  • 张文哲,杨栋,魏松杰.交互博弈引导的网络流量异常检测建模方法研究[J].信息安全学报,2024,9(2):36-46    [点击复制]
  • ZHANG Wenzhe,YANG Dong,WEI Songjie.Interactive-Gaming Guided Modeling and Detection for Network Traffic Anomaly Detection[J].Journal of Cyber Security,2024,9(2):36-46   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭


过刊浏览    高级检索

本文已被:浏览 7996次   下载 4929 本文二维码信息
张文哲, 杨栋, 魏松杰
(南京理工大学 计算机科学与工程学院 南京 中国 210094)
关键词:  动态贝叶斯博弈  强化学习  网络流量  异常检测
Interactive-Gaming Guided Modeling and Detection for Network Traffic Anomaly Detection
ZHANG Wenzhe, YANG Dong, WEI Songjie
(School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China)
Since system intrusion through network traffic may cause serious damages, it is of great value to research for more accurate methods for network traffic recognition and anomaly classification. Traditional machine-learning based detection methods rely only on data, with the model training and application procedures lack interaction with domain users, which makes the mode just mystery running in a black box. The domain experts in network anomaly detection scenarios cannot provide instant feedback about the model detection results to the system, and thus the detection system is short of adaptability and self-correction capability in these scenarios. This paper proposes an interaction guided network traffic anomaly detection based on the improved reinforcement learning procedure with the dynamic Bayesian gaming. The new model training and detection procedure enables system administrators and domain experts to return feedbacks about the model behaviors into the system as incentive signals for feature focusing and model convergence. System administrators and detection models are interacting with each other following the gaming theory to approximate a dynamic equilibrium state. We design the interactive gaming strategy to control the interaction frequency and content, which optimize the detection model to achieve dynamic adaptability to the current network traffic scenarios, with constrained interaction overhead. We have conduct experiments with public dataset for traffic anomaly detection to verify the interactive gaming performance, detection improvement and effectiveness. The experimental results effectively prove that the interaction-guided model has good adaptability and usability in dynamic scenarios. It can make the interaction frequency controllable by adjusting parameters. It can achieve a balance between performance and interaction frequency on data sets of different types and scenarios. Compared with traditional machine learning methods, the interactive guided model improves the overall detection performance of the model. Results show that the detection performance is improve by 0.01% for every 0.02% more interaction frequency.
Key words:  dynamic Bayesian gaming  reinforcement learning  network traffic  anomaly detection