Research And Implementation Of Malicious Traffic Identification Based On Small Sample Deep Learning

With the increasing popularity of the Internet in modern life,more and more devices have achieved interoperability through the network,and the security of cyberspace has also attracted more and more attention.The malicious traffic identification system is used to effectively detect various abnormal attacks on the network,and is one of the most critical systems for maintaining cyberspace security.However,in the current network,the intrusion of malicious attacks is usually hidden or small-scale,which is difficult to be detected and identified,which brings new challenges to the malicious traffic identification system.Although many supervised and unsupervised learning algorithms in the traditional machine learning field have sufficiently improved the efficiency of malicious traffic identification systems,they still suffer from some problems.While unsupervised learning algorithms do not need to label large amounts of data,their detection results are poor.Although supervised learning has better detection results than unsupervised learning,obtaining enough samples and labels is time-consuming and labor-intensive.Another problem with supervised learning is that in real network activity,the frequency of normal network behavior should be much higher than the frequency of malicious network connection activity,which leads to the scarcity of abnormal data samples that can be labeled,leading to malicious algorithm model detection.poor effect.Few-shot learning is a special case of machine learning,where the goal is to use a small number of limited samples for model training to obtain good detection results.In order to solve the problem that sample data is scarce and difficult to obtain in network traffic identification.In this paper,a small sample learning model based on data augmentation and Siamese network is used to improve the detection effect of the malicious traffic identification model on the UNSW-NB15 dataset.The main contributions of this paper mainly include the following points:(1)An algorithm based on SMOTE and GAN in data enhancement is proposed to expand the data set,and machine learning and deep learning models are used to improve the detection effect of malicious traffic identification.(2)A malicious traffic identification algorithm COD-SNN based on siamese network is proposed.By introducing a one-dimensional convolutional network and a new loss function,the model can improve the extraction of sample features.Higher recognition accuracy.