| With the rapid development of emerging technologies such as 5G,the Internet of Things,and blockchain,the scale and number of network applications are growing exponentially,bringing about earth-shaking changes to people’s lives.At the same time,malicious attacks against the Internet are constantly emerging,and the traditional network architecture makes it difficult for network managers to obtain a complete network view,posing great challenges to network security maintenance and management.As an important means of network management,network traffic identification and classification and abnormal traffic detection technology are gradually entering people’s vision.At the same time,with the continuous development of SDN network technology,the superiority of SDN in network management and control is gradually becoming apparent.Currently,most traffic classification and abnormal detection methods often have problems such as high computational resource consumption,low detection accuracy,and algorithm performance depending on data sample characteristics.This thesis summarizes the current research status and challenges at home and abroad,and based on the mainstream technical solutions in the industry,carries out research on network traffic classification and abnormal detection for network security management,aiming to further improve the identification and detection efficiency and enhance the network’s security protection capabilities.The main research work and innovations of this thesis are as follows:(1)To address the issue of insufficient computing resources for network devices when using machine learning methods to implement network traffic identification and classification will greatly increase the device’s computational resource consumption,and the accuracy and real-time performance cannot be guaranteed.This thesis proposes a method based on DPI and machine learning fusion to achieve network traffic identification and classification.On the basis of ensuring accuracy,DPI technology is used to effectively filter useful information from network traffic,avoiding the need to process the entire data set and reducing computational resource consumption.Through actual testing,compared with traditional machine learning methods,the proposed method can effectively reduce computational resource consumption while ensuring classification accuracy and real-time performance.(2)To address the issue that traditional deep learning methods often ignore the temporal characteristics of traffic data when detecting abnormal traffic,and have problems such as low detection accuracy and difficult processing of traffic data samples.This thesis proposes an abnormal traffic detection algorithm based on the combination of 1D CNN and LSTM,which fully utilizes the spatial feature learning ability of CNN and the temporal feature learning ability of LSTM from the spatio-temporal characteristics of network data.The experimental results show that the 1D CNNLSTM algorithm proposed in this thesis can effectively reduce the size of data to be processed,and the accuracy on the NSL-KDD dataset can reach 99.051%,which is about 20% and 10% higher than the accuracy of using CNN or LSTM models alone,respectively.(3)To address the issue that network managers cannot obtain a complete network view in traditional network architecture,which makes data collection and fine-grained network management difficult.Based on the previous two points,this thesis designs a lightweight network traffic classification and abnormal detection system under the SDN environment.The experimental results show that the SDN-based network abnormal traffic detection system proposed in this thesis can not only effectively detect abnormal traffic in the network but also further expand the network’s functions through analysis and processing of the detection results,achieving fine-grained network management and precise control,and providing a more flexible,efficient,and reliable solution for network management and network security. |
PDF Full Text Request