| With the expansion of network scale and the continuous development of network technology,the harm caused by network attacks is increasingly escalating,posing serious security risks to enterprises and users.There are various types of existing network attacks,and with the iteration and updating of technology,new variants continue to emerge,which poses unprecedented challenges for network security technicians.Most of the existing network anomaly detection methods are targeted at specific network attacks,and their detection capability for unknown categories of network attacks is weak.In addition,there are difficulties in obtaining malicious software traffic and high costs of sample labeling.In addition,with the continuous evolution and upgrading of network attack techniques,attacks have developed from simple attacks with a single purpose and using simple methods to complex network attacks that integrate multiple technologies.Complex network attacks have the characteristics of being organized,multi-stage,and with covert communication,which reduces the accuracy of traditional anomaiy detection methods based on feature vectors for single flow or single node.To address these two issues,this paper proposes two detection algorithms:a multi-layer autoencoder based on normal traffic for unsupervised learning,which improves the detection range of network attacks;and a dynamic graph neural network that learns the dynamic changes of network communication structures to improve the detection accuracy of anomalous structures.The main contents of this paper are as follows:(1)Malicious Network Traffic Detection Based on Multilayer Autoencoder.In order to study the distribution differences of traffic data generated by different applications in the network,an ensemble approach is introduced for multi-distribution normal traffic learning.Existing ensemble strategies,such as Bagging and Boosting,are mostly used in supervised learning,and have high complexity and low accuracy.Therefore,we mainly study how to improve the model’s learning of normal traffic data distribution and improve the real-time detection of the model through integrated learning strategies in unsupervised scenarios,while reducing the complexity of integrated learning.(2)Dynamic Graph Neural Network Based Anomaly Detection for Network Communication.Graph neural networks are widely used in various fields because they can mine structural information within data.They have achieved good research results in various tasks such as node classification,link prediction,and subgraph embedding.However,existing anomaly traffic detection methods based on graph neural networks are not well-suited to the dynamic changes of networks,such as the addition and disappearance of nodes and edges,and the changes of node and edge attributes.Therefore,this paper mainly studies how to conduct anomaly traffic detection based on dynamic graph neural networks,and to mine the spatio-temporal semantic features of network communication.(3)An anomaly traffic detection system was designed and implemented,which integrated the two anomaly detection models proposed in this paper.The system was modularly designed and implemented through requirement analysis,summary design,and detailed design.The system provides a visual page interface for data collection,feature extraction,model training,and model detection.The usability and effectiveness of the system were verified through system testing. |
PDF Full Text Request