Bayesian Optimized DAE-MLP Malicious Traffic Identification Model

doi:10.3969/j.issn.1671-1122.2025.09.014

Abstract

Abstract:

With the rapid development of Internet technology, the issue of network security has become increasingly serious, and malicious traffic has emerged as a significant problem in the field of network security. This paper first preprocessed and fused the NSL-KDD, CSIC 2010, and CICIDS2017 network intrusion detection datasets to form the research dataset for this study. Then, it investigated a malicious traffic feature extraction algorithm based on DAE, which effectively extracted traffic features with strong robustness. The hyperparameters of the malicious traffic identification algorithm based on DAE-MLP were optimized and adjusted using bayesian optimization. Comparative experimental analyses were conducted on several typical machine learning and deep learning algorithms. Compared with traditional machine learning and deep learning methods, the malicious traffic identification method proposed in this paper has stronger data representation and automatic feature learning capabilities, lower computational complexity, and can better capture complex patterns in the data, while also being interpretable.

Key words: malicious traffic identification, fusion model, feature extraction, intrusion detection, deep learning

CLC Number:

TP309

WANG Xinmeng, CHEN Junbao, YANG Yitao, LI Wenjin, GU Dujuan. Bayesian Optimized DAE-MLP Malicious Traffic Identification Model[J]. Netinfo Security, 2025, 25(9): 1465-1472.

Figures/Tables 14

References 15

[1]	MASEER Z K, YUSOF R, BAHAMAN N, et al. Benchmarking of Machine Learning for Anomaly Based Intrusion Detection Systems in the CICIDS2017 Dataset[J]. IEEE Access, 2021, 9: 22351-22370.
[2]	SANCHEZ O R, REPETTO M, CARREGA A, et al. Evaluating ML-Based DDoS Detection with Grid Search Hyperparameter Optimization[C]// IEEE. 2021 IEEE 7th International Conference on Network Softwarization. New York: IEEE, 2021: 402-408.
[3]	ELSAYED M S, LE-KHAC N A, DEV S, et al. DDoSNet: A Deep-Learning Model for Detecting Network Attacks[C]// IEEE. IEEE 21st International Symposium on a World of Wireless, Mobile and Multimedia Networks. New York: IEEE, 2020: 391-396.
[4]	SADAF K, SULTANA J. Intrusion Detection Based on Autoencoder and Isolation Forest in Fog Computing[J]. IEEE Access, 2020, 8: 167059-167068.
[5]	AMIRI F, YOUSEFI M R, LUCAS C, et al. Mutual Information-Based Feature Selection for Intrusion Detection Systems[J]. Journal of Network and Computer Applications, 2011, 34(4): 1184-1199.
[6]	MUKHERJEE S, SHARMA N. Intrusion Detection Using Naive Bayes Classifier with Feature Reduction[J]. Procedia Technology, 2012, 4: 119-128.
[7]	RAO B B, SWATHI K. Fast KNN Classifiers for Network Intrusion Detection System[J]. Indian Journal of Science and Technology, 2017, 10(14): 1-10.
[8]	THASEEN I S, KUMAR C A. Intrusion Detection Model Using Fusion of PCA and Optimized SVM[C]// IEEE. 2014 International Conference on Contemporary Computing and Informatics. New York: IEEE, 2014: 879-884.
[9]	CAO Yangchen, ZHU Guosheng, QI Xiaoyun, et al. Research on Intrusion Detection Classification Based on Random Forest[J]. Computer Science, 2021, 48(S1): 459-463.
	曹扬晨, 朱国胜, 祁小云, 等. 基于随机森林的入侵检测分类研究[J]. 计算机科学, 2021, 48(S1): 459-463.
[10]	FAN Yuchen. Research on Intrusion Detection Based on Deep Learning and Association Rules[D]. Beijing: China Academy of Railway Sciences Corporation Limited, 2022.
	范禹辰. 基于深度学习和关联规则的入侵检测研究[D]. 北京: 中国铁道科学研究院, 2022.
[11]	HOU Yuluo. Research on Malicious HTTP Request Detection Based on Machine Learning[D]. Chengdu: University of Electronic Science and Technology of China, 2022.
	侯禹洛. 基于机器学习的恶意HTTP请求检测研究[D]. 成都: 电子科技大学, 2022.
[12]	GONG Xinyu. Research on Deeplearning Based Web Attack Detection[D]. Shanghai: Shanghai Jiao Tong University, 2020.
	龚昕宇. 基于深度学习的Web攻击检测研究[D]. 上海: 上海交通大学, 2020.
[13]	VARTOUNI A M, KASHI S S, TESHNEHLAB M. An Anomaly Detection Method to Detect Web Attacks Using Stacked Auto-Encoder[C]// IEEE. 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems. New York: IEEE, 2018: 131-134.
[14]	CHAKIR O, REHAIMI A, SADQI Y, et al. An Empirical Assessment of Ensemble Methods and Traditional Machine Learning Techniques for Web-Based Attack Detection in Industry 5.0[J]. Journal of King Saud University-Computer and Information Sciences, 2023, 35(3): 103-119.
[15]	KAMAL H, MASHALY M. Advanced Hybrid Transformer-CNN Deep Learning Model for Effective Intrusion Detection Systems with Class Imbalance Mitigation Using Resampling Techniques[EB/OL]. (2024-12-23)[2025-06-01]. https://doi.org/10.3390/fi16120481.

protocol_type_icmp	protocol_type_tcp	flag_SF	…
0	1	0	…
0	1	1	…
1	0	1	…
0	1	0	…
0	1	1	…
0	1	1	…

flag_SF	duration	src_bytes	dst_bytes
0	0	0	0
1	2	12983	0
1	0	20	0
0	1	0	15
1	0	267	14515
1	0	1022	387

模块	层类型	参数说明	输入/输出
DAE	加噪层	σ=0.3高斯噪声	原始输入（n=121）
	编码器	FC层：[121→64→30]、ReLU	低维特征（d=30）
	解码器	FC层：[30→64→121]、ReLU	重建输出（n=121）
MLP	输入层	接收DAE特征（d=30）	输入层
	隐藏层1	256神经元、ReLU、Dropout=0.5	—
	隐藏层2	128神经元、ReLU	—
	输出层	5神经元、Softmax	攻击类型分类

参数	取值	选择依据
噪声分布	N(0,σ2)	对称分布不引入偏差，零均值保持原始数据中心性
噪声标准差σ	0.3	基于特征尺度分析，约占特征动态范围的30%
噪声范围	全局添加	对所有输入特征施加相同强度噪声，避免选择性扰动导致的局部过适应
特征裁剪	[0,1]	匹配输入特征的归一化范围，防止噪声破坏数据结构

优化方法	计算复杂度	是否适配本文
网格搜索	$O({{k}^{d}})$	否（维度灾难）
随机搜索	$O\left( n \right)$	部分适配（收敛慢）
BO	$O({{n}^{2}})$	是