基于主题模型的网络异常行为分类学习方法研究
计算机科学

计算机科学 ›› 2016, Vol. 43 ›› Issue (9): 57-60.doi: 10.11896/j.issn.1002-137X.2016.09.010

• 2015 年第三届CCF 大数据学术会议 • 上一篇    下一篇

基于主题模型的网络异常行为分类学习方法研究

马钲然,张博锋,王勇军   

  1. 国防科学技术大学计算机学院 长沙410072,国防科学技术大学计算机学院 长沙410072,国防科学技术大学计算机学院 长沙410072
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受国家自然科学基金项目(61472439,61303264,61271252)资助

Research on Studying Method of Network Anomalous Behaviors Classification Based on Topic Model

MA Zheng-ran, ZHANG Bo-feng and WANG Yong-jun   

  • Online:2018-12-01 Published:2018-12-01

PDF (PC)

912

摘要: 提出了一种新的用于学习和分辨网络异常行为的方法。与之前的工作相比,将采用主题模型对网络异常行为进行建模并构建分类器。根据连接的分类标签,在训练模型之前将数据集分成两部分,即正常的部分和异常的部分。通过分析模型参数对结果的影响可以发现α(主题的狄利克雷参数)和主题数量对于预测结果具有正相关性,而β(特征号的狄利克雷参数)对于预测结果具有负相关性。通过KDDCUP’99数据集对该模型进行评估,结果显示预测的准确度达到91.69%,比SVM等算法在正常和异常行为分类上的表现更好。

关键词: 主题模型,异常行为,分类器

Abstract: A novel approach to learn and identify the anomalous behaviors in network was proposed.Unlike previous work,the intrusion detection problem is mapped into the topic model and a classifier is built.Two kinds of connections,namely normal and anomalous ones,are separated before training the model according to the labels of the connections.By analyzing the effect of the parameters,it shows that α (Dirichlet parameter of topics) and the number of topics have positive correlation with the results of prediction,while β (Dirichlet parameter of feature numbers) has negative correlation with the results of prediction.This model was evaluated using KDDCUP’99 dataset.The result suggests that the prediction accuracy is up to 91.69% which outperforms SVM algorithm in normal and anomalous behaviors classification.

Key words: Topic model,Anomalous behavior,Classifier

[1] Garcia-Teodoro P,Diaz-Verdejo J,Macia-Fernandez G,et al.Anomaly-based network intrusion detection:Techniques,systems and challenges[J].Computers & Security,2009,28(1/2):18-28
[2] Blei D M,Ng A Y,Jordan M I.Latent dirichlet allocation[J].J.Mach.Learn.Res.,2003,3:993-1022
[3] Blei D M.Probabilistic topic models[J].Commun.ACM,2012,55(4):77-84
[4] Fei-Fei L,Perona P.A bayesian hierarchical model for learning natural scene categories[C]∥IEEE Computer Society Confe-rence on Computer Vision and Pattern Recognition,2005(CVPR 2005).IEEE,2005,2:524-531
[5] Cramer,Christopher,Carin L.Bayesian topic models for describing computer network behaviors[C]∥2011 IEEE International Conference on Acoustics,Speech and Signal Processing (ICASSP).IEEE,2011:1888-1891
[6] Newton B D.Anomaly Detection in Network Traffic Traces Using Latent Dirichlet Allocation.http://www.cs.unc.edu/~bn/BenNetwonFinalProjectReport.pdf
[7] Huang J,Kalbarczyk Z,Nicol D M.Knowledge Discovery from Big Data for Intrusion Detection Using LDA[C]∥2014 IEEE International Congress on Big Data (BigData Congress).IEEE,2014:760-761
[8] Kasliwal B,Bhatia S,Saini S,et al.A hybrid anomaly detection model using G-LDA[C]∥2014 IEEE International Advance Computing Conference (IACC).IEEE,2014:288-293
[9] http://kdd.ics.uci.edu/databases/kddcup 99/kddcup99.html
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发