Abnormality Traffic Monitoring System Based On Deep Learning

With the rapid development of the Internet industry,network attacks have become more agile and industrialized,and network security issues have also attracted more attention.As an information carrier in the Internet era,network traffic contains rich information.Network traffic anomaly detection,as an effective means of protection,is a highly valuable anomaly detection scenario in the cyberspace security system,which has always been the focus of many scholars.The continuous development of neural network and deep learning also drives the field of network traffic anomaly detection.However,there are still some problems in the current research,such as the high dependence of network traffic on manual extraction of features,the large dimension of data to be processed,the performance bottleneck of model calculation,and the low accuracy of traffic detection.Aiming at the above problems,this paper studies the anomaly monitoring system based on deep learning.The main contents of this paper are as follows:(1)Existing network traffic detection methods often rely heavily on manually extracted features,and cannot effectively utilize the advantages of deep learning in feature extraction.This article studies the number of bytes used to detect traffic,focusing on the fields in the header that can reflect network protocol interaction.A network traffic information extraction method based on header detection is proposed,which intercepts the first few bytes of each session’s first few traffic packets and converts them into multidimensional time series traffic data.To verify the effectiveness of this method,comparative experiments were conducted to validate different extraction methods,ultimately establishing a traffic extraction method with minimal cost and sufficient information.It does not require wasting a lot of computation and time to check the redundant data and storage in the entire long session,and can achieve good anomaly detection performance.(2)Based on the above network traffic information extraction method based on head detection,effective multivariate time series traffic data is extracted.Based on such traffic data,this paper proposes a spatiotemporal association network traffic detection model based on sparse attention.The model uses the structure of dual encoders to conduct self-attention learning on multi-dimensional traffic data from the perspective of time series correlation and inter-dimensional correlation,and combines the results of these two encoders through self-learning weights,and finally obtains the classification results of anomaly detection.The experimental results show that the model can effectively mine the correlation of abnormal traffic data in time and dimension in parallel.At the same time,it can effectively reduce the space-time complexity and improve the computing speed in the multi-layer multi-head self-attention layer by using the low-rank property of the self-attention matrix.At the same time,the experiment of the model on the USTC-TFC2016 dataset has achieved 100%accuracy,and has better detection and classification effects than the selected similar models.(3)The existing network traffic data sets often exist in the form of extracting feature sets,which also has its advantages over directly targeting the original traffic.This paper proposes a network traffic anomaly detection model based on feature extraction.On the basis of the original Transformer model,it changes the order of some network structures such as the normalization layer,removes unnecessary modules such as the decoder,and introduces the sparse self-attention mechanism to accelerate the training speed of the model while enhancing the stability of the model.It is verified on the CIC-IDS2017 dataset that this model can provide known attack protection with low FAR,and has better classification effect than the selected similar models.