问题遇到的现象和发生背景
使用tensorflow.keras.gru搭建网络模型做流量分析
Layer (type) Output Shape Param #
input_1 (InputLayer) (None, 100, 160)] 0
gru (GRU) (None, 64) 43392
dense (Dense) (None, 64) 4160
dropout (Dropout) (None, 64) 0
dense_1 (Dense) (None, 16) 1040
dropout_1 (Dropout) (None, 16) 0
dense_2 (Dense) (None, 2) 34
softmax (Softmax) (None, 2) 0
Total params 48,626
Trainable params 48,626
Non-trainable params 0
Process finished with exit code 0
训练过程正常收敛acc 99%,loss 0.0043%
问题相关代码,请勿粘贴截图
将实时流量保存本地,分批输入模型,在使用model.predict时返回结果是 [ [0.5,0.5]
[0.5,0.5] ]
else:
from utils.decision_making import send_attack_ip
logger.warning("Programme started in predict mode!")
model = GRUModel(model_config)
trainer = UniversalTrainer(model.get_model(), None, trainer_config)
#trainer.load("logs/CIC_DDoS_2019/release/save.h5")
# capture and predict
logger.info("Start capture and predict...")
predict_index = 0
record_dict = {}
while True:
predict_index += 1
logger.info("Predict turn %s", predict_index)
logger.info("Capturing...")
capture_pcap(CAPTURE_FILE, INTERFACE, TIMEOUT, COUNT)
logger.info("Capture done, generating predict set...")
predict_feature_list = list(load_feature_without_label([CAPTURE_FILE, ],
pkt_in_each_flow_limit=RNN_SHAPE[0],
sample_limit=5000))
predict_label_dict = generate_default_label_dict(predict_feature_list, default_label=[0.0, 1.0])
logger.debug("Predict feature list: %s", predict_feature_list)
logger.debug("Predict label dict: %s", predict_label_dict)
predict_preprocessor = PcapPreprocessor(predict_preprocessor_config, predict_label_dict,
predict_feature_list)
predict_set = GenericPcapDataLoader(predict_data_loader_config)
if predict_set.get_dataset() is not None:
# try:
# trainer.evaluate(predict_set.get_dataset())
# except TypeError:
# logger.error("No data, continue...")
result_list = []
premake = predict_set.get_dataset()
# premake = np.reshape(premake, (premake.shape[0], 1, premake.shape[1]))
for flow_id, flow, label in premake:
# print("predict_set.get_dataset() is :",predict_set.get_dataset())
print("flow is :", flow)
#trainer.model.summary()
predict_result = np.argmax(trainer.model.predict(flow), axis=-1)
print("trainer.model.predict(flow) is :",trainer.model.predict(flow))
print("predict_result is :",predict_result)
result_list.append(np.average(predict_result))
# print("result_list is :",result_list)
logger.debug("Predict flow id: %s, label: %s", flow_id[0].numpy().decode("utf-8"),
predict_result[0])
ip_addr = flow_id.numpy()[0].decode("utf-8").split("-")[0]
if predict_result[0] == 1:
send_attack_ip(ip_addr)
if result_list:
logger.warning("Attack: about %s%%", int(np.average(result_list) * 100))
record_dict[time.time()] = int(np.average(result_list) * 100)
运行结果及报错内容
> flow is : tf.Tensor(
[[[0. 0. 0. ... 0. 0. 0.]
[0. 0. 0. ... 0. 0. 0.]
[0. 0. 0. ... 0. 0. 0.]
[0. 0. 0. ... 0. 0. 0.]
[0. 0. 0. ... 0. 0. 0.]
[0. 0. 0. ... 0. 0. 0.]]], shape=(1, 100, 160), dtype=float32)
trainer.model.predict(flow) is [[0.5 0.5]]
predict_result is [0]
predict结果一直都是0.5
我的解答思路和尝试过的方法
校对过数据输入格式什么的和更改模型结构,发现只要去掉GRU层就能够正常检测到流量,即predict能够返回合理预测值、
【更改原CNN模型为GRU在DDOS入侵检测】
CNN含义:卷积神经网络,是深度学习中非常常见的算法(模型)
CNN模型经典模型:LeNet-5、AlexNeT、VGG-16、GoogLeNet
参考链接:https://zhuanlan.zhihu.com/p/344562609
科普小知识:LSTMs/LSTM长短记忆网络
GRU门控递归单元。
DDOS分布式拒绝服务攻击
参考链接:http://www.jinhansafe.com/2483.html