With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a ...With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a promising Deep Learning(DL)approach,has proven to be highly effective in identifying intricate patterns in graph⁃structured data and has already found wide applications in the field of network security.In this paper,we propose a hybrid Graph Convolutional Network(GCN)⁃GraphSAGE model for Anomaly Traffic Detection,namely HGS⁃ATD,which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities.We validate the HGS⁃ATD model on four publicly available datasets,including NF⁃UNSW⁃NB15⁃v2.The experimental results show that the enhanced hybrid model is 5.71%to 10.25%higher than the baseline model in terms of accuracy,and the F1⁃score is 5.53%to 11.63%higher than the baseline model,proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks.展开更多
Detecting traffic anomalies is essential for diagnosing attacks. HighSp eed Backbone Net works (HSBN) require Traffic Anomaly Detection Systems (TADS) which are accurate (high detec tion and low false positive ra...Detecting traffic anomalies is essential for diagnosing attacks. HighSp eed Backbone Net works (HSBN) require Traffic Anomaly Detection Systems (TADS) which are accurate (high detec tion and low false positive rates) and efficient. The proposed approach utilizes entropy as traffic distributions metric over some traffic dimensions. An efficient algorithm, having low computational and space complexity, is used to estimate entro py. Entropy values over all dimensions are展开更多
Network traffic anomalies refer to the traffic changed abnormally and obviously.Local events such as temporary network congestion,Distributed Denial of Service(DDoS)attack and large-scale scan,or global events such as...Network traffic anomalies refer to the traffic changed abnormally and obviously.Local events such as temporary network congestion,Distributed Denial of Service(DDoS)attack and large-scale scan,or global events such as abnormal network routing,can cause network anomalies.Network anomaly detection and analysis are very important to Computer Security Incident Response Teams(CSIRT).But wide-scale traffic anomaly detection requires extracting anomalous modes from large amounts of high-dimensional noise-rich data,and interpreting the modes;so,it is very difficult.This paper proposes a general method based on Principle Component Analysis(PCA)to analyze network anomalies.This method divides the traffic matrix into normal and anomalous subspaces,maps traffic vectors into the normal subspace,gets the distance from detected vector to average normal vector,and detects anomalies based on that distance.展开更多
With the advancement of new infrastructures,the digitalization of the substation communication network has rapidly increased,and its information security risks have become increasingly prominent.Accurate and reliable ...With the advancement of new infrastructures,the digitalization of the substation communication network has rapidly increased,and its information security risks have become increasingly prominent.Accurate and reliable substation communication network flow models and flow anomaly detection methods have become an important means to prevent network security problems and identify network anomalies.The existing substation network analyzers and flow anomaly detection algorithms are usually based on threshold determination,which cannot reflect the inherent characteristics of substation automation flow based on IEC 61850 and have low detection accuracy.To effectively detect abnormal traffic,this paper fully explores the substation network traffic rules,extracts the frequency domain features of the station level network,and designs an abnormal traffic identification model based on the ResNeSt convolutional neural network.Transfer learning is used to solve the problem of insufficient abnormal traffic labeled samples in the substation.Finally,a new method of abnormal traffic detection in smart substation station level communication networks based on deep transfer learning is proposed.The T1-1 substation communication network is constructed on OPNET for abnormal simulations,and the actual network traffic in a 110kV substation is fused with CIC DDoS2019 and KDD99 data sets for the algorithm performance test,respectively.The accuracy reached is 98.73%and 98.95%,indicating that the detection model proposed in this paper has higher detection accuracy than existing algorithms.展开更多
To meet the needs of transportation systems for smart scenic security services,real-time detection and identification of traffic anomalies with high accuracy is essential.Based on the multi-objective sparse optical fl...To meet the needs of transportation systems for smart scenic security services,real-time detection and identification of traffic anomalies with high accuracy is essential.Based on the multi-objective sparse optical flow estimation method based on KLT algorithm,an improved algorithm for robust sparse optical flow is designed.The Forward-Backward error calculation method was used to eliminate the error optical flow generated by the KLT algorithm and the robustness of optical flow was improved.The proposed algorithm was verified by the actual traffic scene monitoring example,and the anomaly detection accuracy is above 80%.Furthermore,it has good detection effect on the benchmark dataset.展开更多
基金National Natural Science Foundation of China(Grant No.62103434)National Science Fund for Distinguished Young Scholars(Grant No.62176263).
文摘With network attack technology continuing to develop,traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy.Graph Neural Network(GNN),a promising Deep Learning(DL)approach,has proven to be highly effective in identifying intricate patterns in graph⁃structured data and has already found wide applications in the field of network security.In this paper,we propose a hybrid Graph Convolutional Network(GCN)⁃GraphSAGE model for Anomaly Traffic Detection,namely HGS⁃ATD,which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities.We validate the HGS⁃ATD model on four publicly available datasets,including NF⁃UNSW⁃NB15⁃v2.The experimental results show that the enhanced hybrid model is 5.71%to 10.25%higher than the baseline model in terms of accuracy,and the F1⁃score is 5.53%to 11.63%higher than the baseline model,proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks.
基金supported by the National High-Tech Research and Development Plan of China under Grant No.2011AA010702
文摘Detecting traffic anomalies is essential for diagnosing attacks. HighSp eed Backbone Net works (HSBN) require Traffic Anomaly Detection Systems (TADS) which are accurate (high detec tion and low false positive rates) and efficient. The proposed approach utilizes entropy as traffic distributions metric over some traffic dimensions. An efficient algorithm, having low computational and space complexity, is used to estimate entro py. Entropy values over all dimensions are
基金This work was funded by the High-tech Research and Development Program of China (863 Program) under Grant 2006II01Z451.
文摘Network traffic anomalies refer to the traffic changed abnormally and obviously.Local events such as temporary network congestion,Distributed Denial of Service(DDoS)attack and large-scale scan,or global events such as abnormal network routing,can cause network anomalies.Network anomaly detection and analysis are very important to Computer Security Incident Response Teams(CSIRT).But wide-scale traffic anomaly detection requires extracting anomalous modes from large amounts of high-dimensional noise-rich data,and interpreting the modes;so,it is very difficult.This paper proposes a general method based on Principle Component Analysis(PCA)to analyze network anomalies.This method divides the traffic matrix into normal and anomalous subspaces,maps traffic vectors into the normal subspace,gets the distance from detected vector to average normal vector,and detects anomalies based on that distance.
基金supported in part by the Science and Technology Project of State Grid Corporation of China(SGHADK00PJJS2000026).
文摘With the advancement of new infrastructures,the digitalization of the substation communication network has rapidly increased,and its information security risks have become increasingly prominent.Accurate and reliable substation communication network flow models and flow anomaly detection methods have become an important means to prevent network security problems and identify network anomalies.The existing substation network analyzers and flow anomaly detection algorithms are usually based on threshold determination,which cannot reflect the inherent characteristics of substation automation flow based on IEC 61850 and have low detection accuracy.To effectively detect abnormal traffic,this paper fully explores the substation network traffic rules,extracts the frequency domain features of the station level network,and designs an abnormal traffic identification model based on the ResNeSt convolutional neural network.Transfer learning is used to solve the problem of insufficient abnormal traffic labeled samples in the substation.Finally,a new method of abnormal traffic detection in smart substation station level communication networks based on deep transfer learning is proposed.The T1-1 substation communication network is constructed on OPNET for abnormal simulations,and the actual network traffic in a 110kV substation is fused with CIC DDoS2019 and KDD99 data sets for the algorithm performance test,respectively.The accuracy reached is 98.73%and 98.95%,indicating that the detection model proposed in this paper has higher detection accuracy than existing algorithms.
基金Xaar Network Next Generation Internet Technology Innovation Project(No.NGII20180901)the Major special project of science and technology of Guangxi(No.AA18118047-7).
文摘To meet the needs of transportation systems for smart scenic security services,real-time detection and identification of traffic anomalies with high accuracy is essential.Based on the multi-objective sparse optical flow estimation method based on KLT algorithm,an improved algorithm for robust sparse optical flow is designed.The Forward-Backward error calculation method was used to eliminate the error optical flow generated by the KLT algorithm and the robustness of optical flow was improved.The proposed algorithm was verified by the actual traffic scene monitoring example,and the anomaly detection accuracy is above 80%.Furthermore,it has good detection effect on the benchmark dataset.
