| With the development of Internet technology,people’s working life is becoming more and more convenient,but at the same time,various kinds of network attack activities are becoming more and more rampant,which poses a great threat to cyberspace security.To cope with such threats,intrusion detection technology has become a research hotspot for cyberspace security.In recent years,deep learning has made great achievements in many fields and provided new ideas for intrusion detection.In the face of complex network data and diverse intrusion methods,traditional machine learning methods cannot meet security needs.Deep learning-based methods can achieve good results in computer vision and natural language processing,but they are far from fully exploiting their potential in processing network traffic data,and their performance in detecting unknown intrusions is still unsatisfactory.Depending on the application scenarios,the network traffic intrusion detection problem can be abstracted into single classification,binary classification and multi-classification problems for network traffic.In this paper,we develop a deep learningbased network traffic classification method to strengthen the active defense of network security and provide support for the improvement of China’s cyberspace security and the construction of a strong network country.The main contributions of this paper are as follows.(1)A deep learning method for intrusion detection based on multiconvolutional neural network(CNN)fusion is proposed for the problem of correlation interference in the conversion of one-dimensional network traffic feature data to two-dimensional image data.The feature data is divided into four parts based on correlation as a way to reduce the interference between irrelevant features,and then the one-dimensional feature data is converted into grayscale maps.Each part is classified by a separate CNN model,and finally the classification results of each part are fused to produce the optimal result.The experimental results show that the multi-CNN fusion model can classify network attack traffic more accurately on the NSL-KDD dataset,which is a high-precision and lowcomplexity classification method,and it also outperforms the traditional machine learning methods and other deep learning methods.(2)To address the problem of unbalanced traffic data,which seriously affects the detection of outliers,long short-term memory(LSTM)is introduced into single classification,and single classification LSTM(OC-LSTM)is proposed on the basis of classical single-class support vector machine(OC-SVM),which can solve the problem of unbalanced data set and better learn the features of normal traffic.Unlike other autoencoder-based hybr-id deep learning methods,the proposed method is an end-to-end training network that uses a loss function with similar optimization objectives as OC-SVM for model training.Comprehensive experiments on three publicly available network traffic datasets for single classification of various types of network attack types show that the method outperforms traditional shallow methods and other deep methods.(3)To address the requirement of real-time network traffic classification and anomaly detection,an improved traffic classification framework is proposed for network traffic anomaly detection,which can directly identify the original traffic.The network framework is based on the NIN(network in network)structure,which can improve the extraction effect of the model on the local features within the perceptual field of view,and at the same time,combined with the depth-separable convolution,greatly reduces the number of parameters and the computational cost.The network model is named as NIN-DSC(Network in Network-Depthwise Separable Convolutions)network,which can be used for network attack traffic classification,and the classification effect is verified on public network attack traffic dataset and network encryption traffic dataset.The experimental results show that the network not only outperforms the classical CNN and LSTM networks in terms of detection effect,but also is faster and can achieve real-time detection.In addition,we built an intelligent network detection and analysis system and applied the proposed NIN-DSC model into practice,which yielded better results and verified the practical value of the algorithm. |
