Research On Network Traffic Anomaly Detection Method Based On Coupled Learning

With the widespread application and rapid development of technologies such as 5G communication,big data,and deep learning,society is experiencing rapid development while also facing exponential growth in network traffic data and a series of cybersecurity issues.Currently,internet technology is rapidly moving towards the direction of the Internet of Things,rendering traditional network security methods almost ineffective in the new technological framework and unable to meet the future demands for network information security.Therefore,anomaly detection in network traffic is of great significance for ensuring the secure operation of networks.This paper focuses on the task of network traffic anomaly detection,taking explainability as a starting point.It proposes a network traffic anomaly detection method based on coupled learning and a feature selection method based on real network traffic from a company.Furthermore,the specific application of network traffic anomaly detection is further studied.The main contents of the paper are as follows:1.In response to the lack of explainability in current network traffic anomaly detection models,the paper proposes an explainable network traffic anomaly detection model based on coupling evolutionary sampling and deep decoding(CESDDM).Firstly,evolutionary sampling learning is introduced to extract representative feature samples,achieving a highly explainable sample encoding process.Secondly,a coupled learning model is constructed,combining the interpretable evolutionary sampling sample encoding process with the unexplainable deep neural network decoding process.Lastly,the sample encoding results and reconstruction errors are utilized for anomaly detection.Experimental results on public datasets demonstrate that this method significantly improves model interpretability and model scalability while achieving detection performance comparable to existing state-of-the-art methods.Furthermore,this novel approach can provide a distinctive technical reference for the study of explainable machine learning methods.2.In order to verify the effectiveness of the proposed CESDDM in real network traffic from a company and address the issue of the inability to directly apply raw network traffic to CESDDM,the paper designs a method for feature selection and detection analysis of real network traffic from a company.Firstly,based on the company’s real raw network traffic data,network traffic features with statistical information are extracted from three dimensions: basic features,time features,and connection features.Secondly,a network traffic anomaly detection dataset is constructed based on the real network environment and simulated attacks.Finally,the effectiveness of CESDDM is validated using the constructed dataset.3.Based on the aforementioned work,the paper further designs and implements a prototype system for network traffic anomaly detection.To assist users in processing raw network traffic data and conducting network traffic anomaly detection,the paper integrates the network traffic anomaly detection task,constructs a complete network traffic anomaly detection workflow,and provides various functionalities,including network traffic preprocessing,network traffic blacklisting/whitelisting,network traffic anomaly detection,and data analysis.The network traffic preprocessing functionality processes the raw network traffic and generates a set of statistical features suitable for machine learning.The network traffic blacklisting/whitelisting allows users to input traffic blacklists and whitelists,enabling the identification of blacklisted and whitelisted IP addresses as anomalies and normal traffic,respectively,for pre-screening network traffic.The network traffic anomaly detection functionality utilizes the CESDDM model to perform traffic anomaly detection.The data analysis module can generate visualizations such as bar charts and pie charts.Additionally,functional testing and performance testing are conducted on the main functional modules of the network traffic anomaly detection prototype system to validate its ability to achieve the desired results.In conclusion,the network traffic anomaly detection based on the coupled learning strategy can effectively enhance anomaly detection capabilities and improve model explainability.The method of selecting features from real network traffic of a company can accurately represent the original network traffic and validate the effectiveness of CESDDM.Furthermore,through further application research,the network traffic anomaly detection prototype system described in the paper proves to be effective in integrating feature preprocessing and anomaly detection functionalities,demonstrating clear practical value.