GPT Method Based Traffic Anomaly Detection for Space-ground Integrated Network
Pages 452 - 457
Abstract
The Space-ground integrated network consists of deep space network, space network and ground network. The ground network is vulnerable to network attacks due to its complex networking structure, high randomness of device access, limited node processing capacity and computing resources. This paper focuses on traffic anomaly detection from the perspective of Space-ground integrated network security. We mine the characteristics of traffic data and use the GPT method to detect abnormal traffic. We suggest incorporating GPT-style loss as a semi-supervised auxiliary term to aid in training. This paper solves the problem that 1) Traditional RNN and LSTM methods have insufficient context detection performance and cannot be parallelized. 2) Improve the traffic classification performance with limited labeled data. The network simulation software CORE is used to simulate the Space-ground network structure. We inject DOS attacks into the nodes of the ground network and conduct binary classification experiments on abnormal traffic. Experiments demonstrate the proposed method greatly reduces the requirements of labeled data in network anomaly detection. On simulation dataset, given only 5% training labels, our approach achieves a significant 98.92% accuracy and 98.74% F1-score.
References
[1]
LIU L X. Space-and-ground integration network [M]. Beijing: Science Press, 2015.
[2]
Alec Radford, Karthik Narasimhan, Tim Salimans, Improving Language Understandingby Generative Pre-Training. 2018. https://s3-us-west-2.amazonaws.com/openai-assets/research-covers/language-unsupervised/language_understanding_paper.pdf
[3]
Alec Radford, Jeffrey Wu, Rewon Child, Language Models are Unsupervised Multitask Learners. 2019. https://cdn.openai.com/better-language-models/language_models_are_unsupervised_multitask_learners.pdf
[4]
W. Wang, M.Zhu, J. Wang, X. Zeng, and Z. Yang. End-to-end encrypted traffic classification with one-dimensional convolution neural networks [C]//Proceedings of the IEEE International Conference on Intelligence and Security Informatics, 2017, pp.43-48.
[5]
T. T. T. Nguyen and G. Armitage. A survey of techniques for internet traffic classification using machine learning [C]//Proceedings of the IEEE Communications Surveys & Tutorials, 2008, 10(4): 56-76.
[6]
Graves A. Long short-term memory [J]. Supervised sequence labelling with recurrent neural networks, 2012: 37-45.
[7]
Chung J, Gulcehre C, Cho K H, Empirical evaluation of gated recurrent neural networks on sequence modeling [J]. arXiv preprint arXiv:1412.3555, 2014.
[8]
Mirza A H, Cosan S. Computer network intrusion detection using sequential LSTM neural networks autoencoders [C]//2018 26th signal processing and communications applications conference (SIU). IEEE, 2018: 1-4.
[9]
Yin C, Zhu Y, Fei J, A deep learning approach for intrusion detection using recurrent neural networks [J]. Ieee Access, 2017, 5: 21954-21961.
[10]
Wang S, Xia C, Wang T. A novel intrusion detector based on deep learning hybrid methods [C]//2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing,(HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). IEEE, 2019: 300-305.
[11]
PAN C, WANG Y, YANG L, Traffic Prediction of Space-Integrated-Ground Information Network Based on Improved LSTM Algorithm [J]. Space-Integrated-Ground Information Networks, 2020 (1): 57-65.
[12]
Chalapathy R,Menon A K, Chawla S. Robust, deep and inductive anomalydetection [C]//Joint European Conference on Machine Learning and KnowledgeDiscovery in Databases. Springer, Cham, 2017: 36-51.
[13]
Niu S, Liu Y, Wang J, A decade survey of transfer learning (2010-2020) [J]. IEEE Transact ions on Artificial Intelligence, 2020, 1(2):151-166.
[14]
Erfani SM,Rajasegarar S, Karunasekera S, High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning [J. PatternRecognition, 2016, 58:121-134.
[15]
Vaswani A, Shazeer N, Parmar N, Attention is all you need [J]. Advances in neural information processing systems, 2017, 30.
[16]
Tsung-Yi Lin, Priya Goyal, Ross Girshick, Kaiming He, and Piotr Dollar. Focal loss for dense object detection. In Proceedings of the IEEE international conference on computer vision, pages 2980–2988, 2017.
[17]
Cohn-Gordon K, Cremers C, Dowling B, A formal security analysis of the signal messaging protocol [C]//2017 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 2017: 451-466.
[18]
Revathi S, Malathi A .A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection [J].ESRSA Publications, 2013 (12).
[19]
Ali Shiravi, Hadi Shiravi, Mahbod Tavallaee, and Ali A Ghorbani. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. computers & security, 31(3):357–374, 2012.
[20]
Moustafa N, Slay J .UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) [C]//Military Communications and Information Systems Conference (MilCIS), 2015.IEEE, 2015.
Index Terms
- GPT Method Based Traffic Anomaly Detection for Space-ground Integrated Network
Recommendations
Network traffic analysis over clustering-based collective anomaly detection
AbstractDue to the ever-growing presence of network traffic, there has been a considerable amount of research on anomaly detection in network traffic by clustering. Most of them have not considered the problem that collective anomaly detection ...
Anomaly Detection of Hostile Traffic Based on Network Traffic Distributions
Information Networking. Towards Ubiquitous Networking and ServicesProtecting network systems against novel attacks is a pressing problem. In this paper, we propose a new anomaly detection method based on inbound network traffic distributions. For this purpose, we first present the diverse distributions of TCP/IP ...
A Class of Non-statistical Traffic Anomaly Detection in Complex Network Systems
ICDCSW '12: Proceedings of the 2012 32nd International Conference on Distributed Computing Systems WorkshopsRecently Network traffic anomaly detection has become a popular research tendency, as it can detect new attack types in real time. The real-time network traffic anomaly detection is still an unsolved problem of network security. The network traffic ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2023
1156 pages
ISBN:9798400716478
DOI:10.1145/3656766
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 June 2024
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICBAR 2023
ICBAR 2023: 2023 3rd International Conference on Big Data, Artificial Intelligence and Risk Management
November 24 - 26, 2023
Chengdu, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 92Total Downloads
- Downloads (Last 12 months)92
- Downloads (Last 6 weeks)30
Reflects downloads up to 17 Nov 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in