A Deep Learning Approach for Network Anomaly Detection Based on AMF-LSTM

  • Mingyi Zhu
  • Kejiang YeEmail author
  • Yang Wang
  • Cheng-Zhong Xu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11276)


The Internet and computer networks are currently suffering from different security threats. This paper presents a new method called AMF-LSTM for abnormal traffic detection by using deep learning model. We use the statistical features of multi-flows rather than a single flow or the features extracted from log as the input to obtain temporal correlation between flows, and add an attention mechanism to the original LSTM to help the model learn which traffic flow has more contributions to the final results. Experiments show AMF-LSTM method has high accuracy and recall in anomaly type identification.



This work is supported by the National Key R&D Program of China (No. 2018YFB1004804), National Natural Science Foundation of China (No. 61702492, U1401258), and Shenzhen Basic Research Program (No. JCYJ20170818153016513, JCYJ20170307164747920).


  1. 1.
    Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)CrossRefGoogle Scholar
  2. 2.
    Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)CrossRefGoogle Scholar
  3. 3.
    Benson, T., Akella, A., Maltz, D.A.: Network traffic characteristics of data centers in the wild. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, pp. 267–280 (2010)Google Scholar
  4. 4.
    Zhu, M., Ye, K., Xu, C.-Z.: Network anomaly detection and identification based on deep learning methods. In: Luo, M., Zhang, L.-J. (eds.) CLOUD 2018. LNCS, vol. 10967, pp. 219–234. Springer, Cham (2018). Scholar
  5. 5.
    Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017)CrossRefGoogle Scholar
  6. 6.
    Chorowski, J.K., Bahdanau, D., Serdyuk, D., Cho, K., Bengio, Y.: Attention-based models for speech recognition. In: Advances in Neural Information Processing Systems, pp. 577–585 (2015)Google Scholar
  7. 7.
    Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)CrossRefGoogle Scholar
  8. 8.
    Intrusion detection evaluation dataset (cicids2017) (2018).
  9. 9.
  10. 10.
    Sun, B., Osborne, L., Xiao, Y., Guizani, S.: Intrusion detection techniques in mobile ad hoc and wireless sensor networks. IEEE Wirel. Commun. 14(5), 56–63 (2007)CrossRefGoogle Scholar
  11. 11.
    Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An overview of IP flow-based intrusion detection. IEEE Commun. Surv. Tutor. 12(3), 343–356 (2010)CrossRefGoogle Scholar
  12. 12.
    Abbes, T., Bouhoula, A., Rusinowitch, M.: Efficient decision tree for protocol analysis in intrusion detection. Int. J. Secur. Netw. 5(4), 220–235 (2010)CrossRefGoogle Scholar
  13. 13.
    Khan, M.S.A.: Rule based network intrusion detection using genetic algorithm. Int. J. Comput. Appl. 18(8), 26–29 (2011)Google Scholar
  14. 14.
    Amini, M., Jalili, R., Shahriari, H.R.: RT-UNNID: a practical solution to real-time network-based intrusion detection using unsupervised neural networks. Comput. Secur. 25(6), 459–468 (2006)CrossRefGoogle Scholar
  15. 15.
    Thilina, A., et al.: Intruder detection using deep learning and association rule mining. In: IEEE International Conference on Computer and Information Technology (CIT), pp. 615–620 (2016)Google Scholar
  16. 16.
    Yuan, F., Cao, Y., Shang, Y., Liu, Y., Tan, J., Fang, B.: Insider threat detection with deep neural network. In: Shi, Y., et al. (eds.) ICCS 2018. LNCS, vol. 10860, pp. 43–54. Springer, Cham (2018). Scholar
  17. 17.
    Kim, J., Kim, J., Thu, H.L.T., Kim, H.: Long short term memory recurrent neural network classifier for intrusion detection. In: International Conference on Platform Technology and Service (PlatCon), pp. 1–5 (2016)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  • Mingyi Zhu
    • 1
  • Kejiang Ye
    • 1
    Email author
  • Yang Wang
    • 1
  • Cheng-Zhong Xu
    • 1
  1. 1.Shenzhen Institutes of Advanced TechnologyChinese Academy of SciencesShenzhenChina

Personalised recommendations