Applied Sciences (May 2022)

One-Class LSTM Network for Anomalous Network Traffic Detection

  • Yanmiao Li,
  • Yingying Xu,
  • Yankun Cao,
  • Jiangang Hou,
  • Chun Wang,
  • Wei Guo,
  • Xin Li,
  • Yang Xin,
  • Zhi Liu,
  • Lizhen Cui

DOI
https://doi.org/10.3390/app12105051
Journal volume & issue
Vol. 12, no. 10
p. 5051

Abstract

Read online

Artificial intelligence-assisted security is an important field of research in relation to information security. One of the most important tasks is to distinguish between normal and abnormal network traffic (such as malicious or sudden traffic). Traffic data are usually extremely unbalanced, and this seriously hinders the detection of outliers. Therefore, the identification of outliers in unbalanced datasets has become a key issue. To help solve this challenge, there is increasing interest in focusing on one-class classification methods that train models based on the samples of a single given class. In this paper, long short-term memory (LSTM) is introduced into one-class classification, and one-class LSTM (OC-LSTM) is proposed based on the traditional one-class support vector machine (OC-SVM). In contrast with other hybrid deep learning methods based on auto-encoders, the proposed method is an end-to-end training network that uses a loss function such as the OC-SVM optimization objective for model training. A comprehensive experiment on three large complex network traffic datasets showed that this method is superior to the traditional shallow method and the most advanced deep method. Furthermore, the proposed method can provide an effective reference for anomaly detection research in the field of network security, especially for the application of one-class classification.

Keywords