基于深度学习的网络流时空特征自动提取方法

流量异常检测是网络入侵检测的主要途径之一，也是网络安全领域的一个热门研究方向。通过对网络流量进行实时监控，可及时有效地对网络异常进行预警。目前，网络流量异常检测方法主要分为基于规则和基于特征工程的方法，但现有方法需针对网络流量特征的变化需重新人工收集规则或 构造特征，工作量大且繁杂。为解决上述问题，该文提出一种基于卷积神经网络和循环神经网络的深度学习方法来自动提取网络流量的时空特征，可同时提取不同数据包之间的时序特征和同一数据包内字节流的空间特征，并减少了大量的人工工作。在 MAWILab 网络轨迹数据集上进行的验证分析结果表明，该文所提出的网络流时空特征提取方法优于已有的深度表示学习方法。

A Deep Learning-Based Spatio-Temporal Features Extraction Method for Network Flow

Network intrusion detection is one of the core research areas of cyber security. Network traffic anomaly detection is common in network intrusion detection systems. Through monitoring the network traffic, network intrusion detection systems can effectively track anomalous traffic and then give out alerts. This research area has developed for decades and the conventional methods for network intrusion detection systems include rule-based and feature engineering based methods. However, the changing features of network traffic require the methods to continuously gather new rules and generate new features, which results in a labor-intensive workload and comparatively poor quality of features engineering. To solve this problem, a deep learning-based spatial-temporal features extraction method was proposed. It includes convolution neural networks and long short term memory neural networks to learn the spatial-temporal features of network raw traffic. This method is tested on the MAWILab network traces data to evaluate its effectiveness. Multi-layer perception, convolution neural networks alone and long short term memory are used for comparison with the proposed approach. The features generated by these methods are used to classify the traffic, which can assess the performance of the feature extraction process of each method. Experiments show that the proposed method outperforms other methods in its effectiveness of spatial-temporal features extraction.