Research On Abnormal Traffic Detection Method Based On Behavior Characteristics

The continuous development of Internet information technology updates and iterations has greatly improved work efficiency while changing users’ daily life style.At the same time,network attack technology presents intelligent and diversified development,and network security problems are becoming more and more serious.How to ensure information security safely and efficiently has become a problem that more and more scholars are committed to studying,and abnormal traffic detection technology is an important part of information security protection.By monitoring the network traffic in real time and discovering abnormal behaviors in time,we can ensure the security of the current network and continue to provide convenience for users’ life,industrial production,information interaction and other fields.The behavior features that traditional abnormal traffic detection methods rely on are usually composed of high-dimensional traffic features.The detection accuracy is not high enough,and the generalization ability is poor,which cannot meet the requirements of abnormal traffic detection in the context of a large amount of traffic generated in the highly information age.The main work of this paper is as follows:(1)In order to solve the problem that the existing methods do not consider the influence of feature importance on abnormal traffic identification results,an abnormal traffic detection method based on network behavior is proposed.First,the machine learning algorithm is used to reduce the feature dimension and remove redundant feature information,and then the Pearson coefficient is introduced to measure the importance of the selected features,finally,multiple weak classifiers are formed into a strong classifiers to realize anomaly detection.Experiments use this method to conduct validation evaluation on the KDD-CUP99 dataset,and the final ensemble learning classifier achieves an average recognition accuracy of 97.1%.(2)In order to reduce the information redundancy of traffic characteristics in abnormal traffic detection technology,multi-level feature extraction is carried out for different types of traffic.An abnormal traffic detection technology based on device behavior is proposed to extract the deep learning features of traffic data,synthesize the extracted data timing features,traffic statistical features and protocols,and obtain the features that can characterize the device behavior.This method utilizes the long short-term memory based on attention mechanism training data to extract the time series features,and utilizes the convolutional neural network model to train the high-dimensional traffic features composed of time series feature vector,traffic statistics feature and protocols to complete the deep feature extraction.Finally,the model is evaluated by cross entropy.The experimental evaluation is carried out on the iscx-2012 data set.The experimental results show that the recognition accuracy of this method reaches 97.6%,the recall rate reaches 97.4%,and the maximum F1 value of the model reaches 97% when the number of iterations is 38.