| FEW-NNN: A Fuzzy Entropy Weighted Natural Nearest Neighbor Method for Flow-Based Network Traffic Attack Detection |
| |
| 作者姓名: | Liangchen Chen Shu Gao Baoxu Liu Zhigang Lu Zhengwei Jiang |
| |
| 作者单位: | School of Computer Science and Technology;Institute of Information Engineering;School of Applied Technology;School of Cyber Security |
| |
| 基金项目: | the Natural Science Foundation of China (No. 61802404, 61602470);the Strategic Priority Research Program (C) of the Chinese Academy of Sciences (No. XDC02040100);the Fundamental Research Funds for the Central Universities of the China University of Labor Relations (No. 20ZYJS017, 20XYJS003);the Key Research Program of the Beijing Municipal Science & Technology Commission (No. D181100000618003);partially the Key Laboratory of Network Assessment Technology,the Chinese Academy of Sciences;the Beijing Key Laboratory of Network Security and Protection Technology |
| |
| 摘 要: | Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the focus of many initiatives. Effectively analyzing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge. In addition, the uneven distribution of network traffic does not fully reflect the differences of class sample features, resulting in the low accuracy of attack detection. To solve these problems, a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN) method is proposed to enhance the accuracy and efficiency of flowbased network traffic attack detection. First, the FEW-NNN method uses the Fisher score and deep graph feature learning algorithm to remove unimportant features and reduce the data dimension. Then, according to the proposed natural nearest neighbor searching algorithm(NNN_Searching), the density of data points, each class center and the smallest enclosing sphere radius are determined correspondingly. Finally, a fuzzy entropy weighted KNN classification method based on affinity is proposed, which mainly includes the following three steps: 1、 the feature weights of samples are calculated based on fuzzy entropy values, 2、 the fuzzy memberships of samples are determined based on affinity among samples, and 3、 K-neighbors are selected according to the class-conditional weighted Euclidean distance, the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors, and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class;that is, the attack type is determined. The method has been applied to the problem of attack detection and validated based on the famous KDD99 and CICIDS-2017 datasets. From the experimental results shown in this paper, it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.
|
| 关 键 词: | fuzzy entropy weighted KNN network attack detection fuzzy membership natural nearest neighbor network security intrusion detection system |
| 本文献已被 维普 等数据库收录! |
|
