Research On Malicious Network Traffic Detection Technology Based On Neural Network

In recent years,due to the fast progress of the Internet of things,artificial intelligence,5G and other intelligent information technology,coupled with the advanced network communication mode,the number of online services in cyberspace is increasing.Subsequently,the risk of network security accidents is also on the rise,a variety of new types of network attacks may cause great threats and harm to national and social security,which needs to attract the attention of all network security researchers.Malicious network traffic detection system can be used as a reliable scheme to address the above issues,but when confronting massive high-dimensional network traffic data,the current malicious network traffic detection methods still have some inadequacies in accuracy and generalization,which can not meet the current security requirements of cyberspace.Therefore,by studying various models of neural network and feature selection techniques,this thesis introduces relevant improved methods into malicious network traffic detection to overcome the above defects and deficiencies.The main research work of this thesis includes the following:（1）Aiming at the issue of insufficient feature learning in malicious network traffic detection,a neural network-based malicious network traffic detection method is studied and analyzed.This thesis generalizes and summarizes the relevant theoretical knowledge of malicious network traffic detection and neural network,focuses on the basic principles and characteristics of Gated Recurrent Unit（GRU）and Convolutional Neural Network（CNN）,and constructs a malicious network traffic detection model based on Bidirectional Gated Recurrent Unit（Bi GRU）and CNN.（2）Aiming at the issue of low detection performance and efficiency of the model due to irrelevant and redundant features in high-dimensional network traffic data,the related methods of feature selection are studied.The basic concepts of entropy and mutual information in information theory are introduced in detail,and the principles and classification of feature selection are expounded.Through the explanation and formula derivation of feature selection method based on mutual information,the CFR algorithm is improved.Combined with the malicious network traffic detection model based on BiGRU and CNN,an improved malicious network traffic detection method based on CFR-Bi GRU-CNN is proposed,and CIC-IDS2017 dataset is used to test and verify the model.（3）Aiming at the issue of low recall in low frequency attacks detection,this thesis studies how to optimize the structure and improve the model of neural network.The principle and advantages of optimization methods such as Residual Network（Res Net）and ELU activation function are introduced,and the related optimization methods are added to the structure of the detection model,and a malicious network traffic detection method based on residual module Bi GRU-CNN-ELU is proposed.This thesis compares the detection performance of multiclassification experiments and binary-classification experiments on CIC-IDS2017 and TON＿IoT datasets,respectively.The innovation of this thesis is mainly reflected in the following two aspects:（1）An improved malicious network traffic detection method based on CFR-Bi GRU-CNN is proposed.Firstly,the feature set is pre-screened,and then the CFR algorithm is used for feature selection,which improves the computational efficiency of the model while removing irrelevant and redundant features in network traffic data.On the other hand,the parallel model structure of Bi GRU and CNN is used for feature extraction of network traffic data,which can make full use of the characteristics and advantages of these two neural network structures,thus improving the accuracy of the detection model.（2）A malicious network traffic detection method based on residual module Bi GRUCNN-ELU is proposed.The residual module and ELU activation function are introduced to enhance the model’s ability to extract low-frequency attacks feature information,and attention mechanism is used to deal with important features to improve the model’s generalization ability.The experimental results show that the multi-classification accuracy of the detection method in CIC-IDS2017 and TON＿Io T datasets reaches 99.77% and 99.24%,respectively,and the binary classification accuracy is 99.82% and 99.62%,respectively,which are superior to other detection methods.