| 引用本文: |
-
胡家熙,于光喜,张棪,贾丙豪,马伟,王伟平.MultiTS:基于多维时间序列关联分析的核心网 KPI异常检测方法[J].信息安全学报,已采用 [点击复制]
- HU Jiaxi,YU Guangxi,ZHANG Yan,JIA Binghao,MA Wei,WANG Weiping.MultiTS: A Core Network KPI Anomaly Detection Method Based on Multi-dimensional Time Series Correlation Analysis[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 第五代移动通信技术(5G)日趋成熟,不断推动着新业务的发展,核心网作为5G网络中的重要组成部分,承载着多项关键业务和海量数据,但同时也面临着多样的安全威胁。核心网中的关键性能指标(KPI)可以从多个方面反映出网络的各项性能和运行状态,通过观察各项KPI的波动情况,网络管理人员可以全面地监控网络各项性能,保证网络服务质量,及时识别并响应潜在的网络安全问题。针对5G核心网,本文提出了MultiTS,一种基于无监督学习的多维KPI关联分析异常检测方法。MultiTS由时序预测与残差计算模块、KPI时序关联提取模块以及异常检测模块三个模块组成,它利用时序预测和残差计算来提取时间维度信息,同时通过关联分析挖掘多维KPI之间的内在联系,从而实现全局异常、局部异常和段异常的准确检测。实验表明,在数据分布不平衡且无标注信息的现网场景下,MultiTS在检测多维KPI时间序列中的异常时表现优于现有的主流异常检测方法,召回率和F1分数分别平均提升了21.6%和9%。此外,与传统的对多个KPI逐个分析的方法相比,显著提高了计算效率,可以完成近实时的异常检测和异常告警。因此,MultiTS为5G核心网提供了一个高效可靠的异常检测解决方案,具有重要的实际应用价值。 |
| 关键词: 5G核心网 异常检测 多维KPI分析 核心网安全 时间序列分析 |
| DOI: |
| 投稿时间:2024-04-12修订日期:2024-09-03 |
| 基金项目: |
|
| MultiTS: A Core Network KPI Anomaly Detection Method Based on Multi-dimensional Time Series Correlation Analysis |
|
HU Jiaxi1, YU Guangxi1, ZHANG Yan2, JIA Binghao2, MA Wei2, WANG Weiping2
|
| (1.Institute of Information Engineering;2.Institute of Information Engineering, Chinese Academy of Sciences) |
| Abstract: |
| The fifth generation mobile communication technology (5G) is becoming increasingly mature, continuously driving the development of new businesses. As an indispensable component of the 5G network architecture, the core network plays a crucial role in bearing numerous key services and a vast amount of data, but it also faces a variety of security threats. Key Performance Indicators (KPIs) within the core network can reflect various aspects of the network's performance and operational status. By continuous monitoring the fluctuations in these KPIs, network administrators can comprehensively oversee network performance, guarantee the quality of network services, whilst identify and respond to potential network security issues in a timely manner. In particular for the 5G core network, this paper introduces MultiTS, an unsupervised learning-based method for multi-dimensional KPI correlation analysis and anomaly detection. MultiTS consists of three modules: time series forecasting and residual calculation, KPI time series correlation extraction, and anomaly detection. It utilizes time series forecasting and residual calculation to extract temporal dimension information, while also employing correlation analysis to uncover the intrinsic connections among multi-dimensional KPIs, thereby achieving accurate de-tection of global, contextual, and collective anomalies. Experiments demonstrate that under a real world communication network dataset, with imbalanced data distribution and an absence of labeled information, MultiTS outperforms existing mainstream anomaly detection methods in identifying anomalies within multi-dimensional KPI time series, with an aver-age increase of 21.6% in recall rate and 9% in F1 score respectively. Furthermore, in contrast to traditional methodologies that analyze each KPI in isolation, this approach significantly improves computational efficiency, enabling near real-time anomaly detection and alerting. In conclusion, MultiTS presents itself as an exceptionally efficient and reliable anomaly detection solution for the 5G core network, possessing substantial practical application value and contributing meaning-fully to the advancement of network security measures. |
| Key words: 5G core networks anomaly detection multi-dimensional KPI core network security time series analysis |
