Jisuanji kexue (Mar 2023)
Semi-supervised Network Traffic Anomaly Detection Method Based on GRU
Abstract
Intrusion detection system(IDS) is a detection system that can issue an alarm when a network attack occurs.Detecting unknown attacks in the network is a challenge that IDS faces.Deep learning technology plays an important role in network traffic anomaly detection,but most of the existing methods have a high false positive rate and most of the models are trained using supervised learning methods.A gated recurrent unit network(GRU)-based semi-supervised network traffic anomaly detection me-thod(SEMI-GRU) is proposed,which combines a multi-layer bidirectional gated recurrent unit neural network(MLB-GRU) and an improved feedforward neural network(FNN).Data oversampling technology and semi-supervised learning training method are used to test the effect of network traffic anomaly detection using binary classification and multi-classification methods,and NSL-KDD,UNSW-NB15 and CIC-Bell-DNS-EXF-2021 datasets are used for verification.Compared with classic machine learning mo-dels and deep learning models such as DNN and ANN,the SEMI-GRU method outperforms the machines lear-ning and deep learning methods listed in this paper in terms of accuracy,precision,recall,false positives,and F1 scores.In the NSL-KDD binary and multi-class tasks,SEMI-GRU outperforms other methods on the F1 score metric,which is 93.08% and 82.15%,respectively.In the UNSW-NB15 binary and multi-class tasks,SEMI-GRU outperforms the other methods on the F1 score,which is 88.13% and 75.24%,respectively.In the CIC-Bell-DNS-EXF-2021 light file attack dataset binary classification task,all test data are classified correctly.
Keywords
