Network Traffic Anomaly Detection Method Based on Multi scale Residual Feature
This work addresses network security monitoring by enhancing anomaly detection, but it appears incremental as it builds on existing techniques like wavelet transforms and autoencoders.
The authors tackled the problem of insufficient feature mining in long time domains for network traffic anomaly detection by proposing a method using multi-scale residual features, which significantly improved detection performance compared to traditional methods.
To address the problem that traditional network traffic anomaly detection algorithms do not suffi-ciently mine potential features in long time domain, an anomaly detection method based on mul-ti-scale residual features of network traffic is proposed. The original traffic is divided into subse-quences of different time spans using sliding windows, and each subsequence is decomposed and reconstructed into data sequences of different levels using wavelet transform technique; the stacked autoencoder (SAE) constructs similar feature space using normal network traffic, and gen-erates reconstructed error vector using the difference between reconstructed samples and input samples in the similar feature space; the multi-path residual group is used to learn reconstructed error The traffic classification is completed by a lightweight classifier. The experimental results show that the detection performance of the proposed method for anomalous network traffic is sig-nificantly improved compared with traditional methods; it confirms that the longer time span and more S transformation scales have positive effects on discovering potential diversity information in the original network traffic.