| With the rapid development of the network,there are more and more network attacks.Among them,APT(Advanced Persistent Threats)is one of the main threats in network attacks.Therefore,research on preventing and detecting APT attacks by analyzing network traffic is prepared.Attention,the main work of this paper is as follows:First,Due to the insufficient characteristics of APT attack data in network traffic,this paper constructs a data set containing APT attack traffic.First,select Monday traffic data in the CICIDS2017 data set as benign data,and select 13 types of APT attack traffic in Contagio as Malicious traffic data,and then use the CLCFlow Meter network traffic extraction tool to extract the basic attributes of the two data sets,and finally perform data fusion according to the common data attribute structure of the two to complete the construction of the data set.Second,In view of the low accuracy of APT attack detection in network traffic,this paper proposes the SSA-CNN-Bi GRU model to detect APT attack traffic.This model first uses Convolutional Neural Networks(CNN)to complete the preliminary extraction of traffic features,then introduce the attention mechanism to enhance the attention ability of the model,and finally use the Sparrow Search Algorithm(SSA)to optimize the Bidirectional Gated Recurrent Unit(Bi GRU)to complete the construction of the traffic classification model,and finally design a comparative experiment,verifying the superiority of the model on the dataset proposed in this paper.The accuracy of SSA-CNN-Bi GRU has reached 96.97%,and the F1 value has reached 97.73%,which is 0.84% higher than the F1 value of CNN-Bi GRU.Third,According to the APT attack detection model of SSA-CNN-Bi GRU,complete the APT attack detection system,realize the analysis and statistics of network traffic files and APT attack flow detection and other functions. |
PDF Full Text Request