Network Intrusion Traffic Recognition Method Based On Deep Learning

Among all network security defense methods,traffic detection technique is commonly used to detect whether the communication traffic in network contains traffic of attack behavior from malicious software.It can also provide important information of the whole network situation.Therefore,it has always been the focus of study in the field of network security,whether in China or abroad.Early traffic detection technique was mostly based on manually designed rules,but as the network attack patterns of malicious software became more and more complex and changeable,these methods appeared to be relatively simple and difficult to quickly adapt to increasingly complex traffic patterns.So,many people gradually turned their attention to machine learning algorithms,which is a popular research direction in current computer science field.Among them,deep learning methods have been gradually applied in many fields in recent years,and shown excellent data pattern learning ability,which pointed a new research direction for the detection and identification of network attack behavior through traffic.This thesis focuses on the detection and identification of malicious traffic in the network and proposes two methods of traffic detection based on deep learning technology.The main work is as follows:(1)For the complicated data pattern of network traffic,I choose to extract the original network traffic payload from application layer after research,in order to solve the problem of designing the feature of network traffic data by granting the model ability to learn the feature pattern of original network data when the malicious software processes intrusion.Based on that,I propose a malicious software traffic detection model on the basis of convolutional neural network,and optimizes the feature map through SE-Net network structure.Besides,in order to improve the training efficiency,I adopt deep separable convolution method in the CNN model and it performs well using USTC-TFC2016 dataset.At the same time,I adopt a new training mechanism based on transfer learning.In this way,the USTC-TFC2016 model is used as the pre-training model to fine-tune new model with malicious traffic dataset.After acquiring the extracted traffic features from pre-training model,the training effect of new model is effectively improved.(2)In this part,I innovatively optimize the original CNN traffic detection model with the structure of capsule,in order to avoid the loss of association information between feature maps.The new model is applied to USTC-TFC2016 dataset and it shows that the accuracy of original traffic detection has been significantly improved,which proves that the association information retained in the capsule network structure is helpful for traffic data detection.At the same time,I adopt that model as a pre-training model,and use parameter transfer learning methods to fine-tune detection model with traffic data from malicious software,which furtherly improves the performance of the malicious network traffic detection model.