With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a ...With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a promising Deep Learning(DL)approach,has proven to be highly effective in identifying intricate patterns in graph⁃structured data and has already found wide applications in the field of network security.In this paper,we propose a hybrid Graph Convolutional Network(GCN)⁃GraphSAGE model for Anomaly Traffic Detection,namely HGS⁃ATD,which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities.We validate the HGS⁃ATD model on four publicly available datasets,including NF⁃UNSW⁃NB15⁃v2.The experimental results show that the enhanced hybrid model is 5.71%to 10.25%higher than the baseline model in terms of accuracy,and the F1⁃score is 5.53%to 11.63%higher than the baseline model,proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks.展开更多
Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract loc...Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract local and global features, as well as the lack of effective mechanisms to capture complex interactions between features;Additionally, when increasing the receptive field to obtain deeper feature representations, the reliance on increasing network depth leads to a significant increase in computational resource consumption, affecting the efficiency and performance of detection. Based on these issues, firstly, this paper proposes a network traffic anomaly detection model based on parallel dilated convolution and residual learning (Res-PDC). To better explore the interactive relationships between features, the traffic samples are converted into two-dimensional matrix. A module combining parallel dilated convolutions and residual learning (res-pdc) was designed to extract local and global features of traffic at different scales. By utilizing res-pdc modules with different dilation rates, we can effectively capture spatial features at different scales and explore feature dependencies spanning wider regions without increasing computational resources. Secondly, to focus and integrate the information in different feature subspaces, further enhance and extract the interactions among the features, multi-head attention is added to Res-PDC, resulting in the final model: multi-head attention enhanced parallel dilated convolution and residual learning (MHA-Res-PDC) for network traffic anomaly detection. Finally, comparisons with other machine learning and deep learning algorithms are conducted on the NSL-KDD and CIC-IDS-2018 datasets. The experimental results demonstrate that the proposed method in this paper can effectively improve the detection performance.展开更多
Accelerating urbanization and the rapid development of intelligent transportation systems have rendered shortterm traffic flow prediction an important research field.Accurate prediction of traffic flow is beneficial f...Accelerating urbanization and the rapid development of intelligent transportation systems have rendered shortterm traffic flow prediction an important research field.Accurate prediction of traffic flow is beneficial for the optimization of traffic planning,improvement of road utilization,reduction of traffic congestion,and reduction in the incidence of traffic accidents.However,data pertaining to traffic flow are typically influenced by a multitude of factors,resulting in data that exhibit a considerable degree of nonlinearity and complexity.To address the issue of noise in raw traffic flow data,this study proposes a hybrid model that combines variational mode decomposition(VMD),a bidirectional long short-term memory network(BiLSTM),and a gated recurrent unit(GRU)for short-term traffic flow prediction.To validate the effectiveness of the model,an experimental validation was conducted based on traffic flow data from UK highways,and the performance of the model was compared with common benchmark models.The experimental results demonstrate that the proposed method yields superior prediction results in terms of mean absolute error,coefficient of determination,and root-mean-square error compared to existing prediction techniques,thereby substantiating its efficacy in short-term traffic flow prediction.展开更多
The back-propagation neural network(BPNN) is a well-known multi-layer feed-forward neural network which is trained by the error reverse propagation algorithm. It is very suitable for the complex of short-term traffic ...The back-propagation neural network(BPNN) is a well-known multi-layer feed-forward neural network which is trained by the error reverse propagation algorithm. It is very suitable for the complex of short-term traffic flow forecasting; however, BPNN is easy to fall into local optimum and slow convergence. In order to overcome these deficiencies, a new approach called social emotion optimization algorithm(SEOA) is proposed in this paper to optimize the linked weights and thresholds of BPNN. Each individual in SEOA represents a BPNN. The availability of the proposed forecasting models is proved with the actual traffic flow data of the 2 nd Ring Road of Beijing. Experiment of results show that the forecasting accuracy of SEOA is improved obviously as compared with the accuracy of particle swarm optimization back-propagation(PSOBP) and simulated annealing particle swarm optimization back-propagation(SAPSOBP) models. Furthermore, since SEOA does not respond to the negative feedback information, Metropolis rule is proposed to give consideration to both positive and negative feedback information and diversify the adjustment methods. The modified BPNN model, in comparison with social emotion optimization back-propagation(SEOBP) model, is more advantageous to search the global optimal solution. The accuracy of Metropolis rule social emotion optimization back-propagation(MRSEOBP) model is improved about 19.54% as compared with that of SEOBP model in predicting the dramatically changing data.展开更多
Network anomalies caused by network attacks can significantly degrade or even terminate network services.A Real-time and reliable detection of anomalies is essential to rapid anomaly diagnosis,anomaly mitigation,and m...Network anomalies caused by network attacks can significantly degrade or even terminate network services.A Real-time and reliable detection of anomalies is essential to rapid anomaly diagnosis,anomaly mitigation,and malfunction recovering.Unlike most detection methods based on the statistical analysis of the packet headers(Such as IP addresses and ports),a new approach only using network traffic volumes is proposed to detect anomalies reliably.Our method is based on autocorrelation function to judge whether anomalies have happened.In details,the correlation coefficients of normal and anomaly data fluctuate slightly respectively,while those of the overlapped data composed of them fluctuate greatly.Experimental results on network traffic volumes transformed from 1999 DARPA intrusion evaluation data set show that this method can effectively detect network anomalies,while avoiding the high false alarms rate.展开更多
Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly de...Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly detection methods rely on statistical features manually extracted using the experience of network security experts.They are not aimed at the original network data,nor can they capture the potential characteristics of network packets.Therefore,the following improvements were made in this study:(1)A dataset that can be used to evaluate anomaly detection algorithms is produced,which provides raw network data.(2)A request response-based convolutional neural network named RRCNN is proposed,which can be used for anomaly detection of ICS network traffic.Instead of using statistical features manually extracted by security experts,this method uses the byte sequences of the original network packets directly,which can extract potential features of the network packets in greater depth.It regards the request packet and response packet in a session as a Request-Response Pair(RRP).The feature of RRP is extracted using a one-dimensional convolutional neural network,and then the RRP is judged to be normal or abnormal based on the extracted feature.Experimental results demonstrate that this model is better than several other machine learning and neural network models,with F1,accuracy,precision,and recall above 99%.展开更多
Network traffic anomalies refer to the traffic changed abnormally and obviously.Local events such as temporary network congestion,Distributed Denial of Service(DDoS)attack and large-scale scan,or global events such as...Network traffic anomalies refer to the traffic changed abnormally and obviously.Local events such as temporary network congestion,Distributed Denial of Service(DDoS)attack and large-scale scan,or global events such as abnormal network routing,can cause network anomalies.Network anomaly detection and analysis are very important to Computer Security Incident Response Teams(CSIRT).But wide-scale traffic anomaly detection requires extracting anomalous modes from large amounts of high-dimensional noise-rich data,and interpreting the modes;so,it is very difficult.This paper proposes a general method based on Principle Component Analysis(PCA)to analyze network anomalies.This method divides the traffic matrix into normal and anomalous subspaces,maps traffic vectors into the normal subspace,gets the distance from detected vector to average normal vector,and detects anomalies based on that distance.展开更多
To meet the ever-increasing traffic demand and enhance the coverage of cellular networks,network densification is one of the crucial paradigms of 5G and beyond mobile networks,which can improve system capacity by depl...To meet the ever-increasing traffic demand and enhance the coverage of cellular networks,network densification is one of the crucial paradigms of 5G and beyond mobile networks,which can improve system capacity by deploying a large number of Access Points(APs)in the service area.However,since the energy consumption of APs generally accounts for a substantial part of the communication system,how to deal with the consequent energy issue is a challenging task for a mobile network with densely deployed APs.In this paper,we propose an intelligent AP switching on/off scheme to reduce the system energy consumption with the prerequisite of guaranteeing the quality of service,where the signaling overhead is also taken into consideration to ensure the stability of the network.First,based on historical traffic data,a long short-term memory method is introduced to predict the future traffic distribution,by which we can roughly determine when the AP switching operation should be triggered;second,we present an efficient three-step AP selection strategy to determine which of the APs would be switched on or off;third,an AP switching scheme with a threshold is proposed to adjust the switching frequency so as to improve the stability of the system.Experiment results indicate that our proposed traffic forecasting method performs well in practical scenarios,where the normalized root mean square error is within 10%.Furthermore,the achieved energy-saving is more than 28% on average with a reasonable outage probability and switching frequency for an area served by 40 APs in a commercial mobile network.展开更多
Nowadays,the fifth-generation(5G)mobile communication system has obtained prosperous development and deployment,reshaping our daily lives.However,anomalies of cell outages and congestion in 5G critically influence the...Nowadays,the fifth-generation(5G)mobile communication system has obtained prosperous development and deployment,reshaping our daily lives.However,anomalies of cell outages and congestion in 5G critically influence the quality of experience and significantly increase operational expenditures.Although several big data and artificial intelligencebased anomaly detection methods have been proposed for wireless cellular systems,they change distributions of the data and ignore the relevance among user activities,causing anomaly detection ineffective for some cells.In this paper,we propose a highly effective and accurate anomaly detection framework by utilizing generative adversarial networks(GAN)and long short-term memory(LSTM)neural networks.The framework expands the original dataset while simultaneously keeping the distribution of data unchanged,and explores the relevance among user activities to further improve the system performance.The results demonstrate that our framework can achieve 97.16%accuracy and 2.30%false positive rate by utilizing the correlation of user activities and data expansion.展开更多
The timely and accurately detection of abnormal aircraft trajectory is critical to improving flight safety.However,the existing anomaly detection methods based on machine learning cannot well characterize the features...The timely and accurately detection of abnormal aircraft trajectory is critical to improving flight safety.However,the existing anomaly detection methods based on machine learning cannot well characterize the features of aircraft trajectories.Low anomaly detection accuracy still exists due to the high-dimensionality,heterogeneity and temporality of flight trajectory data.To this end,this paper proposes an abnormal trajectory detection method based on the deep mixture density network(DMDN)to detect flights with unusual data patterns and evaluate flight trajectory safety.The technique consists of two components:Utilization of the deep long short-term memory(LSTM)network to encode features of flight trajectories effectively,and parameterization of the statistical properties of flight trajectory using the Gaussian mixture model(GMM).Experiment results on Guangzhou Baiyun International Airport terminal airspace show that the proposed method can effectively capture the statistical patterns of aircraft trajectories.The model can detect abnormal flights with elevated risks and its performance is superior to two mainstream methods.The proposed model can be used as an assistant decision-making tool for air traffic controllers.展开更多
Accurate cellular network traffic prediction is a crucial task to access Internet services for various devices at any time.With the use of mobile devices,communication services generate numerous data for every moment....Accurate cellular network traffic prediction is a crucial task to access Internet services for various devices at any time.With the use of mobile devices,communication services generate numerous data for every moment.Given the increasing dense population of data,traffic learning and prediction are the main components to substantially enhance the effectiveness of demand-aware resource allocation.A novel deep learning technique called radial kernelized LSTM-based connectionist Tversky multilayer deep structure learning(RKLSTM-CTMDSL)model is introduced for traffic prediction with superior accuracy and minimal time consumption.The RKLSTM-CTMDSL model performs attribute selection and classification processes for cellular traffic prediction.In this model,the connectionist Tversky multilayer deep structure learning includes multiple layers for traffic prediction.A large volume of spatial-temporal data are considered as an input-to-input layer.Thereafter,input data are transmitted to hidden layer 1,where a radial kernelized long short-term memory architecture is designed for the relevant attribute selection using activation function results.After obtaining the relevant attributes,the selected attributes are given to the next layer.Tversky index function is used in this layer to compute similarities among the training and testing traffic patterns.Tversky similarity index outcomes are given to the output layer.Similarity value is used as basis to classify data as heavy network or normal traffic.Thus,cellular network traffic prediction is presented with minimal error rate using the RKLSTM-CTMDSL model.Comparative evaluation proved that the RKLSTM-CTMDSL model outperforms conventional methods.展开更多
Because of an explosive growth of the intrusions, necessity of anomaly-based Intrusion Detection Systems (IDSs) which are capable of detecting novel attacks, is increasing. Among those systems, flow-based detection sy...Because of an explosive growth of the intrusions, necessity of anomaly-based Intrusion Detection Systems (IDSs) which are capable of detecting novel attacks, is increasing. Among those systems, flow-based detection systems which use a series of packets exchanged between two terminals as a unit of observation, have an advantage of being able to detect anomaly which is included in only some specific sessions. However, in large-scale networks where a large number of communications takes place, analyzing every flow is not practical. On the other hand, a timeslot-based detection systems need not to prepare a number of buffers although it is difficult to specify anomaly communications. In this paper, we propose a multi-stage anomaly detection system which is combination of timeslot-based and flow-based detectors. The proposed system can reduce the number of flows which need to be subjected to flow-based analysis but yet exhibits high detection accuracy. Through experiments using data set, we present the effectiveness of the proposed method.展开更多
To address the limitations of existing abnormal traffic detection methods,such as insufficient temporal and spatial feature extraction,high false positive rate(FPR),poor generalization,and class imbalance,this study p...To address the limitations of existing abnormal traffic detection methods,such as insufficient temporal and spatial feature extraction,high false positive rate(FPR),poor generalization,and class imbalance,this study proposed an intelligent detection method that combines a Stacked Convolutional Network(SCN),Bidirectional Long Short-Term Memory(BiLSTM)network,and Equalization Loss v2(EQL v2).This method was divided into two components:a feature extraction model and a classification and detection model.First,SCN was constructed by combining a Convolutional Neural Network(CNN)with a Depthwise Separable Convolution(DSC)network to capture the abstract spatial features of traffic data.These features were then input into the BiLSTM to capture temporal dependencies.An attention mechanism was incorporated after SCN and BiLSTM to enhance the extraction of key spatiotemporal features.To address class imbalance,the classification detection model applied EQL v2 to adjust the weights of the minority classes,ensuring that they received equal focus during training.The experimental results indicated that the proposed method outperformed the existing methods in terms of accuracy,FPR,and F1-score and significantly improved the identification rate of minority classes.展开更多
基金National Natural Science Foundation of China(Grant No.62103434)National Science Fund for Distinguished Young Scholars(Grant No.62176263).
文摘With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a promising Deep Learning(DL)approach,has proven to be highly effective in identifying intricate patterns in graph⁃structured data and has already found wide applications in the field of network security.In this paper,we propose a hybrid Graph Convolutional Network(GCN)⁃GraphSAGE model for Anomaly Traffic Detection,namely HGS⁃ATD,which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities.We validate the HGS⁃ATD model on four publicly available datasets,including NF⁃UNSW⁃NB15⁃v2.The experimental results show that the enhanced hybrid model is 5.71%to 10.25%higher than the baseline model in terms of accuracy,and the F1⁃score is 5.53%to 11.63%higher than the baseline model,proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks.
基金supported by the Xiamen Science and Technology Subsidy Project(No.2023CXY0318).
文摘Abnormal network traffic, as a frequent security risk, requires a series of techniques to categorize and detect it. Existing network traffic anomaly detection still faces challenges: the inability to fully extract local and global features, as well as the lack of effective mechanisms to capture complex interactions between features;Additionally, when increasing the receptive field to obtain deeper feature representations, the reliance on increasing network depth leads to a significant increase in computational resource consumption, affecting the efficiency and performance of detection. Based on these issues, firstly, this paper proposes a network traffic anomaly detection model based on parallel dilated convolution and residual learning (Res-PDC). To better explore the interactive relationships between features, the traffic samples are converted into two-dimensional matrix. A module combining parallel dilated convolutions and residual learning (res-pdc) was designed to extract local and global features of traffic at different scales. By utilizing res-pdc modules with different dilation rates, we can effectively capture spatial features at different scales and explore feature dependencies spanning wider regions without increasing computational resources. Secondly, to focus and integrate the information in different feature subspaces, further enhance and extract the interactions among the features, multi-head attention is added to Res-PDC, resulting in the final model: multi-head attention enhanced parallel dilated convolution and residual learning (MHA-Res-PDC) for network traffic anomaly detection. Finally, comparisons with other machine learning and deep learning algorithms are conducted on the NSL-KDD and CIC-IDS-2018 datasets. The experimental results demonstrate that the proposed method in this paper can effectively improve the detection performance.
基金supported by the Enterprise Innovation Consortium Project under the Major Special Science and Technology Project of Gansu Province(Grant No.22ZD6GA010).
文摘Accelerating urbanization and the rapid development of intelligent transportation systems have rendered shortterm traffic flow prediction an important research field.Accurate prediction of traffic flow is beneficial for the optimization of traffic planning,improvement of road utilization,reduction of traffic congestion,and reduction in the incidence of traffic accidents.However,data pertaining to traffic flow are typically influenced by a multitude of factors,resulting in data that exhibit a considerable degree of nonlinearity and complexity.To address the issue of noise in raw traffic flow data,this study proposes a hybrid model that combines variational mode decomposition(VMD),a bidirectional long short-term memory network(BiLSTM),and a gated recurrent unit(GRU)for short-term traffic flow prediction.To validate the effectiveness of the model,an experimental validation was conducted based on traffic flow data from UK highways,and the performance of the model was compared with common benchmark models.The experimental results demonstrate that the proposed method yields superior prediction results in terms of mean absolute error,coefficient of determination,and root-mean-square error compared to existing prediction techniques,thereby substantiating its efficacy in short-term traffic flow prediction.
基金the Research of New Intelligent Integrated Transport Information System,Technical Plan Project of Binhai New District,Tianjin(No.2015XJR21017)
文摘The back-propagation neural network(BPNN) is a well-known multi-layer feed-forward neural network which is trained by the error reverse propagation algorithm. It is very suitable for the complex of short-term traffic flow forecasting; however, BPNN is easy to fall into local optimum and slow convergence. In order to overcome these deficiencies, a new approach called social emotion optimization algorithm(SEOA) is proposed in this paper to optimize the linked weights and thresholds of BPNN. Each individual in SEOA represents a BPNN. The availability of the proposed forecasting models is proved with the actual traffic flow data of the 2 nd Ring Road of Beijing. Experiment of results show that the forecasting accuracy of SEOA is improved obviously as compared with the accuracy of particle swarm optimization back-propagation(PSOBP) and simulated annealing particle swarm optimization back-propagation(SAPSOBP) models. Furthermore, since SEOA does not respond to the negative feedback information, Metropolis rule is proposed to give consideration to both positive and negative feedback information and diversify the adjustment methods. The modified BPNN model, in comparison with social emotion optimization back-propagation(SEOBP) model, is more advantageous to search the global optimal solution. The accuracy of Metropolis rule social emotion optimization back-propagation(MRSEOBP) model is improved about 19.54% as compared with that of SEOBP model in predicting the dramatically changing data.
基金This work was supported by a grant from the National Natural Science Foundation of China(No.60773192).
文摘Network anomalies caused by network attacks can significantly degrade or even terminate network services.A Real-time and reliable detection of anomalies is essential to rapid anomaly diagnosis,anomaly mitigation,and malfunction recovering.Unlike most detection methods based on the statistical analysis of the packet headers(Such as IP addresses and ports),a new approach only using network traffic volumes is proposed to detect anomalies reliably.Our method is based on autocorrelation function to judge whether anomalies have happened.In details,the correlation coefficients of normal and anomaly data fluctuate slightly respectively,while those of the overlapped data composed of them fluctuate greatly.Experimental results on network traffic volumes transformed from 1999 DARPA intrusion evaluation data set show that this method can effectively detect network anomalies,while avoiding the high false alarms rate.
基金supported by the National Natural Science Foundation of China(No.62076042,No.62102049)the Key Research and Development Project of Sichuan Province(No.2021YFSY0012,No.2020YFG0307,No.2021YFG0332)+3 种基金the Science and Technology Innovation Project of Sichuan(No.2020017)the Key Research and Development Project of Chengdu(No.2019-YF05-02028-GX)the Innovation Team of Quantum Security Communication of Sichuan Province(No.17TD0009)the Academic and Technical Leaders Training Funding Support Projects of Sichuan Province(No.2016120080102643).
文摘Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly detection methods rely on statistical features manually extracted using the experience of network security experts.They are not aimed at the original network data,nor can they capture the potential characteristics of network packets.Therefore,the following improvements were made in this study:(1)A dataset that can be used to evaluate anomaly detection algorithms is produced,which provides raw network data.(2)A request response-based convolutional neural network named RRCNN is proposed,which can be used for anomaly detection of ICS network traffic.Instead of using statistical features manually extracted by security experts,this method uses the byte sequences of the original network packets directly,which can extract potential features of the network packets in greater depth.It regards the request packet and response packet in a session as a Request-Response Pair(RRP).The feature of RRP is extracted using a one-dimensional convolutional neural network,and then the RRP is judged to be normal or abnormal based on the extracted feature.Experimental results demonstrate that this model is better than several other machine learning and neural network models,with F1,accuracy,precision,and recall above 99%.
基金This work was funded by the High-tech Research and Development Program of China(863 Program)under Grant 2006II01Z451.
文摘Network traffic anomalies refer to the traffic changed abnormally and obviously.Local events such as temporary network congestion,Distributed Denial of Service(DDoS)attack and large-scale scan,or global events such as abnormal network routing,can cause network anomalies.Network anomaly detection and analysis are very important to Computer Security Incident Response Teams(CSIRT).But wide-scale traffic anomaly detection requires extracting anomalous modes from large amounts of high-dimensional noise-rich data,and interpreting the modes;so,it is very difficult.This paper proposes a general method based on Principle Component Analysis(PCA)to analyze network anomalies.This method divides the traffic matrix into normal and anomalous subspaces,maps traffic vectors into the normal subspace,gets the distance from detected vector to average normal vector,and detects anomalies based on that distance.
基金partially supported by the National Natural Science Foundation of China under Grants 61801208,61931023,and U1936202.
文摘To meet the ever-increasing traffic demand and enhance the coverage of cellular networks,network densification is one of the crucial paradigms of 5G and beyond mobile networks,which can improve system capacity by deploying a large number of Access Points(APs)in the service area.However,since the energy consumption of APs generally accounts for a substantial part of the communication system,how to deal with the consequent energy issue is a challenging task for a mobile network with densely deployed APs.In this paper,we propose an intelligent AP switching on/off scheme to reduce the system energy consumption with the prerequisite of guaranteeing the quality of service,where the signaling overhead is also taken into consideration to ensure the stability of the network.First,based on historical traffic data,a long short-term memory method is introduced to predict the future traffic distribution,by which we can roughly determine when the AP switching operation should be triggered;second,we present an efficient three-step AP selection strategy to determine which of the APs would be switched on or off;third,an AP switching scheme with a threshold is proposed to adjust the switching frequency so as to improve the stability of the system.Experiment results indicate that our proposed traffic forecasting method performs well in practical scenarios,where the normalized root mean square error is within 10%.Furthermore,the achieved energy-saving is more than 28% on average with a reasonable outage probability and switching frequency for an area served by 40 APs in a commercial mobile network.
基金supported by National Natural Science Foundation of China under Grant 61772406 and Grant 61941105in part by the projects of the Fundamental Research Funds for the Central Universitiesthe Innovation Fund of Xidian University under Grant 500120109215456。
文摘Nowadays,the fifth-generation(5G)mobile communication system has obtained prosperous development and deployment,reshaping our daily lives.However,anomalies of cell outages and congestion in 5G critically influence the quality of experience and significantly increase operational expenditures.Although several big data and artificial intelligencebased anomaly detection methods have been proposed for wireless cellular systems,they change distributions of the data and ignore the relevance among user activities,causing anomaly detection ineffective for some cells.In this paper,we propose a highly effective and accurate anomaly detection framework by utilizing generative adversarial networks(GAN)and long short-term memory(LSTM)neural networks.The framework expands the original dataset while simultaneously keeping the distribution of data unchanged,and explores the relevance among user activities to further improve the system performance.The results demonstrate that our framework can achieve 97.16%accuracy and 2.30%false positive rate by utilizing the correlation of user activities and data expansion.
基金supported in part by the National Natural Science Foundation of China(Nos.62076126,52075031)Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX19_0013)。
文摘The timely and accurately detection of abnormal aircraft trajectory is critical to improving flight safety.However,the existing anomaly detection methods based on machine learning cannot well characterize the features of aircraft trajectories.Low anomaly detection accuracy still exists due to the high-dimensionality,heterogeneity and temporality of flight trajectory data.To this end,this paper proposes an abnormal trajectory detection method based on the deep mixture density network(DMDN)to detect flights with unusual data patterns and evaluate flight trajectory safety.The technique consists of two components:Utilization of the deep long short-term memory(LSTM)network to encode features of flight trajectories effectively,and parameterization of the statistical properties of flight trajectory using the Gaussian mixture model(GMM).Experiment results on Guangzhou Baiyun International Airport terminal airspace show that the proposed method can effectively capture the statistical patterns of aircraft trajectories.The model can detect abnormal flights with elevated risks and its performance is superior to two mainstream methods.The proposed model can be used as an assistant decision-making tool for air traffic controllers.
文摘Accurate cellular network traffic prediction is a crucial task to access Internet services for various devices at any time.With the use of mobile devices,communication services generate numerous data for every moment.Given the increasing dense population of data,traffic learning and prediction are the main components to substantially enhance the effectiveness of demand-aware resource allocation.A novel deep learning technique called radial kernelized LSTM-based connectionist Tversky multilayer deep structure learning(RKLSTM-CTMDSL)model is introduced for traffic prediction with superior accuracy and minimal time consumption.The RKLSTM-CTMDSL model performs attribute selection and classification processes for cellular traffic prediction.In this model,the connectionist Tversky multilayer deep structure learning includes multiple layers for traffic prediction.A large volume of spatial-temporal data are considered as an input-to-input layer.Thereafter,input data are transmitted to hidden layer 1,where a radial kernelized long short-term memory architecture is designed for the relevant attribute selection using activation function results.After obtaining the relevant attributes,the selected attributes are given to the next layer.Tversky index function is used in this layer to compute similarities among the training and testing traffic patterns.Tversky similarity index outcomes are given to the output layer.Similarity value is used as basis to classify data as heavy network or normal traffic.Thus,cellular network traffic prediction is presented with minimal error rate using the RKLSTM-CTMDSL model.Comparative evaluation proved that the RKLSTM-CTMDSL model outperforms conventional methods.
文摘Because of an explosive growth of the intrusions, necessity of anomaly-based Intrusion Detection Systems (IDSs) which are capable of detecting novel attacks, is increasing. Among those systems, flow-based detection systems which use a series of packets exchanged between two terminals as a unit of observation, have an advantage of being able to detect anomaly which is included in only some specific sessions. However, in large-scale networks where a large number of communications takes place, analyzing every flow is not practical. On the other hand, a timeslot-based detection systems need not to prepare a number of buffers although it is difficult to specify anomaly communications. In this paper, we propose a multi-stage anomaly detection system which is combination of timeslot-based and flow-based detectors. The proposed system can reduce the number of flows which need to be subjected to flow-based analysis but yet exhibits high detection accuracy. Through experiments using data set, we present the effectiveness of the proposed method.
基金supported by the National Natural Science Foundation of China(Grant No.62102449).
文摘To address the limitations of existing abnormal traffic detection methods,such as insufficient temporal and spatial feature extraction,high false positive rate(FPR),poor generalization,and class imbalance,this study proposed an intelligent detection method that combines a Stacked Convolutional Network(SCN),Bidirectional Long Short-Term Memory(BiLSTM)network,and Equalization Loss v2(EQL v2).This method was divided into two components:a feature extraction model and a classification and detection model.First,SCN was constructed by combining a Convolutional Neural Network(CNN)with a Depthwise Separable Convolution(DSC)network to capture the abstract spatial features of traffic data.These features were then input into the BiLSTM to capture temporal dependencies.An attention mechanism was incorporated after SCN and BiLSTM to enhance the extraction of key spatiotemporal features.To address class imbalance,the classification detection model applied EQL v2 to adjust the weights of the minority classes,ensuring that they received equal focus during training.The experimental results indicated that the proposed method outperformed the existing methods in terms of accuracy,FPR,and F1-score and significantly improved the identification rate of minority classes.
