Nowadays,abnormal traffic detection for Software-Defined Networking(SDN)faces the challenges of large data volume and high dimensionality.Since traditional machine learning-based detection methods have the problem of ...Nowadays,abnormal traffic detection for Software-Defined Networking(SDN)faces the challenges of large data volume and high dimensionality.Since traditional machine learning-based detection methods have the problem of data redundancy,the Metaheuristic Algorithm(MA)is introduced to select features beforemachine learning to reduce the dimensionality of data.Since a Tyrannosaurus Optimization Algorithm(TROA)has the advantages of few parameters,simple implementation,and fast convergence,and it shows better results in feature selection,TROA can be applied to abnormal traffic detection for SDN.However,TROA suffers frominsufficient global search capability,is easily trapped in local optimums,and has poor search accuracy.Then,this paper tries to improve TROA,namely the Improved Tyrannosaurus Optimization Algorithm(ITROA).It proposes a metaheuristic-driven abnormal traffic detection model for SDN based on ITROA.Finally,the validity of the ITROA is verified by the benchmark function and the UCI dataset,and the feature selection optimization operation is performed on the InSDN dataset by ITROA and other MAs to obtain the optimized feature subset for SDN abnormal traffic detection.The experiment shows that the performance of the proposed ITROA outperforms compared MAs in terms of the metaheuristic-driven model for SDN,achieving an accuracy of 99.37%on binary classification and 96.73%on multiclassification.展开更多
To address the limitations of existing abnormal traffic detection methods,such as insufficient temporal and spatial feature extraction,high false positive rate(FPR),poor generalization,and class imbalance,this study p...To address the limitations of existing abnormal traffic detection methods,such as insufficient temporal and spatial feature extraction,high false positive rate(FPR),poor generalization,and class imbalance,this study proposed an intelligent detection method that combines a Stacked Convolutional Network(SCN),Bidirectional Long Short-Term Memory(BiLSTM)network,and Equalization Loss v2(EQL v2).This method was divided into two components:a feature extraction model and a classification and detection model.First,SCN was constructed by combining a Convolutional Neural Network(CNN)with a Depthwise Separable Convolution(DSC)network to capture the abstract spatial features of traffic data.These features were then input into the BiLSTM to capture temporal dependencies.An attention mechanism was incorporated after SCN and BiLSTM to enhance the extraction of key spatiotemporal features.To address class imbalance,the classification detection model applied EQL v2 to adjust the weights of the minority classes,ensuring that they received equal focus during training.The experimental results indicated that the proposed method outperformed the existing methods in terms of accuracy,FPR,and F1-score and significantly improved the identification rate of minority classes.展开更多
Along with the progression of Internet of Things(IoT)technology,network terminals are becoming continuously more intelligent.IoT has been widely applied in various scenarios,including urban infrastructure,transportati...Along with the progression of Internet of Things(IoT)technology,network terminals are becoming continuously more intelligent.IoT has been widely applied in various scenarios,including urban infrastructure,transportation,industry,personal life,and other socio-economic fields.The introduction of deep learning has brought new security challenges,like an increment in abnormal traffic,which threatens network security.Insufficient feature extraction leads to less accurate classification results.In abnormal traffic detection,the data of network traffic is high-dimensional and complex.This data not only increases the computational burden of model training but also makes information extraction more difficult.To address these issues,this paper proposes an MD-MRD-ResNeXt model for abnormal network traffic detection.To fully utilize the multi-scale information in network traffic,a Multi-scale Dilated feature extraction(MD)block is introduced.This module can effectively understand and process information at various scales and uses dilated convolution technology to significantly broaden the model’s receptive field.The proposed Max-feature-map Residual with Dual-channel pooling(MRD)block integrates the maximum feature map with the residual block.This module ensures the model focuses on key information,thereby optimizing computational efficiency and reducing unnecessary information redundancy.Experimental results show that compared to the latest methods,the proposed abnormal traffic detection model improves accuracy by about 2%.展开更多
The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also e...The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also expands the attack surface,introducing critical security vulnerabilities.To address these challenges,this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection.Specifically,an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering(IVB-NCA-NLKF)method is developed to model nonlinear system dynamics,enabling optimal state estimation in multi-sensor ICPS environments.Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states.Simultaneously,an adaptive network traffic anomaly detection mechanism is introduced,leveraging learned traffic patterns to detect node-and network-level anomalies through pattern matching.Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy(92.14%)with a reduced false alarm rate(0.81%).Moreover,it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations,providing a robust and comprehensive security solution for the safety protection of ICPS.展开更多
Nowadays,web systems and servers are constantly at great risk from cyberattacks.This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory(LSTM)network in c...Nowadays,web systems and servers are constantly at great risk from cyberattacks.This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory(LSTM)network in combination with the ensemble learning technique.First,the binary classification module was used to detect the current abnormal flow.Then,the abnormal flows were fed into the multilayer classification module to identify the specific type of flow.In this research,a deep learning bidirectional LSTM model,in combination with the convolutional neural network and attention technique,was deployed to identify a specific attack.To solve the real-time intrusion-detecting problem,a stacking ensemble-learning model was deployed to detect abnormal intrusion before being transferred to the attack classification module.The class-weight technique was applied to overcome the data imbalance between the attack layers.The results showed that our approach gained good performance and the F1 accuracy on the CICIDS2017 data set reached 99.97%,which is higher than the results obtained in other research.展开更多
The research intends to solve the problem of the occupation of bandwidth of local network by abnormal traffic which affects normal user's network behaviors.Firstly,a new algorithm in this paper named danger-theory...The research intends to solve the problem of the occupation of bandwidth of local network by abnormal traffic which affects normal user's network behaviors.Firstly,a new algorithm in this paper named danger-theory-based abnormal traffic detection was presented.Then an advanced ID3 algorithm was presented to classify the abnormal traffic.Finally a new model of anomaly traffic detection was built upon the two algorithms above and the detection results were integrated with firewall.The firewall limits the bandwidth based on different types of abnormal traffic.Experiments show the outstanding performance of the proposed approach in real-time property,high detection rate,and unsupervised learning.展开更多
The paper puts forward a variance-time plots method based on slide-window mechanism tocalculate the Hurst parameter to detect Distribute Denial of Service(DDoS)attack in real time.Basedon fuzzy logic technology that c...The paper puts forward a variance-time plots method based on slide-window mechanism tocalculate the Hurst parameter to detect Distribute Denial of Service(DDoS)attack in real time.Basedon fuzzy logic technology that can adjust itself dynamically under the fuzzy rules,an intelligent DDoSjudgment mechanism is designed.This new method calculates the Hurst parameter quickly and detectsDDoS attack in real time.Through comparing the detecting technologies based on statistics andfeature-packet respectively under different experiments,it is found that the new method can identifythe change of the Hurst parameter resulting from DDoS attack traffic with different intensities,andintelligently judge DDoS attack self-adaptively in real time.展开更多
In the complex urban road traffic network,a sudden accident leads to rapid congestion in the nearby traffic region,which even makes the local traffic network capacity quickly reduce.Therefore,an efficient monitoring s...In the complex urban road traffic network,a sudden accident leads to rapid congestion in the nearby traffic region,which even makes the local traffic network capacity quickly reduce.Therefore,an efficient monitoring system for abnormal conditions of the urban road network plays a crucial role in the tolerance of the urban road network.The traditional traffic monitoring system not only costs a lot in construction and maintenance,but also may not cover the road network comprehensively,which could not meet the basic needs of traffic management.Only a more comprehensive and intelligent monitoring method is able to identify traffic anomalies more effectively and quickly,so that it can provide more effective support for traffic management decisions.The extensive use of positioning equipment made us able to obtain accurate trajectory data.This paper presents a traffic anomaly monitoring and prediction method based on vehicle trajectory data.This model uses deep learning to detect abnormal trajectory on the traffic road network.The method effectively analyses the abnormal source and potential anomaly to judge the abnormal region,which provides an important reference for the traffic department to take effective traffic control measures.Finally,the paper uses Internet vehicle trajectory data from Chengdu(China)to test and obtains an accurate result.展开更多
基金supported by the National Natural Science Foundation of China under Grant 61602162the Hubei Provincial Science and Technology Plan Project under Grant 2023BCB041.
文摘Nowadays,abnormal traffic detection for Software-Defined Networking(SDN)faces the challenges of large data volume and high dimensionality.Since traditional machine learning-based detection methods have the problem of data redundancy,the Metaheuristic Algorithm(MA)is introduced to select features beforemachine learning to reduce the dimensionality of data.Since a Tyrannosaurus Optimization Algorithm(TROA)has the advantages of few parameters,simple implementation,and fast convergence,and it shows better results in feature selection,TROA can be applied to abnormal traffic detection for SDN.However,TROA suffers frominsufficient global search capability,is easily trapped in local optimums,and has poor search accuracy.Then,this paper tries to improve TROA,namely the Improved Tyrannosaurus Optimization Algorithm(ITROA).It proposes a metaheuristic-driven abnormal traffic detection model for SDN based on ITROA.Finally,the validity of the ITROA is verified by the benchmark function and the UCI dataset,and the feature selection optimization operation is performed on the InSDN dataset by ITROA and other MAs to obtain the optimized feature subset for SDN abnormal traffic detection.The experiment shows that the performance of the proposed ITROA outperforms compared MAs in terms of the metaheuristic-driven model for SDN,achieving an accuracy of 99.37%on binary classification and 96.73%on multiclassification.
基金supported by the National Natural Science Foundation of China(Grant No.62102449).
文摘To address the limitations of existing abnormal traffic detection methods,such as insufficient temporal and spatial feature extraction,high false positive rate(FPR),poor generalization,and class imbalance,this study proposed an intelligent detection method that combines a Stacked Convolutional Network(SCN),Bidirectional Long Short-Term Memory(BiLSTM)network,and Equalization Loss v2(EQL v2).This method was divided into two components:a feature extraction model and a classification and detection model.First,SCN was constructed by combining a Convolutional Neural Network(CNN)with a Depthwise Separable Convolution(DSC)network to capture the abstract spatial features of traffic data.These features were then input into the BiLSTM to capture temporal dependencies.An attention mechanism was incorporated after SCN and BiLSTM to enhance the extraction of key spatiotemporal features.To address class imbalance,the classification detection model applied EQL v2 to adjust the weights of the minority classes,ensuring that they received equal focus during training.The experimental results indicated that the proposed method outperformed the existing methods in terms of accuracy,FPR,and F1-score and significantly improved the identification rate of minority classes.
基金supported by the Key Research and Development Program of Xinjiang Uygur Autonomous Region(No.2022B01008)the National Natural Science Foundation of China(No.62363032)+4 种基金the Natural Science Foundation of Xinjiang Uygur Autonomous Region(No.2023D01C20)the Scientific Research Foundation of Higher Education(No.XJEDU2022P011)National Science and Technology Major Project(No.2022ZD0115803)Tianshan Innovation Team Program of Xinjiang Uygur Autonomous Region(No.2023D14012)the“Heaven Lake Doctor”Project(No.202104120018).
文摘Along with the progression of Internet of Things(IoT)technology,network terminals are becoming continuously more intelligent.IoT has been widely applied in various scenarios,including urban infrastructure,transportation,industry,personal life,and other socio-economic fields.The introduction of deep learning has brought new security challenges,like an increment in abnormal traffic,which threatens network security.Insufficient feature extraction leads to less accurate classification results.In abnormal traffic detection,the data of network traffic is high-dimensional and complex.This data not only increases the computational burden of model training but also makes information extraction more difficult.To address these issues,this paper proposes an MD-MRD-ResNeXt model for abnormal network traffic detection.To fully utilize the multi-scale information in network traffic,a Multi-scale Dilated feature extraction(MD)block is introduced.This module can effectively understand and process information at various scales and uses dilated convolution technology to significantly broaden the model’s receptive field.The proposed Max-feature-map Residual with Dual-channel pooling(MRD)block integrates the maximum feature map with the residual block.This module ensures the model focuses on key information,thereby optimizing computational efficiency and reducing unnecessary information redundancy.Experimental results show that compared to the latest methods,the proposed abnormal traffic detection model improves accuracy by about 2%.
基金supported by the National Natural Science Foundation of China(NSFC)under grant No.62371187the Hunan Provincial Natural Science Foundation of China under Grant Nos.2024JJ8309 and 2023JJ50495.
文摘The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System(ICPS),enhancing intelligence and autonomy.However,this transition also expands the attack surface,introducing critical security vulnerabilities.To address these challenges,this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection.Specifically,an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering(IVB-NCA-NLKF)method is developed to model nonlinear system dynamics,enabling optimal state estimation in multi-sensor ICPS environments.Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states.Simultaneously,an adaptive network traffic anomaly detection mechanism is introduced,leveraging learned traffic patterns to detect node-and network-level anomalies through pattern matching.Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy(92.14%)with a reduced false alarm rate(0.81%).Moreover,it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations,providing a robust and comprehensive security solution for the safety protection of ICPS.
文摘Nowadays,web systems and servers are constantly at great risk from cyberattacks.This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory(LSTM)network in combination with the ensemble learning technique.First,the binary classification module was used to detect the current abnormal flow.Then,the abnormal flows were fed into the multilayer classification module to identify the specific type of flow.In this research,a deep learning bidirectional LSTM model,in combination with the convolutional neural network and attention technique,was deployed to identify a specific attack.To solve the real-time intrusion-detecting problem,a stacking ensemble-learning model was deployed to detect abnormal intrusion before being transferred to the attack classification module.The class-weight technique was applied to overcome the data imbalance between the attack layers.The results showed that our approach gained good performance and the F1 accuracy on the CICIDS2017 data set reached 99.97%,which is higher than the results obtained in other research.
基金Shanghai Education Commission Foundation for Excellent Young High Education Teachers,China(No.xqz05001No.YYY-07008)
文摘The research intends to solve the problem of the occupation of bandwidth of local network by abnormal traffic which affects normal user's network behaviors.Firstly,a new algorithm in this paper named danger-theory-based abnormal traffic detection was presented.Then an advanced ID3 algorithm was presented to classify the abnormal traffic.Finally a new model of anomaly traffic detection was built upon the two algorithms above and the detection results were integrated with firewall.The firewall limits the bandwidth based on different types of abnormal traffic.Experiments show the outstanding performance of the proposed approach in real-time property,high detection rate,and unsupervised learning.
基金the Six Heights of Talent in Jiangsu Prov-ince(No.06-E-044).
文摘The paper puts forward a variance-time plots method based on slide-window mechanism tocalculate the Hurst parameter to detect Distribute Denial of Service(DDoS)attack in real time.Basedon fuzzy logic technology that can adjust itself dynamically under the fuzzy rules,an intelligent DDoSjudgment mechanism is designed.This new method calculates the Hurst parameter quickly and detectsDDoS attack in real time.Through comparing the detecting technologies based on statistics andfeature-packet respectively under different experiments,it is found that the new method can identifythe change of the Hurst parameter resulting from DDoS attack traffic with different intensities,andintelligently judge DDoS attack self-adaptively in real time.
基金supported by the National Natural Science Foundation of China (Grant No.52172310).
文摘In the complex urban road traffic network,a sudden accident leads to rapid congestion in the nearby traffic region,which even makes the local traffic network capacity quickly reduce.Therefore,an efficient monitoring system for abnormal conditions of the urban road network plays a crucial role in the tolerance of the urban road network.The traditional traffic monitoring system not only costs a lot in construction and maintenance,but also may not cover the road network comprehensively,which could not meet the basic needs of traffic management.Only a more comprehensive and intelligent monitoring method is able to identify traffic anomalies more effectively and quickly,so that it can provide more effective support for traffic management decisions.The extensive use of positioning equipment made us able to obtain accurate trajectory data.This paper presents a traffic anomaly monitoring and prediction method based on vehicle trajectory data.This model uses deep learning to detect abnormal trajectory on the traffic road network.The method effectively analyses the abnormal source and potential anomaly to judge the abnormal region,which provides an important reference for the traffic department to take effective traffic control measures.Finally,the paper uses Internet vehicle trajectory data from Chengdu(China)to test and obtains an accurate result.
