基于分层自编码器的异常网络流量检测

摘要：通过研究现有异常网络流量检测技术存在的问题，提出了一种分层自编码器（HAE）集成模型，以无监督的学习方式摆脱了传统检测方法对于样本标签和攻击样本的依赖，以分层集成的方式学习正常流量的多种分布特征提高单个自编码的检测效果。与现有集成学习方式不同，HAE以串行的方式学习上一自编码器学得不好的样本，降低了训练和测试时间。仿真实验结果表明，相比传统的异常检测方法，HAE具有更高的检测率。

关键词：分层自编码器；异常网络流量检测；无监督学习方法；集成学习

Abstract: By studying the problems existing in the existing Malicious network traffic detection technology, a Hierarchical AutoEncoder  (HAE) ensemble model is proposed, which gets rid of the dependence of traditional detection methods on sample labels and attack samples by unsupervised learning, learns various distribution characteristics of normal traffic by hierarchical integration, and improves the detection effect of single Autoencoder. Different from the existing ensemble learning methods, HAE learns the samples that the previous self-encoder did not learn well in a serial way, which reduces the training and testing time. Simulation results show that HAE has a higher detection rate than traditional anomaly detection methods.

Keywords: HAE; malicious network traffic detection; unsupervised learning method; ensemble learning