This paper uses a correlation dimension based nonlinear analysis approach to analyse the dynamics of network traffics with three different application protocols-HTTP, FTP and SMTP. First, the phase space is reconstruc...This paper uses a correlation dimension based nonlinear analysis approach to analyse the dynamics of network traffics with three different application protocols-HTTP, FTP and SMTP. First, the phase space is reconstructed and the embedding parameters are obtained by the mutual information method. Secondly, the correlation dimensions of three different traffics are calculated and the results of analysis have demonstrated that the dynamics of the three different application protocol traffics is different from each other in nature, i.e. HTTP and FTP traffics are chaotic, furthermore, the former is more complex than the later; on the other hand, SMTP traffic is stochastic. It is shown that correlation dimension approach is an efficient method to understand and to characterize the nonlinear dynamics of HTTP, FTP and SMTP protocol network traffics. This analysis provided insight into and a more accurate understanding of nonlinear dynamics of internet traffics which have a complex mixture of chaotic and stochastic components.展开更多
Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract loc...Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract local and global features, as well as the lack of effective mechanisms to capture complex interactions between features;Additionally, when increasing the receptive field to obtain deeper feature representations, the reliance on increasing network depth leads to a significant increase in computational resource consumption, affecting the efficiency and performance of detection. Based on these issues, firstly, this paper proposes a network traffic anomaly detection model based on parallel dilated convolution and residual learning (Res-PDC). To better explore the interactive relationships between features, the traffic samples are converted into two-dimensional matrix. A module combining parallel dilated convolutions and residual learning (res-pdc) was designed to extract local and global features of traffic at different scales. By utilizing res-pdc modules with different dilation rates, we can effectively capture spatial features at different scales and explore feature dependencies spanning wider regions without increasing computational resources. Secondly, to focus and integrate the information in different feature subspaces, further enhance and extract the interactions among the features, multi-head attention is added to Res-PDC, resulting in the final model: multi-head attention enhanced parallel dilated convolution and residual learning (MHA-Res-PDC) for network traffic anomaly detection. Finally, comparisons with other machine learning and deep learning algorithms are conducted on the NSL-KDD and CIC-IDS-2018 datasets. The experimental results demonstrate that the proposed method in this paper can effectively improve the detection performance.展开更多
Network traffic classification is a crucial research area aimed at improving quality of service,simplifying network management,and enhancing network security.To address the growing complexity of cryptography,researche...Network traffic classification is a crucial research area aimed at improving quality of service,simplifying network management,and enhancing network security.To address the growing complexity of cryptography,researchers have proposed various machine learning and deep learning approaches to tackle this challenge.However,existing mainstream methods face several general issues.On one hand,the widely used Transformer architecture exhibits high computational complexity,which negatively impacts its efficiency.On the other hand,traditional methods are often unreliable in traffic representation,frequently losing important byte information while retaining unnecessary biases.To address these problems,this paper introduces the Swin Transformer architecture into the domain of network traffic classification and proposes the NetST(Network Swin Transformer)model.This model improves the Swin Transformer to better accommodate the characteristics of network traffic,effectively addressing efficiency issues.Furthermore,this paper presents a traffic representation scheme designed to extract meaningful information from large volumes of traffic while minimizing bias.We integrate four datasets relevant to network traffic classification for our experiments,and the results demonstrate that NetST achieves a high accuracy rate while maintaining low memory usage.展开更多
With the rise of encrypted traffic,traditional network analysis methods have become less effective,leading to a shift towards deep learning-based approaches.Among these,multimodal learning-based classification methods...With the rise of encrypted traffic,traditional network analysis methods have become less effective,leading to a shift towards deep learning-based approaches.Among these,multimodal learning-based classification methods have gained attention due to their ability to leverage diverse feature sets from encrypted traffic,improving classification accuracy.However,existing research predominantly relies on late fusion techniques,which hinder the full utilization of deep features within the data.To address this limitation,we propose a novel multimodal encrypted traffic classification model that synchronizes modality fusion with multiscale feature extraction.Specifically,our approach performs real-time fusion of modalities at each stage of feature extraction,enhancing feature representation at each level and preserving inter-level correlations for more effective learning.This continuous fusion strategy improves the model’s ability to detect subtle variations in encrypted traffic,while boosting its robustness and adaptability to evolving network conditions.Experimental results on two real-world encrypted traffic datasets demonstrate that our method achieves a classification accuracy of 98.23% and 97.63%,outperforming existing multimodal learning-based methods.展开更多
The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also e...The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also expands the attack surface,introducing critical security vulnerabilities.To address these challenges,this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection.Specifically,an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering(IVB-NCA-NLKF)method is developed to model nonlinear system dynamics,enabling optimal state estimation in multi-sensor ICPS environments.Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states.Simultaneously,an adaptive network traffic anomaly detection mechanism is introduced,leveraging learned traffic patterns to detect node-and network-level anomalies through pattern matching.Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy(92.14%)with a reduced false alarm rate(0.81%).Moreover,it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations,providing a robust and comprehensive security solution for the safety protection of ICPS.展开更多
With the rapid development of Internet of Things technology,the sharp increase in network devices and their inherent security vulnerabilities present a stark contrast,bringing unprecedented challenges to the field of ...With the rapid development of Internet of Things technology,the sharp increase in network devices and their inherent security vulnerabilities present a stark contrast,bringing unprecedented challenges to the field of network security,especially in identifying malicious attacks.However,due to the uneven distribution of network traffic data,particularly the imbalance between attack traffic and normal traffic,as well as the imbalance between minority class attacks and majority class attacks,traditional machine learning detection algorithms have significant limitations when dealing with sparse network traffic data.To effectively tackle this challenge,we have designed a lightweight intrusion detection model based on diffusion mechanisms,named Diff-IDS,with the core objective of enhancing the model’s efficiency in parsing complex network traffic features,thereby significantly improving its detection speed and training efficiency.The model begins by finely filtering network traffic features and converting them into grayscale images,while also employing image-flipping techniques for data augmentation.Subsequently,these preprocessed images are fed into a diffusion model based on the Unet architecture for training.Once the model is trained,we fix the weights of the Unet network and propose a feature enhancement algorithm based on feature masking to further boost the model’s expressiveness.Finally,we devise an end-to-end lightweight detection strategy to streamline the model,enabling efficient lightweight detection of imbalanced samples.Our method has been subjected to multiple experimental tests on renowned network intrusion detection benchmarks,including CICIDS 2017,KDD 99,and NSL-KDD.The experimental results indicate that Diff-IDS leads in terms of detection accuracy,training efficiency,and lightweight metrics compared to the current state-of-the-art models,demonstrating exceptional detection capabilities and robustness.展开更多
Abstract: With a determinate danger zone and evacuation demand caused by an emergency, an optimization method for the evacuation zone with network reconfiguration based on dynamic simulation is proposed. The method c...Abstract: With a determinate danger zone and evacuation demand caused by an emergency, an optimization method for the evacuation zone with network reconfiguration based on dynamic simulation is proposed. The method contains three modules. First, the network in the evacuation zone is optimized by a model with the integrated strategy of lane reversal and intersection conflict elimination. Secondly, the dynamic evacuation simulation model based on the cell transmission model is applied to simulate the dynamic propagation process of evacuated vehicles in the network in the evacuation zone. The evacuation time for all evacuated vehicles leaving the danger zone is obtained and the setting of the current evacuation zone is fed back. Thirdly, the arrival distributions of evacuated vehicles at critical intersections of the evacuation zone are also obtained to estimate the delay at critical intersection to determine whether the intersection should be taken as the critical intersection in the next iteration. The evacuation zone is expanded gradually through iteration, and the reasonable evacuation zone and the optimal evacuation network is confirmed. Based on the survey of the parking lot and urban street network around Nanjing Olympic Sports Center, the models and the iterative algorithm were applied to obtain the optimal plan of the evacuation zone with network reconfiguration in an evacuation situation to verify the validity of the proposed method.展开更多
Nowadays,web systems and servers are constantly at great risk from cyberattacks.This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory(LSTM)network in c...Nowadays,web systems and servers are constantly at great risk from cyberattacks.This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory(LSTM)network in combination with the ensemble learning technique.First,the binary classification module was used to detect the current abnormal flow.Then,the abnormal flows were fed into the multilayer classification module to identify the specific type of flow.In this research,a deep learning bidirectional LSTM model,in combination with the convolutional neural network and attention technique,was deployed to identify a specific attack.To solve the real-time intrusion-detecting problem,a stacking ensemble-learning model was deployed to detect abnormal intrusion before being transferred to the attack classification module.The class-weight technique was applied to overcome the data imbalance between the attack layers.The results showed that our approach gained good performance and the F1 accuracy on the CICIDS2017 data set reached 99.97%,which is higher than the results obtained in other research.展开更多
In this paper we apply the nonlinear time series analysis method to small-time scale traffic measurement data. The prediction-based method is used to determine the embedding dimension of the traffic data. Based on the...In this paper we apply the nonlinear time series analysis method to small-time scale traffic measurement data. The prediction-based method is used to determine the embedding dimension of the traffic data. Based on the reconstructed phase space, the local support vector machine prediction method is used to predict the traffic measurement data, and the BIC-based neighbouring point selection method is used to choose the number of the nearest neighbouring points for the local support vector machine regression model. The experimental results show that the local support vector machine prediction method whose neighbouring points are optimized can effectively predict the small-time scale traffic measurement data and can reproduce the statistical features of real traffic measurements.展开更多
This paper proposes a method for improving the precision of Network Traffic Prediction based on the Maximum Correntropy Criterion(NTPMCC),where the nonlinear characteristics of network traffic are considered.This meth...This paper proposes a method for improving the precision of Network Traffic Prediction based on the Maximum Correntropy Criterion(NTPMCC),where the nonlinear characteristics of network traffic are considered.This method utilizes the MCC as a new error evaluation criterion or named the cost function(CF)to train neural networks(NN).MCC is based on a new similarity function(Generalized correlation entropy function,Correntropy),which has as its foundation the Parzen window evaluation and Renyi entropy of error probability density function.At the same time,by combining the MCC with the Mean Square Error(MSE),a mixed evaluation criterion with MCC and MSE is proposed as a cost function of NN training.According to the traffic network characteristics including the nonlinear,non-Gaussian,and mutation,the Elman neural network is trained by MCC and MCC-MSE,and then the trained neural network is used as the model for predicting network traffic.The simulation results based on the evaluation by Mean Absolute Error(MAE),MSE,and Sum Squared Error(SSE)show that the accuracy of the prediction based on MCC is superior to the results of the Elman neural network with MSE.The overall performance is improved by about 0.0131.展开更多
In a given district, the accessibility of any point should be the synthetically evaluation of the internal and external accessibilities. Using MapX component and Delphi, the author presents an information system to ca...In a given district, the accessibility of any point should be the synthetically evaluation of the internal and external accessibilities. Using MapX component and Delphi, the author presents an information system to calculate and analyze regional accessibility according to the shortest travel time, generating thus a mark diffusing figure. Based on land traffic network, this paper assesses the present and the future regional accessibilities of sixteen major cities in the Yangtze River Delta. The result shows that the regional accessibility of the Yangtze River Delta presents a fan with Shanghai as its core. The top two most accessible cities are Shanghai and Jiaxing, and the bottom two ones are Taizhou (Zhejiang province) and Nantong With the construction of Sutong Bridge, Hangzhouwan Bridge and Zhoushan Bridge, the regional internal accessibility of all cities will be improved. Especially for Shaoxing, Ningbo and Taizhou (Jiangsu province), the regional internal accessibility will be decreased by one hour, and other cities will be shortened by about 25 minutes averagely. As the construction of Yangkou Harbor in Nantong, the regional external accessibility of the harbor cities in Jiangsu province will be speeded up by about one hour.展开更多
Intrusion detection system ean make effective alarm for illegality of networkusers, which is absolutely necessarily and important to build security environment of communicationbase service According to the principle t...Intrusion detection system ean make effective alarm for illegality of networkusers, which is absolutely necessarily and important to build security environment of communicationbase service According to the principle that the number of network traffic can affect the degree ofself-similar traffic, the paper investigates the variety of self-similarity resulted fromunconventional network traffic. A network traffic model based on normal behaviors of user isproposed and the Hursl parameter of this model can be calculated. By comparing the Hurst parameterof normal traffic and the self-similar parameter, we ean judge whether the network is normal or notand alarm in time.展开更多
Network traffic classification is essential in supporting network measurement and management.Many existing traffic classification approaches provide application-level results regardless of the network quality of servi...Network traffic classification is essential in supporting network measurement and management.Many existing traffic classification approaches provide application-level results regardless of the network quality of service(QoS)requirements.In practice,traffic flows from the same application may have irregular network behaviors that should be identified to various QoS classes for best network resource management.To address the issues,we propose to conduct traffic classification with two newly defined QoSaware features,i.e.,inter-APP similarity and intraAPP diversity.The inter-APP similarity represents the close QoS association between the traffic flows that originate from the different Internet applications.The intra-APP diversity describes the QoS variety of the traffic even among those originated from the same Internet application.The core of performing the QoS-aware feature extraction is a Long-Short Term Memory neural network based Autoencoder(LSTMAE).The QoS-aware features extracted by the encoder part of the LSTM-AE are then clustered into the corresponding QoS classes.Real-life data from multiple applications are collected to evaluate the proposed QoS-aware network traffic classification approach.The evaluation results demonstrate the efficacy of the extracted QoS-aware features in supporting the traffic classification,which can further contribute to future network measurement and management.展开更多
Network traffic identification is critical for maintaining network security and further meeting various demands of network applications.However,network traffic data typically possesses high dimensionality and complexi...Network traffic identification is critical for maintaining network security and further meeting various demands of network applications.However,network traffic data typically possesses high dimensionality and complexity,leading to practical problems in traffic identification data analytics.Since the original Dung Beetle Optimizer(DBO)algorithm,Grey Wolf Optimization(GWO)algorithm,Whale Optimization Algorithm(WOA),and Particle Swarm Optimization(PSO)algorithm have the shortcomings of slow convergence and easily fall into the local optimal solution,an Improved Dung Beetle Optimizer(IDBO)algorithm is proposed for network traffic identification.Firstly,the Sobol sequence is utilized to initialize the dung beetle population,laying the foundation for finding the global optimal solution.Next,an integration of levy flight and golden sine strategy is suggested to give dung beetles a greater probability of exploring unvisited areas,escaping from the local optimal solution,and converging more effectively towards a global optimal solution.Finally,an adaptive weight factor is utilized to enhance the search capabilities of the original DBO algorithm and accelerate convergence.With the improvements above,the proposed IDBO algorithm is then applied to traffic identification data analytics and feature selection,as so to find the optimal subset for K-Nearest Neighbor(KNN)classification.The simulation experiments use the CICIDS2017 dataset to verify the effectiveness of the proposed IDBO algorithm and compare it with the original DBO,GWO,WOA,and PSO algorithms.The experimental results show that,compared with other algorithms,the accuracy and recall are improved by 1.53%and 0.88%in binary classification,and the Distributed Denial of Service(DDoS)class identification is the most effective in multi-classification,with an improvement of 5.80%and 0.33%for accuracy and recall,respectively.Therefore,the proposed IDBO algorithm is effective in increasing the efficiency of traffic identification and solving the problem of the original DBO algorithm that converges slowly and falls into the local optimal solution when dealing with high-dimensional data analytics and feature selection for network traffic identification.展开更多
Attacks on websites and network servers are among the most critical threats in network security.Network behavior identification is one of the most effective ways to identify malicious network intrusions.Analyzing abno...Attacks on websites and network servers are among the most critical threats in network security.Network behavior identification is one of the most effective ways to identify malicious network intrusions.Analyzing abnormal network traffic patterns and traffic classification based on labeled network traffic data are among the most effective approaches for network behavior identification.Traditional methods for network traffic classification utilize algorithms such as Naive Bayes,Decision Tree and XGBoost.However,network traffic classification,which is required for network behavior identification,generally suffers from the problem of low accuracy even with the recently proposed deep learning models.To improve network traffic classification accuracy thus improving network intrusion detection rate,this paper proposes a new network traffic classification model,called ArcMargin,which incorporates metric learning into a convolutional neural network(CNN)to make the CNN model more discriminative.ArcMargin maps network traffic samples from the same category more closely while samples from different categories are mapped as far apart as possible.The metric learning regularization feature is called additive angular margin loss,and it is embedded in the object function of traditional CNN models.The proposed ArcMargin model is validated with three datasets and is compared with several other related algorithms.According to a set of classification indicators,the ArcMargin model is proofed to have better performances in both network traffic classification tasks and open-set tasks.Moreover,in open-set tasks,the ArcMargin model can cluster unknown data classes that do not exist in the previous training dataset.展开更多
With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(...With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.展开更多
The modeling of network traffic is important for the design and application of networks, but little is known as to the characteristics of distribution of packets in network traffic. In this letter the distribution of ...The modeling of network traffic is important for the design and application of networks, but little is known as to the characteristics of distribution of packets in network traffic. In this letter the distribution of packets in network traffic is explored.展开更多
The effects of real-time traffic information system(RTTIS)on traffic performance under parallel,grid and ring networks were investigated.The simulation results show that the effects of the proportion of RTTIS usage de...The effects of real-time traffic information system(RTTIS)on traffic performance under parallel,grid and ring networks were investigated.The simulation results show that the effects of the proportion of RTTIS usage depend on the road network structures.For traffic on a parallel network,the performance of groups with and without RTTIS level is improved when the proportion of vehicles using RTTIS is greater than 0 and less than 30%,and a proportion of RTTIS usage higher than 90%would actually deteriorate the performance.For both grid and ring networks,a higher proportion of RTTIS usage always improves the performance of groups with and without RTTIS.For all three network structures,vehicles without RTTIS benefit from some proportion of RTTIS usage in a system.展开更多
Traffic network is an importance asp ect of researching controllable parameters of an urban spatial morpholo-gy.Based on GIS,traffic network str ucture complexity can be understood by using fractal geometry in which t...Traffic network is an importance asp ect of researching controllable parameters of an urban spatial morpholo-gy.Based on GIS,traffic network str ucture complexity can be understood by using fractal geometry in which th e length-radius dimension describes change of network density,and ramification-radius dimension describes complexity and accessibility of urban network.It i s propitious to analyze urban traffic network and to understand dynamic c hange process of traffic network using expanding f ractal-dimension quantification.Meanwhile the length-radius dimension and ramifica-tion-radius dimension could be rega rd as reference factor of quantitative describing urban traffic network.展开更多
Network traffic prediction models can be grouped into two types, single models and combined ones. Combined models integrate several single models and thus can improve prediction accuracy. Based on wavelet transform, g...Network traffic prediction models can be grouped into two types, single models and combined ones. Combined models integrate several single models and thus can improve prediction accuracy. Based on wavelet transform, grey theory, and chaos theory, this paper proposes a novel combined model, wavelet-grey-chaos (WGC), for network traffic prediction. In the WGC model, we develop a time series decomposition method without the boundary problem by modifying the standard à trous algorithm, decompose the network traffic into two parts, the residual part and the burst part to alleviate the accumulated error problem, and employ the grey model GM(1,1) and chaos model to predict the residual part and the burst part respectively. Simulation results on real network traffic show that the WGC model does improve prediction accuracy.展开更多
基金Project supported in part by the National High Technology Research and Development Program of China (Grant No. 2007AA01Z480)
文摘This paper uses a correlation dimension based nonlinear analysis approach to analyse the dynamics of network traffics with three different application protocols-HTTP, FTP and SMTP. First, the phase space is reconstructed and the embedding parameters are obtained by the mutual information method. Secondly, the correlation dimensions of three different traffics are calculated and the results of analysis have demonstrated that the dynamics of the three different application protocol traffics is different from each other in nature, i.e. HTTP and FTP traffics are chaotic, furthermore, the former is more complex than the later; on the other hand, SMTP traffic is stochastic. It is shown that correlation dimension approach is an efficient method to understand and to characterize the nonlinear dynamics of HTTP, FTP and SMTP protocol network traffics. This analysis provided insight into and a more accurate understanding of nonlinear dynamics of internet traffics which have a complex mixture of chaotic and stochastic components.
基金supported by the Xiamen Science and Technology Subsidy Project(No.2023CXY0318).
文摘Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract local and global features, as well as the lack of effective mechanisms to capture complex interactions between features;Additionally, when increasing the receptive field to obtain deeper feature representations, the reliance on increasing network depth leads to a significant increase in computational resource consumption, affecting the efficiency and performance of detection. Based on these issues, firstly, this paper proposes a network traffic anomaly detection model based on parallel dilated convolution and residual learning (Res-PDC). To better explore the interactive relationships between features, the traffic samples are converted into two-dimensional matrix. A module combining parallel dilated convolutions and residual learning (res-pdc) was designed to extract local and global features of traffic at different scales. By utilizing res-pdc modules with different dilation rates, we can effectively capture spatial features at different scales and explore feature dependencies spanning wider regions without increasing computational resources. Secondly, to focus and integrate the information in different feature subspaces, further enhance and extract the interactions among the features, multi-head attention is added to Res-PDC, resulting in the final model: multi-head attention enhanced parallel dilated convolution and residual learning (MHA-Res-PDC) for network traffic anomaly detection. Finally, comparisons with other machine learning and deep learning algorithms are conducted on the NSL-KDD and CIC-IDS-2018 datasets. The experimental results demonstrate that the proposed method in this paper can effectively improve the detection performance.
基金supported by National Natural Science Foundation of China(62473341)Key Technologies R&D Program of Henan Province(242102211071,252102211086,252102210166).
文摘Network traffic classification is a crucial research area aimed at improving quality of service,simplifying network management,and enhancing network security.To address the growing complexity of cryptography,researchers have proposed various machine learning and deep learning approaches to tackle this challenge.However,existing mainstream methods face several general issues.On one hand,the widely used Transformer architecture exhibits high computational complexity,which negatively impacts its efficiency.On the other hand,traditional methods are often unreliable in traffic representation,frequently losing important byte information while retaining unnecessary biases.To address these problems,this paper introduces the Swin Transformer architecture into the domain of network traffic classification and proposes the NetST(Network Swin Transformer)model.This model improves the Swin Transformer to better accommodate the characteristics of network traffic,effectively addressing efficiency issues.Furthermore,this paper presents a traffic representation scheme designed to extract meaningful information from large volumes of traffic while minimizing bias.We integrate four datasets relevant to network traffic classification for our experiments,and the results demonstrate that NetST achieves a high accuracy rate while maintaining low memory usage.
基金supported by the National Key Research and Development Program of China No.2023YFB2705000.
文摘With the rise of encrypted traffic,traditional network analysis methods have become less effective,leading to a shift towards deep learning-based approaches.Among these,multimodal learning-based classification methods have gained attention due to their ability to leverage diverse feature sets from encrypted traffic,improving classification accuracy.However,existing research predominantly relies on late fusion techniques,which hinder the full utilization of deep features within the data.To address this limitation,we propose a novel multimodal encrypted traffic classification model that synchronizes modality fusion with multiscale feature extraction.Specifically,our approach performs real-time fusion of modalities at each stage of feature extraction,enhancing feature representation at each level and preserving inter-level correlations for more effective learning.This continuous fusion strategy improves the model’s ability to detect subtle variations in encrypted traffic,while boosting its robustness and adaptability to evolving network conditions.Experimental results on two real-world encrypted traffic datasets demonstrate that our method achieves a classification accuracy of 98.23% and 97.63%,outperforming existing multimodal learning-based methods.
基金supported by the National Natural Science Foundation of China(NSFC)under grant No.62371187the Hunan Provincial Natural Science Foundation of China under Grant Nos.2024JJ8309 and 2023JJ50495.
文摘The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also expands the attack surface,introducing critical security vulnerabilities.To address these challenges,this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection.Specifically,an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering(IVB-NCA-NLKF)method is developed to model nonlinear system dynamics,enabling optimal state estimation in multi-sensor ICPS environments.Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states.Simultaneously,an adaptive network traffic anomaly detection mechanism is introduced,leveraging learned traffic patterns to detect node-and network-level anomalies through pattern matching.Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy(92.14%)with a reduced false alarm rate(0.81%).Moreover,it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations,providing a robust and comprehensive security solution for the safety protection of ICPS.
基金supported by the Key Research and Development Program of Hainan Province(Grant Nos.ZDYF2024GXJS014,ZDYF2023GXJS163)the National Natural Science Foundation of China(NSFC)(Grant Nos.62162022,62162024)Collaborative Innovation Project of Hainan University(XTCX2022XXB02).
文摘With the rapid development of Internet of Things technology,the sharp increase in network devices and their inherent security vulnerabilities present a stark contrast,bringing unprecedented challenges to the field of network security,especially in identifying malicious attacks.However,due to the uneven distribution of network traffic data,particularly the imbalance between attack traffic and normal traffic,as well as the imbalance between minority class attacks and majority class attacks,traditional machine learning detection algorithms have significant limitations when dealing with sparse network traffic data.To effectively tackle this challenge,we have designed a lightweight intrusion detection model based on diffusion mechanisms,named Diff-IDS,with the core objective of enhancing the model’s efficiency in parsing complex network traffic features,thereby significantly improving its detection speed and training efficiency.The model begins by finely filtering network traffic features and converting them into grayscale images,while also employing image-flipping techniques for data augmentation.Subsequently,these preprocessed images are fed into a diffusion model based on the Unet architecture for training.Once the model is trained,we fix the weights of the Unet network and propose a feature enhancement algorithm based on feature masking to further boost the model’s expressiveness.Finally,we devise an end-to-end lightweight detection strategy to streamline the model,enabling efficient lightweight detection of imbalanced samples.Our method has been subjected to multiple experimental tests on renowned network intrusion detection benchmarks,including CICIDS 2017,KDD 99,and NSL-KDD.The experimental results indicate that Diff-IDS leads in terms of detection accuracy,training efficiency,and lightweight metrics compared to the current state-of-the-art models,demonstrating exceptional detection capabilities and robustness.
基金The National Natural Science Foundation of China(No.51408190)
文摘Abstract: With a determinate danger zone and evacuation demand caused by an emergency, an optimization method for the evacuation zone with network reconfiguration based on dynamic simulation is proposed. The method contains three modules. First, the network in the evacuation zone is optimized by a model with the integrated strategy of lane reversal and intersection conflict elimination. Secondly, the dynamic evacuation simulation model based on the cell transmission model is applied to simulate the dynamic propagation process of evacuated vehicles in the network in the evacuation zone. The evacuation time for all evacuated vehicles leaving the danger zone is obtained and the setting of the current evacuation zone is fed back. Thirdly, the arrival distributions of evacuated vehicles at critical intersections of the evacuation zone are also obtained to estimate the delay at critical intersection to determine whether the intersection should be taken as the critical intersection in the next iteration. The evacuation zone is expanded gradually through iteration, and the reasonable evacuation zone and the optimal evacuation network is confirmed. Based on the survey of the parking lot and urban street network around Nanjing Olympic Sports Center, the models and the iterative algorithm were applied to obtain the optimal plan of the evacuation zone with network reconfiguration in an evacuation situation to verify the validity of the proposed method.
文摘Nowadays,web systems and servers are constantly at great risk from cyberattacks.This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory(LSTM)network in combination with the ensemble learning technique.First,the binary classification module was used to detect the current abnormal flow.Then,the abnormal flows were fed into the multilayer classification module to identify the specific type of flow.In this research,a deep learning bidirectional LSTM model,in combination with the convolutional neural network and attention technique,was deployed to identify a specific attack.To solve the real-time intrusion-detecting problem,a stacking ensemble-learning model was deployed to detect abnormal intrusion before being transferred to the attack classification module.The class-weight technique was applied to overcome the data imbalance between the attack layers.The results showed that our approach gained good performance and the F1 accuracy on the CICIDS2017 data set reached 99.97%,which is higher than the results obtained in other research.
基金Project supported by the National Natural Science Foundation of China (Grant No 60573065)the Natural Science Foundation of Shandong Province,China (Grant No Y2007G33)the Key Subject Research Foundation of Shandong Province,China(Grant No XTD0708)
文摘In this paper we apply the nonlinear time series analysis method to small-time scale traffic measurement data. The prediction-based method is used to determine the embedding dimension of the traffic data. Based on the reconstructed phase space, the local support vector machine prediction method is used to predict the traffic measurement data, and the BIC-based neighbouring point selection method is used to choose the number of the nearest neighbouring points for the local support vector machine regression model. The experimental results show that the local support vector machine prediction method whose neighbouring points are optimized can effectively predict the small-time scale traffic measurement data and can reproduce the statistical features of real traffic measurements.
基金supported in part by the National Natural Science Foundation of China under Grant No.61071126the National Radio Project under Grants No. 2010ZX03004001, No.2010ZX03004-002, No.2011ZX03002001
文摘This paper proposes a method for improving the precision of Network Traffic Prediction based on the Maximum Correntropy Criterion(NTPMCC),where the nonlinear characteristics of network traffic are considered.This method utilizes the MCC as a new error evaluation criterion or named the cost function(CF)to train neural networks(NN).MCC is based on a new similarity function(Generalized correlation entropy function,Correntropy),which has as its foundation the Parzen window evaluation and Renyi entropy of error probability density function.At the same time,by combining the MCC with the Mean Square Error(MSE),a mixed evaluation criterion with MCC and MSE is proposed as a cost function of NN training.According to the traffic network characteristics including the nonlinear,non-Gaussian,and mutation,the Elman neural network is trained by MCC and MCC-MSE,and then the trained neural network is used as the model for predicting network traffic.The simulation results based on the evaluation by Mean Absolute Error(MAE),MSE,and Sum Squared Error(SSE)show that the accuracy of the prediction based on MCC is superior to the results of the Elman neural network with MSE.The overall performance is improved by about 0.0131.
基金National Natural Science Foundation of China, No.40371044 No.70573053
文摘In a given district, the accessibility of any point should be the synthetically evaluation of the internal and external accessibilities. Using MapX component and Delphi, the author presents an information system to calculate and analyze regional accessibility according to the shortest travel time, generating thus a mark diffusing figure. Based on land traffic network, this paper assesses the present and the future regional accessibilities of sixteen major cities in the Yangtze River Delta. The result shows that the regional accessibility of the Yangtze River Delta presents a fan with Shanghai as its core. The top two most accessible cities are Shanghai and Jiaxing, and the bottom two ones are Taizhou (Zhejiang province) and Nantong With the construction of Sutong Bridge, Hangzhouwan Bridge and Zhoushan Bridge, the regional internal accessibility of all cities will be improved. Especially for Shaoxing, Ningbo and Taizhou (Jiangsu province), the regional internal accessibility will be decreased by one hour, and other cities will be shortened by about 25 minutes averagely. As the construction of Yangkou Harbor in Nantong, the regional external accessibility of the harbor cities in Jiangsu province will be speeded up by about one hour.
文摘Intrusion detection system ean make effective alarm for illegality of networkusers, which is absolutely necessarily and important to build security environment of communicationbase service According to the principle that the number of network traffic can affect the degree ofself-similar traffic, the paper investigates the variety of self-similarity resulted fromunconventional network traffic. A network traffic model based on normal behaviors of user isproposed and the Hursl parameter of this model can be calculated. By comparing the Hurst parameterof normal traffic and the self-similar parameter, we ean judge whether the network is normal or notand alarm in time.
文摘Network traffic classification is essential in supporting network measurement and management.Many existing traffic classification approaches provide application-level results regardless of the network quality of service(QoS)requirements.In practice,traffic flows from the same application may have irregular network behaviors that should be identified to various QoS classes for best network resource management.To address the issues,we propose to conduct traffic classification with two newly defined QoSaware features,i.e.,inter-APP similarity and intraAPP diversity.The inter-APP similarity represents the close QoS association between the traffic flows that originate from the different Internet applications.The intra-APP diversity describes the QoS variety of the traffic even among those originated from the same Internet application.The core of performing the QoS-aware feature extraction is a Long-Short Term Memory neural network based Autoencoder(LSTMAE).The QoS-aware features extracted by the encoder part of the LSTM-AE are then clustered into the corresponding QoS classes.Real-life data from multiple applications are collected to evaluate the proposed QoS-aware network traffic classification approach.The evaluation results demonstrate the efficacy of the extracted QoS-aware features in supporting the traffic classification,which can further contribute to future network measurement and management.
基金supported by the National Natural Science Foundation of China under Grant 61602162the Hubei Provincial Science and Technology Plan Project under Grant 2023BCB041.
文摘Network traffic identification is critical for maintaining network security and further meeting various demands of network applications.However,network traffic data typically possesses high dimensionality and complexity,leading to practical problems in traffic identification data analytics.Since the original Dung Beetle Optimizer(DBO)algorithm,Grey Wolf Optimization(GWO)algorithm,Whale Optimization Algorithm(WOA),and Particle Swarm Optimization(PSO)algorithm have the shortcomings of slow convergence and easily fall into the local optimal solution,an Improved Dung Beetle Optimizer(IDBO)algorithm is proposed for network traffic identification.Firstly,the Sobol sequence is utilized to initialize the dung beetle population,laying the foundation for finding the global optimal solution.Next,an integration of levy flight and golden sine strategy is suggested to give dung beetles a greater probability of exploring unvisited areas,escaping from the local optimal solution,and converging more effectively towards a global optimal solution.Finally,an adaptive weight factor is utilized to enhance the search capabilities of the original DBO algorithm and accelerate convergence.With the improvements above,the proposed IDBO algorithm is then applied to traffic identification data analytics and feature selection,as so to find the optimal subset for K-Nearest Neighbor(KNN)classification.The simulation experiments use the CICIDS2017 dataset to verify the effectiveness of the proposed IDBO algorithm and compare it with the original DBO,GWO,WOA,and PSO algorithms.The experimental results show that,compared with other algorithms,the accuracy and recall are improved by 1.53%and 0.88%in binary classification,and the Distributed Denial of Service(DDoS)class identification is the most effective in multi-classification,with an improvement of 5.80%and 0.33%for accuracy and recall,respectively.Therefore,the proposed IDBO algorithm is effective in increasing the efficiency of traffic identification and solving the problem of the original DBO algorithm that converges slowly and falls into the local optimal solution when dealing with high-dimensional data analytics and feature selection for network traffic identification.
基金This work was supported by the National Natural Science Foundation of China(61871046).
文摘Attacks on websites and network servers are among the most critical threats in network security.Network behavior identification is one of the most effective ways to identify malicious network intrusions.Analyzing abnormal network traffic patterns and traffic classification based on labeled network traffic data are among the most effective approaches for network behavior identification.Traditional methods for network traffic classification utilize algorithms such as Naive Bayes,Decision Tree and XGBoost.However,network traffic classification,which is required for network behavior identification,generally suffers from the problem of low accuracy even with the recently proposed deep learning models.To improve network traffic classification accuracy thus improving network intrusion detection rate,this paper proposes a new network traffic classification model,called ArcMargin,which incorporates metric learning into a convolutional neural network(CNN)to make the CNN model more discriminative.ArcMargin maps network traffic samples from the same category more closely while samples from different categories are mapped as far apart as possible.The metric learning regularization feature is called additive angular margin loss,and it is embedded in the object function of traditional CNN models.The proposed ArcMargin model is validated with three datasets and is compared with several other related algorithms.According to a set of classification indicators,the ArcMargin model is proofed to have better performances in both network traffic classification tasks and open-set tasks.Moreover,in open-set tasks,the ArcMargin model can cluster unknown data classes that do not exist in the previous training dataset.
基金supported by Tianshan Talent Training Project-Xinjiang Science and Technology Innovation Team Program(2023TSYCTD).
文摘With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.
文摘The modeling of network traffic is important for the design and application of networks, but little is known as to the characteristics of distribution of packets in network traffic. In this letter the distribution of packets in network traffic is explored.
文摘The effects of real-time traffic information system(RTTIS)on traffic performance under parallel,grid and ring networks were investigated.The simulation results show that the effects of the proportion of RTTIS usage depend on the road network structures.For traffic on a parallel network,the performance of groups with and without RTTIS level is improved when the proportion of vehicles using RTTIS is greater than 0 and less than 30%,and a proportion of RTTIS usage higher than 90%would actually deteriorate the performance.For both grid and ring networks,a higher proportion of RTTIS usage always improves the performance of groups with and without RTTIS.For all three network structures,vehicles without RTTIS benefit from some proportion of RTTIS usage in a system.
文摘Traffic network is an importance asp ect of researching controllable parameters of an urban spatial morpholo-gy.Based on GIS,traffic network str ucture complexity can be understood by using fractal geometry in which th e length-radius dimension describes change of network density,and ramification-radius dimension describes complexity and accessibility of urban network.It i s propitious to analyze urban traffic network and to understand dynamic c hange process of traffic network using expanding f ractal-dimension quantification.Meanwhile the length-radius dimension and ramifica-tion-radius dimension could be rega rd as reference factor of quantitative describing urban traffic network.
基金Project supported by National Basic Research Program of China (Grant Nos 2009CB320505 and 2009CB320504)National High Technology Research and Development Program of China (Grant Nos 2006AA01Z235, 2007AA01Z206 and 2009AA01Z210)
文摘Network traffic prediction models can be grouped into two types, single models and combined ones. Combined models integrate several single models and thus can improve prediction accuracy. Based on wavelet transform, grey theory, and chaos theory, this paper proposes a novel combined model, wavelet-grey-chaos (WGC), for network traffic prediction. In the WGC model, we develop a time series decomposition method without the boundary problem by modifying the standard à trous algorithm, decompose the network traffic into two parts, the residual part and the burst part to alleviate the accumulated error problem, and employ the grey model GM(1,1) and chaos model to predict the residual part and the burst part respectively. Simulation results on real network traffic show that the WGC model does improve prediction accuracy.