Research Of Anomaly Network Traffic Detection Algorithms Based On Deep Learning

With the rapid development of new-generation innovative technologies,the importance of information security and privacy protection is constantly increasing.The widespread application of new technologies has brought great challenges to the original security methods,modes,and concepts.The network security status has become increasingly complex and severe,which greatly restricts the further development of informatization,digitalization,and networking in our country.In the new and old technologies’ rapidly changing period,how to efficiently detect the security issues in the network has become the focus of all researchers.The main objectives of the"14th Five-Year Plan" period emphasize the need of adhere to the overall national security concept and strengthen the construction of national security system.As a vital part of cyberspace security and offensive defense confrontation,the anomalous network traffic detection system can monitor,record,track,and even detect suspicious traffic with connections in real-time.Furthermore,it can promptly and effectively discover,identify,defend against potential threats under a strong confrontation environment.Therefore,anomalous network traffic detection has become the focus of various military powers.And it will become an important field in the future international information technology strategic highland competition,too.In recent years,deep learning has achieved a large number of breakthrough research achievements in many application fields such as natural language processing(NLP)and computer vision(CV),which brings new opportunities for the development of anomalous network traffic detection.Traditional shallow learning methods cannot adapt to the dynamic growth of network traffic and they are not suitable for the intelligent analysis and prediction requirements of large-scale high-dimensional traffic data.Howto design fast and efficient anomaly detection algorithms based on the traffic data characteristics has become an urgent problem in the field of network security.Based on the deep learning method,researches on network intrusion detection is conducts in this thesis.The anomaly detection problem is selected as the research target,and the intelligent identification of anomalous network traffic is mainly studied.The purpose of the research is to reduce the workload of security practitioners,improve the network situation awareness ability of the information security system,and provide strong support for the improvement of China’s network security technology system and the construction of the network power strategy.The main contributions of this thesis include the following three parts:(1)Aiming at problems such as the small number of effective abnormal samples in network traffic data,an unsupervised anomaly detection model,One-Class Long Short-Term Network(OC-LSTM),is proposed.This model is an end-to-end one-class neural network who’s specially designed loss function is equivalent to the optimization goal of the one-class support vector machine(OC-SVM).It can create a tight envelope around the data when only normal types of data are available.By directly adopting the target representing learning for anomaly detection,OC-LSTM can directly process the original data without using unsupervised transfer learning for further feature extraction.This will help identify anomalies in complex large datasets,when the decision boundary between normal and anomalies is highly non-linear.A series of comparative experiments conducted on three large network security datasets convincingly proved that the proposed OC-LSTM can achieve better or comparable performance than the most advanced one-class anomaly detection methods.(2)In terms of supervised anomaly detection,a deep anomaly detection(DAD)model based on structured data processing system(SDPS)is proposed to effectively improve the status quo of blindly using deep neural network(DNN)for network traffic data.By integrating a variety of processing methods,the structured data is suitable for DNN training,thereby improving the anomaly detection performance of the model.The specially designed data enhancement,feature selection,network architecture selection,and other modules in SDPS can effectively solve the current problems of low training efficiency and poor training results caused by the direct use of DNN on structured data.After that,anomalous network traffic data is taken as an example and a series of ablation experiments is designed to verify the effectiveness of each module in SDPS-DAD.The comparative experiment on the two test datasets strongly proves that SDPS-DAD can obtain superior detection performance than other complex and state-of-the-art methods by using a simple classification network.The proposed model not only enhance the performance of deep neural networks in processing structured data,but also provide an effective reference for the expansion of deep learning application fields.(3)To verify the practicability of anomaly detection methods and promote the application of deep learning models,an intelligent anomalous network traffic detection dynamic monitoring system based on the above anomaly detection models is designed.Through demand analysis and overall design,the overall framework of the system is constructed.Then,the design of each module and the realization of key processes are elaborated.Finally,a prototype system for intelligent anomalous network traffic detection is implemented,and the reliability and practicability of the system are verified under large-scale network traffic.The work has strongly promoted the application of related deep learning models in the field of network security.