Research And Application Of Automatic Detection Technology Of Network Attack

With the further expansion of the scale of the network and the number of users,the network has penetrated into the lives of people and society from all aspects.Various applications have greatly facilitated our lives.The rise and development of cloud platforms,big data,and the Internet of Things have brought more opportunities and possibilities.However,while the Internet has greatly optimized and enriched personal and social life,it is also faced with still severe attack threats,such as DDoS attacks and Web attacks.Therefore,it is still necessary to continue in-depth network security research to discover the existence of network attacks in a timely manner.In order to comply with the development of today’s network and data situation,machine learning and deep learning methods have been continuously applied to network attack detection.Researchers usually first preprocess network traffic data to extract multi-dimensional features,then build learning models for classification training,and finally use the trained models to identify network attacks.However,this type of detection model usually uses a single learning algorithm,and many data sets used in training are outdated,so the performance may not achieve better performance in actual multi-type network attack detection.This thesis mainly researches and applies the automatic detection technology of network attacks.According to the characteristics of several network attacks,three modules for detecting different attacks are constructed.Among them,different theoretical methods are used to process the data and the existing algorithms Improvements have been made.The main work content of this thesis includes:researching the characteristics of Web attacks,DDoS attacks and other types of attacks,determining the theories and methods used,and constructing three detection modules.In other attack type detection modules,This thesis first use the nc_SMOTE algorithm to process the data,and then propose an improvement to the random forest algorithm.This thesis improves the decision-making layer of the random forest algorithm to a weighted voting method,and then detects other types of attacks.In the Web attack detection module,based on the existing research on URL feature extraction,this thesis customizes the features extracted from URLs and messages.Then use the constructed comprehensive features to classify and identify Web attacks.Apply the self-similarity theory in the DDoS detection module to detect the occurrence of DDoS attacks by calculating the Hurst index and recording its changes,and then construct the LSTM network to predict the occurrence of the attack.If an attack occurs,use traffic sampling and calculate the Hurst exponential change curve to determine the source of the DDoS attack.In addition,this thesis uses the CICIDS2017 data set containing current traffic characteristics,and conducts training experiments on each model through different data processing methods.Experimental results show that using the modules constructed in this thesis for different attacks to classify and detect several types of attacks,it has shown good classification performance on the test set,and performed well in the accuracy rate,recall rate,and F1 value.The overall performance.