Research On Malicious Network Traffic Detection And Identification Method Of Internet Of Things Based On Deep Learning

The Internet of Things(IoT)finds extensive application across multiple domains of human production and daily life.However,IoT devices work in an unattended environment for a real-time security checks.Therefore,they are extremely vulnerable to illegal attacks.The malicious network traffic identification algorithm in an intrusion detection system is used to detect and identify abnormal network behavior in Internet of Things(IoT)systems,aiming to achieve system security protection.However,due to the stealthiness and complexity of existing cyber attacks,there is an issue of imbalanced quantity in the traffic dataset and difficulty in extracting features.These problems increase the difficulty of designing algorithms for malicious traffic identification.So,this paper studies data network traffic analysis,sample balance processing,data feature fusion and attack network traffic detection from four aspects.The specific work is as follows:(1)In terms of IoT traffic analysis,statistical analysis was performed on the data network traffic in two typical IoT application scenarios:smart homes and smart industries.First,at the quantity level of network traffic data,it was found that there is a problem of data imbalance in public network datasets by statistically analyzing the number of each label.Second,at the feature level of network traffic data,by analyzing the IP address,port number,and protocol features in different device network traffic in the dataset,it was shown that there is a correlation between these local spatial features.At the same time,by intercepting a period of network traffic from both scenarios and analyzing it using information entropy as a tool,it was found that there is a sequential relationship between different attacks.The above conclusions provide guidance for designing intrusion detection systems for IoT scenarios.(2)This article proposes a data augmentation algorithm based on the fusion of autoencoders and mixed sampling to address the problem of sample imbalance in IoT scenarios.First,feature extraction and dimensionality reduction of the original data are achieved based on the variational autoencoder.Second,perform mixed sampling on the low-dimensional continuous data samples output by the encoder.Specifically,for minority class samples,multiple classifiers are used for label prediction.The minority class samples with prediction accuracy less than half are expanded to achieve oversampling.For majority classes,clustering algorithms are used to cluster them,and then an equal amount of data is taken from each cluster for combination to achieve undersampling.Finally,based on public datasets for testing and verification,the results show that the data augmentation method proposed in this article effectively improves the accuracy of existing classifiers in identifying each label.(3)This paper proposes a malicious traffic detection algorithm that combines temporal and spatial features to address the issues of inadequate feature extraction for Internet of Things(IoT)traffic and difficulty in detecting unknown attacks.The model combines a non-symmetric multiscale space encoder and a bidirectional attention time encoder to extract spatial and temporal features.The non-symmetric multi-scale space encoder is based on a multi-scale convolutional network with a mixed attention mechanism,which focuses on extracting spatial feature information such as IP addresses and port numbers.The bidirectional attention time encoder is constructed based on a bidirectional recurrent network optimized by multi-head self-attention mechanism,which is used to realize the correlation analysis of the front and rear features of network traffic data.In addition,design an algorithmic model that combines known attack detection and unknown attack detection.The SoftMax function is responsible for detecting existing attack types,while the adversarial convolutional autoencoder is used to detect unknown attacks.Finally,the proposed solution was tested and validated using publicly available network datasets.The results indicate that the feature fusion model can effectively extract the spatio-temporal characteristics of the Internet of Things(IoT)and enhance the accuracy of the classifier model.At the same time,adversarial convolutional autoencoder can effectively detect unknown network attacks.(4)Based on the front-end framework Vue.js and the open-source deep learning framework Pytorch,an online real-time analysis system for IoT network traffic data was designed and implemented for the model established above.The system has functions such as online data collection,data preprocessing,abnormal network traffic detection,result display and alarm,providing network users with a simple and intuitive display of IoT network traffic status,and realizing real-time detection and identification of IoT network traffic.