Network Abnormal Traffic Detection Based On Deep Learning

With the rapid development and wide application of the new generation of Internet,the scale,structure and application of the network are becoming more and more complex,and the traffic data carried in the network space is increasing exponentially.At the same time,network security issues are becoming more and more severe,and the types and means of network attacks are constantly upgrading and changing.How to effectively detect and prevent network attacks has become a key research direction in the field of network security.Abnormal traffic detection technology is already a common technology in the field of network security.However,in the face of an increasingly large amount of data,traditional traffic analysis methods can no longer meet the needs of real-time and high efficiency.In recent years,deep learning has made a lot of breakthroughs in application fields such as natural language processing and computer vision,which provides new ideas for the research of abnormal network traffic detection.Aiming at massive,high-dimensional,complex and changeable traffic characteristics,research on fast and effective anomaly detection algorithms is a hot and difficult point in current information security research.This paper is based on deep learning and combined with the characteristics of network traffic data.The work contribution mainly includes the following parts:The current situation and difficulties of network abnormal traffic detection technology are sorted out,and the general process and characteristics of common detection technologies are introduced.Aiming at the current open source traffic data set,which has the characteristics of time series and high dimension,combined with deep learning technology,two improved abnormal traffic detection schemes are proposed.1.Aiming at the characteristics of high dimensionality and high computational cost of network traffic data sets,an abnormal traffic detection method based on integrated feature selection and LCFE(Leader Class and F1-score Ensemble)is proposed.In the integrated feature selection scheme,three feature selection methods in the filtering method and the wrapping method are integrated.Aiming at the differences in the performance of different types of traffic in model training,an improved ensemble framework LCFE is proposed,in which the base learner uses CNN,RNN,and DNN networks.The framework obtains leadership models for different types of traffic through training,and the results of the leadership model are the main factors for prediction.Finally,the scheme is implemented,and the experimental results show that the accuracy of the proposed scheme is higher than that of the existing models.2.Aiming at the strong temporal characteristics of network traffic data sets,a CNNLSTM abnormal traffic detection method based on multi-head attention mechanism is proposed.The CNN-LSTM network has strong processing ability and adaptive ability for high-dimensional time series data sets.The CNN module is used to extract features from the original input data,and the LSTM module is mainly used to deal with the time dependence in the sequence data.By adding a multi-head self-attention module,it focuses on the salient features of the input sequence to improve classification performance.Finally,the scheme was verified and compared with various anomaly detection methods,the accuracy of the model was significantly improved.