Junchi Xing,Chunming Wu

DOI: https://doi.org/10.1109/INFOCOMWKSHPS50562.2020.9162940

2020-01-01

Abstract:The widely used encryption of network traffic poses a great challenge to anomaly detection. Currently, the supervised and semi-supervised solutions suffer from the problems of noisy label of data, non-stationary traffic distribution, and huge resource consumption for offline training. To address this, in this paper, we present an unsupervised, robust, and online anomaly detection method for encrypted traffic by using deep dictionary learning, called D2LAD. D2LAD offers the potential to extract sequential features from raw encrypted traffic data with the help of an LSTM-based autoencoder. Then, according to the sequential features, D2LAD is able to explore the hidden normal patterns by iterative deep dictionary learning. Eventually, D2LAD can obtain the anomaly score of raw data by calculating its relevance to the deep dictionary. We implement a prototype of D2LAD and evaluate its effectiveness and performance by experiments using realistic datasets. The experimental results show that our method achieves high accuracy and low resource usage, and outperforms the representative state-of-the-art methods in real-world settings.

Tangda Yu,Futai Zou,Linsen Li,Ping Yi

DOI: https://doi.org/10.1109/cyberc.2019.00020

2019-01-01

Abstract:In recent years, with the widespread use of encrypted traffic communication technology, network traffic encryption has been gradually becoming a standard of communication. This phenomenon has a great impact on traditional traffic detection methods, especially on anomaly detection methods, which are highly dependent on the type of network protocol types and traffic data. By surveying the existing encrypted traffic classification and analyzing these methods, we found that there are two main methods for detection: payload-based detection and feature-based detection. On this basis, this paper puts forward an Encrypted Malicious Traffic Detection System which is based on multi-AEs(Autoencoder). We use malicious sandbox for traffic data collection, mark malicious flow and normal flow with labels. After that, we use multilayer networks of AEs for feature extraction and training classifier model. Our system analyzes the feature of cryptographic protocol from handshake phase to Authentication phase on the basis of existing research, and we extract the traffic feature for a better classification by further expanding flow feature vector to the higher dimensions. In addition, we compared the performance of our model with the traditional learning model under the same environment. The experimental results showed that our system had higher detection accuracy and lower loss rate. We also studied the influence of dataset imbalance on results in the detection of encrypted traffic by several experiments. According to the experimental evaluation, dataset imbalance will lead to the decrease of positive rate.

Shangbin Han,Qianhong Wu,Han Zhang,Bo Qin

DOI: https://doi.org/10.1109/dsc55868.2022.00034

2022-01-01

Abstract:Users and businesses in the network frequently suffer from attacks by malware like privacy breach. While encrypted traffic protects users and businesses, it also provides convenience for attackers to avoid detection. Existing anomaly detection systems use supervised learning with high-dimension features and employ experts for labeling. However, our exploration reveals that high-dimension features will reduce the efficiency of the classification model. Besides, their training needs abundant high-quality labels, which is difficult to obtain in practice. Facing these challenges, in this paper, we propose an unsupervised anomaly detection method, which adopts the three-layer Autoencoder for feature compression to improve model running efficiency and employs the classical Kmeans algorithm to achieve unsupervised classification. When training the Autoencoder, we only use the normal encrypted traffic. We compare the performance of our method against the state-of-the-art anomaly detection algorithms using open encrypted malware traffic data set. The results demonstrate that our method can achieve the Fl-measure of 0.95, which is competitive with supervised learning algorithms.

Zecheng Li,Shengyuan Chen,Hongshu Dai,Dunyuan Xu,Cheng-Kang Chu,Bin Xiao

DOI: https://doi.org/10.1109/tr.2022.3204349

IF: 5.883

2022-01-01

IEEE Transactions on Reliability

Abstract:Abnormal traffic detection is the core component of the network intrusion detection system. Although semisupervised methods can detect zero-day attack traffic, previous work suffers from high false alarms because the trained model is simply based on normal traffic. In this article, we propose an accurate abnormal traffic detection method using pseudoanomaly, consisting of an efficient feature extraction framework and a novel denoise autoencoder-generative adversarial network (DAE-GAN) model. The feature extraction framework adopts an innovative packet window scheme to extract spatial and temporal features from traffic flows. The DAE-GAN model has multiple DAEs to achieve efficient data augmentation and generate high-quality pseudoanomalies. The pseudoanomalies are obtained by adding noise on normal traffic and enhanced by adversarial learning in DAE-GAN. Our semisupervised detection method, exploiting both normal data and generated pseudoanomalies, achieves a precision of 98.6 on the NSL-KDD dataset and 98.5 on the UNSW-NB15 dataset. Compared with the state-of-the-art, the detection precision and recall under different user behaviors are significantly improved. The evaluation on four attack datasets shows that our method has a high flow-wise precision of over 99 and a high recall of 60.6.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Willian T. Lunardi,Martin Andreoni Lopez,Jean-Pierre Giacalone

DOI: https://doi.org/10.48550/arXiv.2205.01432

IF: 5.414

2022-05-03

Machine Learning

Abstract:As the number of heterogenous IP-connected devices and traffic volume increase, so does the potential for security breaches. The undetected exploitation of these breaches can bring severe cybersecurity and privacy risks. Anomaly-based \acp{IDS} play an essential role in network security. In this paper, we present a practical unsupervised anomaly-based deep learning detection system called ARCADE (Adversarially Regularized Convolutional Autoencoder for unsupervised network anomaly DEtection). With a convolutional \ac{AE}, ARCADE automatically builds a profile of the normal traffic using a subset of raw bytes of a few initial packets of network flows so that potential network anomalies and intrusions can be efficiently detected before they cause more damage to the network. ARCADE is trained exclusively on normal traffic. An adversarial training strategy is proposed to regularize and decrease the \ac{AE}'s capabilities to reconstruct network flows that are out-of-the-normal distribution, thereby improving its anomaly detection capabilities. The proposed approach is more effective than state-of-the-art deep learning approaches for network anomaly detection. Even when examining only two initial packets of a network flow, ARCADE can effectively detect malware infection and network attacks. ARCADE presents 20 times fewer parameters than baselines, achieving significantly faster detection speed and reaction time.

Mai Ye,Shiming Men,Lei Xie,Bing Chen

DOI: https://doi.org/10.1145/3605801.3605807

2023-01-01

Abstract:APT(Advanced Persistent Threat) are known for their stealth, persistence, and sophistication, often carried out by skilled and well-funded attackers. To detect and investigate APT attacks at the host-level, scholars have extensively studied the provenance graph, which preserves the complete attack context. However, existing methods have impractical requirements for data collection and threshold setting, severely impacting their real-world performance. In this paper, we propose GCA (Graph Competitive Autoencoder), a GNN-based graph-level anomaly detection system. We first extract entities and their interactions from host logs to construct a provenance graph. Subsequently, we utilize GNN (Graph Neural Network) as a graph encoder to obtain graph-level embeddings. In the anomaly detection part, we use the competitive autoencoder and mutual information maximization to identify the attack graph. With this model, we can conduct graph-level anomaly detection even when the training data is partially contaminated, without manually setting the threshold. We deploy and evaluate our model on the public dataset StreamSpot. Our results show that GCA outperforms existing methods in terms of accuracy and practicality.

Ruipeng Yang,Aimin Yu,Lijun Cai,Dan Meng

DOI: https://doi.org/10.1186/s42400-022-00131-y

2022-12-05

Abstract:The traffic encryption brings new challenges to the identification of unknown encrypted traffic. Currently, machine learning is the most commonly used encrypted traffic recognization technology, but this method relies on expensive prior label information. Therefore, we propose a subspace clustering via graph auto-encoder network (SCGAE) to recognize unknown applications without prior label information. The SCGAE adopts a graph encoder-decoder structure, which can comprehensively utilize the feature and structure information to extract discriminative embedding representation. Additionally, the self-supervised module is introduced, which use the clustering labels acts as a supervisor to guide the learning of the graph encoder-decoder module. Finally, we obtain the self-expression coefficient matrix through the self-expression module and map it to the subspace for clustering. The results show that SCGAE has better performance than all benchmark models in unknown encrypted traffic recognization.

computer science, information systems, interdisciplinary applications, software engineering

Qian Dang,Ajun Cui,Wenbo Shang,Chunhui Du,Chenyu Wang,Xiaolin Gui

DOI: https://doi.org/10.1109/EEPS58791.2023.10257132

2023-01-01

Abstract:With the rapid development of computer and communication technology, the power Internet of Things has become an inevitable trend of intelligent and informatized power grid construction. However, the openness of the power Internet of Things makes it more vulnerable to cyber attacks and affects the normal operation of the power system. Therefore, in order to improve the stability of the power system, it is necessary to detect the abnormality of the traffic data generated by the network attack and give early warning of the attack in time. However, almost all existing network traffic anomaly detection methods are strongly dependent on labeled data, manually selected features, and balanced datasets. These methods are not only expensive, but also difficult to distinguish unknown abnormal types. This paper proposes a network traffic anomaly detection method based on autoencoder and attribute graph. This method is designed to learn generic abstract features by autoencoder and avoid the influence of manual features. Then the network traffic is abstracted into an attribute graph based on abstract features, and an anomaly detection model based on the attribute graph is designed to filter out anomalous traffic depending on topology and similarity. At last, the feasibility and effectiveness of the algorithm proposed is verified, on the two network traffic public datasets (NSL-KDD and CICIDS2017). Experimental result demonstrate that the model proposed in this paper has better detection performance compared with other state-of-the-art network traffic anomaly detection algorithms in unsupervised condition, which can be effectively used for imbalanced dataset.

Ming Liu,Qichao Yang,Wenqing Wang,Shengli Liu

DOI: https://doi.org/10.3390/s24206507

IF: 3.9

2024-10-11

Sensors

Abstract:The exponential growth of encrypted network traffic poses significant challenges for detecting malicious activities online. The scale of emerging malicious traffic is significantly smaller than that of normal traffic, and the imbalanced data distribution poses challenges for detection. However, most existing methods rely on single-category features for classification, which struggle to detect covert malicious traffic behaviors. In this paper, we introduce a novel semi-supervised approach to identify malicious traffic by leveraging multimodal traffic characteristics. By integrating the sequence and topological information inherent in the traffic, we achieve a multifaceted representation of encrypted traffic. We design two independent neural networks to learn the corresponding sequence and topological features from the traffic. This dual-feature extraction enhances the model's robustness in detecting anomalies within encrypted traffic. The model is trained using a joint strategy that minimizes both the reconstruction error from the autoencoder and the classification loss, allowing it to effectively utilize limited labeled data alongside a large amount of unlabeled data. A confidence-estimation module enhances the classifier's ability to detect unknown attacks. Finally, our method is evaluated on two benchmark datasets, UNSW-NB15 and CICIDS2017, under various scenarios, including different training set label ratios and the presence of unknown attacks. Our model outperforms other models by 3.49% and 5.69% in F1 score at labeling rates of 1% and 0.1%, respectively.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Gongxun Miao,Guohua Wu,Zhen Zhang,Yongjie Tong,Bing Lu

DOI: https://doi.org/10.3390/electronics12132763

IF: 2.9

2023-06-21

Electronics

Abstract:Recently, anomaly detection in dynamic networks has received increased attention due to massive network-structured data arising in many fields, such as network security, intelligent transportation systems, and computational biology. However, many existing methods in this area fail to fully leverage all available information from dynamic networks. Additionally, most of these methods are supervised or semi-supervised algorithms that require labeled data, which may not always be feasible in real-world scenarios. In this paper, we propose AddAG-AE, a general dynamic graph anomaly-detection framework that can fuse node attributes and spatiotemporal information to detect anomalies in an unsupervised manner. The framework consists of two main components. The first component is a feature extractor composed of a dual autoencoder, which captures a joint representation of both the network structure and node attributes in a latent space. The second component is an anomaly detector that combines a Long Short-Term Memory AutoEncoder (LSTM-AE) and a predictor, effectively identifying abnormal snapshots among most normal graph snapshots. Compared with baselines, experimental results show that the method proposed has broad applicability and higher robustness on three datasets with different sparsity.

engineering, electrical & electronic,computer science, information systems,physics, applied

Junhao Liu,Guolin Shao,Hong Rao,Xiangjun Li,Xuan Huang

DOI: https://doi.org/10.3390/app142210366

2024-01-01

Applied Sciences

Abstract:While encryption enhances data security, it also presents significant challenges for network traffic analysis, especially in detecting malicious activities. To tackle this challenge, this paper introduces combined Attention-aware Feature Fusion and Communication Graph Embedding Learning (AFF_CGE), an advanced representation learning framework designed for detecting encrypted malicious traffic. By leveraging an attention mechanism and graph neural networks, AFF_CGE extracts rich semantic information from encrypted traffic and captures complex relations between communicating nodes. Experimental results reveal that AFF_CGE substantially outperforms traditional methods, improving F1-scores by 5.3% through 22.8%. The framework achieves F1-scores ranging from 0.903 to 0.929 across various classifiers, exceeding the performance of state-of-the-art techniques. These results underscore the effectiveness and robustness of AFF_CGE in detecting encrypted malicious traffic, demonstrating its superior performance.

Sidahmed Benabderrahmane,Ngoc Hoang,Petko Valtchev,James Cheney,Talal Rahwan

2024-06-27

Abstract:Advanced Persistent Threats (APTs) are sophisticated, targeted cyberattacks designed to gain unauthorized access to systems and remain undetected for extended periods. To evade detection, APT cyberattacks deceive defense layers with breaches and exploits, thereby complicating exposure by traditional anomaly detection-based security methods. The challenge of detecting APTs with machine learning is compounded by the rarity of relevant datasets and the significant imbalance in the data, which makes the detection process highly burdensome. We present AE-APT, a deep learning-based tool for APT detection that features a family of AutoEncoder methods ranging from a basic one to a Transformer-based one. We evaluated our tool on a suite of provenance trace databases produced by the DARPA Transparent Computing program, where APT-like attacks constitute as little as 0.004% of the data. The datasets span multiple operating systems, including Android, Linux, BSD, and Windows, and cover two attack scenarios. The outcomes showed that AE-APT has significantly higher detection rates compared to its competitors, indicating superior performance in detecting and ranking anomalies.

Cryptography and Security,Artificial Intelligence

Sihong Lin,Kunbin Zhang,Dun Guan,Linjie He,Yumin Chen

DOI: https://doi.org/10.3233/jifs-223649

2023-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Intrusion detection systems have become one of the important tools for network security due to the frequent attacks brought about by the explosive growth of network traffic. Autoencoder is an unsupervised learning model with a neural network structure. It has a powerful feature learning capability and is effective in intrusion detection. However, its network construction suffers from overfitting and gradient disappearance problems. Traditional granular computing methods have advantages in solving such problems, but the process is relatively complex, the granularity dimension is high, and the computational cost is large, which is not suitable for application in intrusion detection systems. To address these problems, we propose a novel autoencoder: Granular AutoEncoders (GAE). The granulation reference set is constructed by random sampling. The granulation of training samples is based on single-feature similarity in a reference set to form granules. The granulation of multiple features results in granular vectors. Some operations of granules are defined. Furthermore, we propose some granular measures, including granular norms and granular loss functions. The GAE is further applied to the field of intrusion detection by designing an anomaly detection algorithm based on the GAE. The algorithm determines whether the network flows are anomalous by comparing the difference between an input granular vector and its output granular vector that is reconstructed by the GAE. Finally, some experiments are conducted using an intrusion detection dataset, comparing multiple metrics in terms of precision, recall, and F1-Score. The experimental results validate the correctness and effectiveness of the intrusion detection method based on GAE. And contrast experiments show that the proposed method has stronger ability for detecting anomalies than the correlation algorithms.

Chuanpu Fu,Qi Li,Ke Xu

DOI: https://doi.org/10.1109/tnet.2024.3370851

2024-01-01

IEEE/ACM Transactions on Networking

Abstract:Nowadays traffic on the Internet has been widely encrypted to protect its confidentiality and privacy. However, traffic encryption is always abused by attackers to conceal their malicious behaviors. Since encrypted malicious traffic is similar to benign flows, it can easily evade traditional detection. In particular, the existing encrypted traffic detection methods are supervised which rely on the prior knowledge of known attacks (e.g., labeled datasets). Detecting unknown encrypted malicious traffic, which does not require prior knowledge, is still an open problem. In this paper, we propose, an unsupervised machine learning (ML) based malicious traffic detection system. Particularly, is able to detect unknown patterns of encrypted malicious traffic by utilizing a graph built upon flow interaction patterns, instead of learning the features of specific known attacks. We develop an unsupervised graph learning method to detect abnormal interaction patterns by analyzing the graph features, which allows to detect unknown attacks without requiring any labeled datasets. Moreover, we establish an information theory model to prove the effectiveness of . We show the performance of by real-world experiments with 140 attacks. The experimental results illustrate that outperforms the state-of-the-art methods by 13.9% accuracy improvement. Moreover, achieves 15.82 Mpps detection throughput with the average detection latency of 0.29s.

telecommunications,computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Juan Zheng,Zhiyong Zeng,Tao Feng

DOI: https://doi.org/10.1155/2022/4274139

IF: 1.968

2022-01-22

Security and Communication Networks

Abstract:Encrypted network traffic is the principal foundation of secure network communication, and it can help ensure the privacy and integrity of confidential information. However, it hides the characteristics of the data, increases the difficulty of detecting malicious traffic, and protects such malicious behavior. Therefore, encryption alone cannot fundamentally guarantee information security. It is also necessary to monitor traffic to detect malicious actions. At present, the more commonly used traffic classification methods are the method based on statistical features and the method based on graphs. However, these two methods are not always reliable when they are applied to the problem of encrypted malicious traffic detection due to their limitations. The former only focuses on the internal information of the network flow itself and ignores the external connections between the network flows. The latter is just the opposite. This paper proposes an encrypted malicious traffic detection method based on a graph convolutional network (GCN) called GCN-ETA, which considers the statistical features (internal information) of network flows and the structural information (external connections) between them. GCN-ETA consists of two parts: a feature extractor that uses an improved GCN and a classifier that uses a decision tree. Improving on the traditional GCN, the effect and speed of encrypted malicious traffic detection can be effectively improved and the deployment of the detection model in the real environment is increased, which provides a reference for the application of GCN in similar scenarios. This method has achieved excellent performance in experiments using real-world encrypted network traffic data for malicious traffic detection, with the accuracy, AUC, and F1-score exceeding 98% and more than 1,300 flows detected per second.

computer science, information systems,telecommunications

Yang Zhou,Haoyang Zeng,Zhourong Zheng,Wei Zhang

DOI: https://doi.org/10.1049/ell2.70103

2024-12-06

Electronics Letters

Abstract:This paper presents a network traffic anomaly detection model based on feature grouping and multiple autoencoders (multi‐AEs) integration. This model comprises four modules: feature grouping module, feature learning module, AUC and optimal threshold calculation module, and anomaly detection application module. In the feature grouping module, multiple group features are constructed by selecting the different features according to their attributes and variances. In the feature learning module, the group features of normal traffic are learned based on multi‐AEs. In the AUC and optimal threshold calculation module, the AUC of each AE is calculated according to the ROC curve of the verification data, and the optimal thresholds for each AE are determined using the Youden index. In the anomaly detection application module, the AEs that participated in fusion are selected and their weights are calculated by analysing AUC value, and the scores of unknown traffic in each AE are evaluated considering both the reconstruction error distribution and the optimal threshold. Finally, the anomaly detection result can be obtained by the fusion of these multiple scores. Through validation on the UNSW‐NB15 and CICIDS2017 datasets, the accuracy of the proposed model is improved by 12.04% and 10.52%, respectively, compared to the baseline model.

engineering, electrical & electronic

Xiaodong Zang,Tongliang Wang,Xinchang Zhang,Jian Gong,Peng Gao,Guowei Zhang

DOI: https://doi.org/10.1016/j.comnet.2024.110598

IF: 5.493

2024-01-01

Computer Networks

Abstract:The focus on privacy protection has brought much-encrypted network traffic. However, attackers always abuse traffic encryption to conceal malicious behaviors. Although researchers have proposed several enlightening detection methods, they must enhance the generalization ability or improve detection performance. Our inspiration is that the packet header fields, as do the underlying grammatical rules for constructing sentences, have a strict order. We consider the original packet as text and devise a robust approach with natural language processing and a deep learning model to improve the generalization ability and detection performance. We capture the critical keywords as characteristic representations of the traffic and design an adaptive domain generalization algorithm with a new loss function. It is robust against various datasets by generating more malicious samples to augment the minority of malicious samples. Simultaneously, we design an efficient feature selection algorithm, which obtains an optimal feature subset and reduces feature dimensions by 75.3%. To evaluate our work, we conducted extensive experiments with open-source datasets (CICIDS 2017, CICDDoS 2019, and USTC-TFC 2016), the synthetic dataset from IoT-23, and Internet backbone traffic (CERNET). Experimental results demonstrate that our proposal improves detection accuracy by up to 22.8% compared to others not using domain generalization algorithms and achieves an average detection latency of 0.67 s in the backbone. Besides, our work applies to the Industrial Internet of Things (IIoT) environment. It can be deployed at edge nodes to provide network security support for IIoT devices.

Tongtong Feng,Qi Qi,Jingyu Wang,Jianxin Liao

DOI: https://doi.org/10.23919/IFIPNetworking52078.2021.9472814

2021-01-01

Abstract:Anomaly detection in encrypted traffic is a growing problem, and many approaches have been proposed to solve it. However, those approaches need to be trained in the massive of normal traffic and specific-class abnormal traffic, so to achieve good results in that specific-class. For a new anomaly class with few labeled samples, the effectiveness of existing approaches will decline sharply. How to t...

In-Su Jung,Yu-Rae Song,Lelisa Adeba Jilcha,Deuk-Hun Kim,Sun-Young Im,Shin-Woo Shim,Young-Hwan Kim,Jin Kwak

DOI: https://doi.org/10.3390/sym16060733

2024-06-13

Symmetry

Abstract:With the continuously growing requirement for encryption in network environments, web browsers are increasingly employing hypertext transfer protocol security. Despite the increase in encrypted malicious network traffic, the encryption itself limits the data accessible for analyzing such behavior. To mitigate this, several studies have examined encrypted network traffic by analyzing metadata and payload bytes. Recent studies have furthered this approach, utilizing graph neural networks to analyze the structural data patterns within malicious encrypted traffic. This study proposed an enhanced encrypted traffic analysis leveraging graph neural networks which can model the symmetric or asymmetric spatial relations between nodes in the traffic network and optimized feature dimensionality reduction. It classified malicious network traffic by leveraging key features, including the IP address, port, CipherSuite, MessageLen, and JA3 features within the transport-layer-security session data, and then analyzed the correlation between normal and malicious network traffic data. The proposed approach outperformed previous models in terms of efficiency, using fewer features while maintaining a high accuracy rate of 99.5%. This demonstrates its research value as it can classify malicious network traffic with a high accuracy based on fewer features.

multidisciplinary sciences

Ao Xiong,Chenbin Qiao,Yuanzheng Tong,Baozhen Qi,Chengling Jiang

DOI: https://doi.org/10.21203/rs.3.rs-2969521/v1

2023-01-01

Abstract:Abstract The significant changes brought by block-chain technology have posed many challenges to financial services, ecological security, and privacy protection. Therefore, in order to achieve intelligent block-chain supervision and assess the risk of potential money laundering, terrorist financing, and other financial crimes of customers, anomaly detection of blockchain networks is required. Structurally, blockchain data is essentially represented by a graph, where nodes represent addresses and edges represent behaviors such as transactions, and the model after constructing the transaction graph can extract high-dimensional features in the graph structure relationships. Existing anomaly detection methods ignore the interaction information between network structure and node attributes and have limited ability to detect anomalies. Based on this, this paper proposes GraphAEAtt, a deep learning framework based on self-encoder and attention mechanism, which consists of a structural auto-encoder and an attribute auto-encoder to jointly learn node and attribute feature vector representations, and in addition, introduces an attention mechanism to learn the correlation between nodes and their neighboring nodes. First the structural encoder converts the observed raw node attributes into a vector representation of the low-dimensional potential space, and then the shared attention mechanism is used to aggregate the embeddings of all neighboring nodes to finally generate node embedding. The attribute encoder uses a multi-layer perceptron to map the observed attribute data into a potential attribute embedding representation. Then, a structure decoder is used to reconstruct the adjacency matrix and an attribute decoder to reconstruct the attribute matrix, and the reconstruction error of the nodes is measured from both structure and attribute perspectives as the objective function for neural network training. Then anomaly detection is implemented based on the reconstruction error of the nodes measured from both structure and attribute perspectives. Finally, a large number of experiments are conducted to verify the effectiveness of the proposed method in real datasets.