基于改进双线性卷积神经网络的恶意网络流量分类算法

doi:10.3969/j.issn.1671-1122.2020.10.009

信息网络安全 ›› 2020, Vol. 20 ›› Issue (10): 67-74.doi: 10.3969/j.issn.1671-1122.2020.10.009

基于改进双线性卷积神经网络的恶意网络流量分类算法

顾兆军¹^,², 郝锦涛¹^,²(), 周景贤¹

1.中国民航大学信息安全测评中心,天津300300
2.中国民航大学计算机科学与技术学院,天津 300300

收稿日期:2020-03-02 出版日期:2020-10-10 发布日期:2020-11-25
通讯作者: 郝锦涛 E-mail:haojintao291@163.com
作者简介:顾兆军（1966—）,男,山东,教授,博士,主要研究方向为网络与信息安全|郝锦涛（1995—）,男,山西,硕士研究生,主要研究方向为大数据与网络安全|周景贤（1981—）,男,河南,副研究员,博士,主要研究方向为网络与信息安全
基金资助:
国家自然科学基金(61601467);国家自然科学基金(U1533104);民航科技基金(MHRD20140205);民航科技基金(MHRD20150233);民航安全能力建设基金(PESA170003);民航安全能力建设基金(PDSA2018079);民航安全能力建设基金(PDSA2018082);民航安全能力建设基金(PESA2019073);民航安全能力建设基金(PESA2019074);中央高校基本科研业务费(3122018C036)

Classification of Malicious Network Traffic Based on Improved Bilinear Convolutional Neural Network

GU Zhaojun¹^,², HAO Jintao¹^,²(), ZHOU Jingxian¹

1. Information Security Evaluation Center, Civil Aviation University of China, Tianjin 300300, China
2. Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China

Received:2020-03-02 Online:2020-10-10 Published:2020-11-25
Contact: HAO Jintao E-mail:haojintao291@163.com

摘要/Abstract

摘要：

文章提出一种改进的双线性卷积神经网络,用于恶意网络流量分类。该网络采用跨层多特征融合的设计思想,首先使用两个基于VGG-Net（网络A、网络B）的神经网络进行特征提取,连接跨层多特征融合模块进行特征融合,提高特征表达能力;然后通过多次迭代优化训练网络模型至拟合状态;最后利用训练至拟合的网络模型对测试集进行分类检测,得出分类结果。实验表明,该算法在恶意网络流量分类中具有较高的准确率、精确率和F值。

关键词: 网络安全, 网络流量分类, 卷积神经网络, 特征融合, 迭代优化

Abstract:

In this paper, improved bilinear convolutional neural network(IBCNN) is proposed for malicious network traffic classification. Different from traditional unilinear network structure, the network adopts the design idea of cross-layer multi-feature fusion. Firstly, use two neural networks(network A, network B) based on VGG-Net for feature extraction, connect cross-layer multi-feature fusion modules for feature fusion to improve feature expression ability. Then, optimization through multiple iterations, train the network model to fit state. Finally, network model completed by training using test set, get classification results. The experimental verification and evaluation index calculation show that this algorithm has higher accuracy, precision and F value in the classification of malicious network traffic.

Key words: cyber security, network traffic classification, convolutional neural network, feature fusion, iterative optimization

中图分类号:

TP309

顾兆军, 郝锦涛, 周景贤. 基于改进双线性卷积神经网络的恶意网络流量分类算法[J]. 信息网络安全, 2020, 20(10): 67-74.

GU Zhaojun, HAO Jintao, ZHOU Jingxian. Classification of Malicious Network Traffic Based on Improved Bilinear Convolutional Neural Network[J]. Netinfo Security, 2020, 20(10): 67-74.

图/表 14

图1

表1

图2

图3

表2

表3

表4

图4

表5

图5

表6

图6

表7

图7

参考文献 20

[1]	China Internet Network Information Center. The 44th Statistical Report on Internet Development in China[EB/OL]. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201908, 2019-8-30.
	中国互联网络信息中心.第44次中国互联网络发展现状统计报告[EB/OL]. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201908, 2019-8-30.
[2]	MADHUKAR A, WILLIAMSON C. A Longitudinal Study of P2P Traffic Classification [C]//IEEE. 14th IEEE International Symposium on Modeling, Analysis, and Simulation, September 11-14, 2006, Monterey, CA, USA. New York: IEEE, 2006: 179-188.
[3]	JAISWAL R C, LOKHANDE S D. Machine Learning Based Internet Traffic Recognition with Statistical Approach [C]//IEEE. 2013 Annual IEEE India Conference(INDICON), December 13-15, 2013, Mumbai. New York: IEEE, 2013: 1-6.
[4]	DHOTE Y, AGRAWAL S, DEED A J. A Survey on Feature Selection Techniques for Internet Traffic Classification [C]//IEEE. 2015 International Conference on Computational Intelligence and Communication Networks(CICN), December 12-14, 2015, Jabalpur. New York: IEEE, 2015: 1375-1380.
[5]	ZHANG Jian, CHEN Bohan, GONG Liangyi, et al. Research on Malware Detection Technology Based on Image Analysis[J]. Netinfo Security, 2019,19(10):24-31.
[6]	ZHANG Chenbin, ZHANG Yunchun, ZHENG Yang, et al. Malware Classification Based on Grayscale Texture Fingerprints[J]. Computer Science, 2018,45(S1):383-386.
	张晨斌, 张云春, 郑杨, 等. 基于灰度图纹理指纹的恶意软件分类[J]. 计算机科学, 2018,45(S1):383-386.
[7]	WANG Wei, ZHU Ming, ZENG Xuewen, et al. Malware Traffic Classification Using Convolutional Neural Network for Representation Learning [C]//IEEE. 2017 International Conference on Information Networking(ICOIN), January 11-13, 2017, Da Nang, Vietnam. New York: IEEE, 2017: 712-717.
[8]	RAN Jing, CHEN Yexin, LI Shulan. Three-dimensional Convolutional Neural Network Based Traffic Classification for Wireless Communications [C]//IEEE. 2018 IEEE Global Conference on Signal and Information Processing(GlobalSIP), November 26-29, 2018, Anaheim, CA, USA. New York: IEEE, 2018: 624-627.
[9]	ZHANG Fan, WANG Yong, MIAO Ye. Network Traffic Classification Method Based on Improved Capsule Neural Network [C]//IEEE. 14th International Conference on Computational Intelligence and Security(CIS), November 16-19, 2018, Hangzhou, China. New York: IEEE, 2018: 174-178.
[10]	LIM H, KIM J, HEO J, et al. Packet-Based Network Traffic Classification Using Deep Learning [C]//IEEE. 2019 International Conference on Artificial Intelligence in Information and Communication(ICAIIC), February 11-13, 2019, Okinawa, Japan. New York: IEEE, 2019: 46-51.
[11]	LI Daoquan, WANG Xue, YU Bo, et al. Network Traffic Classification Method Based on One-dimensional Convolutional Neural Network[J]. Computer Engineering and Applications, 2020,56(3):94-99.
	李道全, 王雪, 于波, 等. 基于一维卷积神经网络的网络流量分类方法[J]. 计算机工程与应用, 2020,56(3):94-99.
[12]	HAN Xiaoguang, QU Wu, YAO Xuanxia, et al. Research on Detection Method of Malicious Code Variant Based on Texture Fingerprint[J]. Journal of Communications, 2014,35(8):125-136.
	韩晓光, 曲武, 姚宣霞, 等. 基于纹理指纹的恶意代码变种检测方法研究[J]. 通信学报, 2014,35(8):125-136.
[13]	HAN Xiaoguang. Research on Key Technologies of Malicious Code Detection[D]. Beijing: University of Science and Technology Beijing, 2015.
	韩晓光. 恶意代码检测关键技术研究[D]. 北京:北京科技大学, 2015.
[14]	XIE Bo. Research on ResNet Based Intrusion Detection Model[D]. Lanzhou: Lanzhou University, 2019.
	谢博. 基于ResNet的入侵检测模型研究[D]. 兰州:兰州大学, 2019.
[15]	LUO Jianhao, WU Jianxin. Review of Fine-grained Image Classification Based on Deep Convolution Features[J]. Journal of Automation, 2017,43(8):1306-1318.
	罗建豪, 吴建鑫. 基于深度卷积特征的细粒度图像分类研究综述[J]. 自动化学报, 2017,43(8):1306-1318.
[16]	LIU Shuying, DENG Weihong. Very Deep Convolutional Neural Network Based Image Classification Using Small Training Sample Size [C]//IEEE. 3rd IAPR Asian Conference on Pattern Recognition(ACPR), November 3-6, 2015, Kuala Lumpur, Malaysia. New York: IEEE, 2015: 730-734.
[17]	HE Kaiming, ZHANG Xiangyu, REN Shaoqin, et al. Deep Residual Learning for Image Recognition [C]//IEEE. 2016 IEEE Conference on Computer Vision and Pattern Recognition(CVPR), June 27-30, 2016, Las Vegas, NV. New York: IEEE, 2016: 770-778.
[18]	HUANG Gao, LIU Zhuang, MAATEN V D, et al. Densely Connected Convolutional Networks [C]//IEEE. 2017 IEEE Conference on Computer Vision and Pattern Recognition(CVPR), July 21-26, 2017, Honolulu, HI. New York: IEEE, 2017: 2261-2269.
[19]	KRIZHEVSKY A, SUTSKEVER I, HINTON G E. ImageNet Classification with Deep Convolutional Neural Networks[EB/OL]. http://www.image-net.org/challenges/LSVRC, 2019-12-23.
[20]	ZAREBA W, SUTSKEVER I, VINYALS O, Recurrent Neural Network Regularization[EB/OL]. https://arxiv.org/abs/1409.2329, 2014-9-8.

单元模块	层名	参数（卷积核大小、步长、填充）	输出通道数	输出特征图大小（长×宽×通道数）
Conv1_X	Conv1_1	3×3,1×1,1	64	32×32×64
	Conv1_2	3×3,1×1,1	64	32×32×64
	Maxpool_1	2×2,2,0	64	16×16×64
Conv2_X	Conv2_1	3×3,1×1,1	128	16×16×128
	Conv2_2	3×3,1×1,1	128	16×16×128
	Maxpool_2	2×2,2,0	128	8×8×128
Conv3_X	Conv3_1	3×3,1×1,1	256	8×8×256
	Conv3_2	3×3,1×1,1	256	8×8×256
	Conv3_3	3×3,1×1,1	256	8×8×256
	Maxpool_3	2×2,2,0	256	4×4×256
Conv4_X	Conv4_1	3×3,1×1,1	512	4×4×512
	Conv4_2	3×3,1×1,1	512	4×4×512
	Conv4_3	3×3,1×1,1	512	4×4×512
	Maxpool_4	2×2,2,0	512	2×2×512
Conv5_X	Conv5_1	3×3,1×1,1	512	2×2×512
	Conv5_2	3×3,1×1,1	512	2×2×512
	Conv5_3	3×3,1×1,1	512	2×2×512

样本类别	训练集（TFCTrain）	比列/%	测试集（TFCTest）	比例/%
Cridex	8778	12.85	1020	13.62
Htbot	10232	14.98	1047	13.98
Miuref	8106	11.86	940	12.56
Nsis-ay	9073	13.29	929	12.41
Virut	10702	15.66	1140	15.22
Zeus	9909	14.50	920	12.29
Normal	11519	16.86	1491	19.92
总量	68319	100.00	7487	100.00

软件版本	硬件配置
Windows 10	Intel Corei5-4200M CPU@2.50 GHz
Pycharm 2019	NVIDIA GeFoce RTX 2060 SUPER（8 GB）
Python 3.6.9	16 GB RAM
Pytorch 1.2.0	—

迭代次数	学习率
epoch∈(0,100]	0.005
epoch∈(100,200]	0.0025
epoch∈(200,300]	0.00125

类别	说明
真正类（TP）	模型预测为正的正样本
假正类（FP）	模型预测为正的负样本
假负类（FN）	模型预测为负的正样本
真负类（TN）	模型预测为负的负样本

基于改进双线性卷积神经网络的恶意网络流量分类算法

Classification of Malicious Network Traffic Based on Improved Bilinear Convolutional Neural Network

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 14

参考文献 20

相关文章 15

编辑推荐

Metrics

本文评价

预测数量实际数量	Cridex	Htbot	Miuref	Nsis-ay	Virut	Zeus	Normal
Cridex	1000	14	3	0	3	0	0
Htbot	52	827	29	23	96	11	9
Miuref	3	22	896	7	11	7	0
Nsis-ay	3	27	9	809	70	5	6
Virut	8	74	20	15	1016	6	1
Zeus	0	11	8	9	18	872	2
Normal	0	1	0	2	0	4	1484

网络流量分类算法	A/%	P/%	R/%	F/%
IBCNN	97.8	92.2	91.8	91.9
RNN	96.7	92.6	87.3	85.9
AlexNet	95.4	82.8	83.6	83
VGGNet-16	97	89.3	89.4	89.1

[1]	李桥, 龙春, 魏金侠, 赵静. 一种基于LMDR和CNN的混合入侵检测模型[J]. 信息网络安全, 2020, 20(9): 117-121.
[2]	刘大恒, 李红灵. QR码网络钓鱼检测研究[J]. 信息网络安全, 2020, 20(9): 42-46.
[3]	李世斌, 李婧, 唐刚, 李艺. 基于HMM的工业控制系统网络安全状态预测与风险评估方法[J]. 信息网络安全, 2020, 20(9): 57-61.
[4]	毕亲波, 赵呈东. 基于STRIDE-LM的5G网络安全威胁建模研究与应用[J]. 信息网络安全, 2020, 20(9): 72-76.
[5]	王湘懿, 张健. 基于图像和机器学习的虚拟化平台异常检测[J]. 信息网络安全, 2020, 20(9): 92-96.
[6]	来疆亮, 侯一凡, 卢旭明. 基于信息度量和损耗的网络安全系统综合效能分析研究[J]. 信息网络安全, 2020, 20(8): 81-88.
[7]	刘静, 张学谦, 刘全明. 混合Gabor的轻量级卷积神经网络的验证码识别研究[J]. 信息网络安全, 2020, 20(7): 77-84.
[8]	冉金鹏, 王翔, 赵尚弘, 高航航. 基于果蝇优化的虚拟SDN网络映射算法[J]. 信息网络安全, 2020, 20(6): 65-74.
[9]	孟相如, 徐江, 康巧燕, 韩晓阳. 基于熵权VIKOR的安全虚拟网络映射算法[J]. 信息网络安全, 2020, 20(5): 21-28.
[10]	张蕾华, 黄进, 张涛, 王生玉. 视频侦查中人像智能分析应用及算法优化[J]. 信息网络安全, 2020, 20(5): 88-93.
[11]	刘建伟, 韩祎然, 刘斌, 余北缘. 5G网络切片安全模型研究[J]. 信息网络安全, 2020, 20(4): 1-11.
[12]	王蓉, 马春光, 武朋. 基于联邦学习和卷积神经网络的入侵检测方法[J]. 信息网络安全, 2020, 20(4): 47-54.
[13]	赵志岩, 纪小默. 智能化网络安全威胁感知融合模型研究[J]. 信息网络安全, 2020, 20(4): 87-93.
[14]	黎水林, 祝国邦, 范春玲, 陈广勇. 一种新的等级测评综合得分算法研究[J]. 信息网络安全, 2020, 20(2): 1-6.
[15]	荆涛, 万巍. 面向属性迁移状态的P2P网络行为分析方法研究[J]. 信息网络安全, 2020, 20(1): 16-25.