw Serv Manag 13(3):636–650
Kim J, Sim A, Tierney B et al (2019) Multivariate network traffic analysis using clustered patterns. Computing 101(4):339–361
Kiran BR, Thomas DM, Parakkal R (2018) An overview of deep learning based methods for unsupervised and semi-supervised anomaly detection in videos. J Imaging 4(2):36
Kwon S, Yoo H, Shon T (2020) IEEE 1815.1-based power system security with bidirectional RNN-based network anomalous attack detection for cyber-physical system. IEEE Access 8:77572–77586
Li YF, Cao H (2018) Prediction for tourism flow based on lstm neural network. Procedia Comput Sci 129:277–283
Li N, Wang L, Li X et al (2020a) An effective deep learning neural network model for short-term load forecasting. Concurr Comput Pract Exp 32(7):e5595
Li N, He F, Ma W et al (2020b) Wind power prediction of kernel extreme learning machine based on differential evolution algorithm and cross validation algorithm. IEEE Access 8:68874–68882
Li J, Wu W, Xue D (2020c) An intrusion detection method based on active transfer learning. Intell Data Anal 24(2):363–383
Lv Z, Li X, Lv H, Xiu W (2019) BIM data storage in WebVRGIS. IEEE Trans Ind Inform 16(4):2566–2573
Maimó LF, Gómez ÁLP, Clemente FJG et al (2018) A self-adaptive deep learning-based system for anomaly detection in 5G networks. IEEE Access 6:7700–7712
Mary Gladence L, Vasantha Kumar R, Thanveer Hussain N (2016) Location based queries using privacy-preserving and content-protecting. Int J Pharm Technol 8(2):12690–12696
Mary Gladence L, Vakula CK, Selvan MP, Samhita TYS (2019) A research on application of human–robot interaction using artifical intelligence. Int J Innov Technol Explor Eng 8(9S2):2278–3075
Price-Williams M, Heard N, Rubin-Delanchy P (2019) Detecting weak dependence in computer network traffic patterns by using higher criticism. J R Stat Soc Ser C (Appl Stat) 68(3):641–655
Rodríguez P, Bautista MA, Gonzalez J, Escalera S (2018) Beyond one-hot encoding: lower dimensional target embedding. Image Vis Comput 75:21–31
Salman AD, Khalaf OI, Abdulsahib GM (2019) An adaptive intelligent alarm system for wireless sensor network. Indones J Electr Eng Comput Sci 15(1):142–147
Shen C, Min C, Wang C (2019a) Analyzing the trend of O2O commerce by bilingual text mining on social media. Comput Hum Behav 101:474–483. https://doi.org/10.1016/j.chb.2018.09.031
Shen C, Luong T, Ho J, Djailani I (2019b) Social media marketing of IT service companies: analysis using a concept-linking mining approach. Ind Mark Manag. https://doi.org/10.1016/j.indmarman.2019.11.014
Silva BN, Khan M, Han K (2018) Towards sustainable smart cities: a review of trends, architectures, components, and open challenges in smart cities. Sustain Cities Soc 38:697–713
Tang F, Mao B, Fadlullah ZM et al (2017) On removing routing protocol from future wireless networks: a real-time deep learning approach for intelligent traffic control. IEEE Wirel Commun 25(1):154–160
Tian Y, Zhang K, Li J, Lin X, Yang B (2018) LSTM-based traffic flow prediction with missing data. Neurocomputing 318(NOV. 27):297–305
Wehrmann J, Simões GS, Barros RC, Cavalcante VF (2018) Adult content detection in videos with convolutional and recurrent neural networks. Neurocomputing 272:432–438
Yang HQ, Zhang L, Li DQ (2018) Efficient method for probabilistic estimation of spatially varied hydraulic properties in a soil slope based on field responses: a Bayesian approach. Comput Geotech 102:262–272
Yang HQ, Zhang L, Xue J, Zhang J, Li X (2019) Unsaturated soil slope characterization with Karhunen–Loève and polynomial chaos via Bayesian approach. Eng Comput 35(1):337–350
Yao H, Li C, Sun P (2020) Using parametric t-distributed stochastic neighbor embedding combined with hierarchical neural network for network intrusion detectione. Int J Netw Secur 22(2):265–274
Yin X, Chen X, Chen L et al (2018) Research of security as a service for VMs in IaaS platform. IEEE Access 6:29158–29172
Zeng Y, Gu H, Wei W, Guo Y (2019) Deep-Full-Range: a deep learning based network encrypted traffic classification and intrusion detection framework. IEEE Access 7:45182–45190
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
All authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Informed consent
Informed consent was obtained from all individual participants included in the study.
Additional information
Communicated by V. Loia.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Wei, G., Wang, Z. Adoption and realization of deep learning in network traffic anomaly detection device design. Soft Comput 25, 1147–1158 (2021). https://doi.org/10.1007/s00500-020-05210-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-020-05210-1