| Network security maintenance requires effective traffic anomaly detection,which has become a prominent area of research.However,traditional detection methods depend on expert experience and need to update the rule base frequently.Further,unbalanced traffic data in networks and simplistic detection models lead to low abnormal data detection accuracy.Moreover,the static and inflexible nature of traditional network architecture exacerbates the challenge of configuring detection services and adjusting resources in real-time.Consequently,the deployment of traffic anomaly detection systems with flexible and real-time updates becomes challenging.To address these challenges,the paper presents a novel traffic anomaly detection system(TADS)which uses machine learning(ML),generative adversarial networks(GAN),and programmable data plane technologies to achieve high detection accuracy,flexibility,and real-time updates.It mainly includes the design and development of three modules: model training,anomaly sensing and model asynchronous updating:In the model training module,the paper presents a traffic anomaly detection model based on machine learning.To address the issue of data imbalance and improve detection accuracy for small samples,the paper proposes the use of an auxiliary generation adversarial network.Additionally,the paper employs feature correlation and an automatic encoder to extract data correlation features to enhance detection efficiency.To further improve the accuracy of the model,the paper proposes a voting classification algorithm based on Random Forest(RF)and Long and Short Term Memory Network(LSTM)-Convolutional Neural Network(CNN)and named G-TADS.The anomaly sensing module employs a decoupling mode of control entity and detection entity,allowing for flexible deployment and real-time detection of network anomalies.Real-time feature calculation is performed on the data stream to facilitate detection model invocation.Additionally,the programmable data plane and protocolindependent packet processor programming language have facilitated the design of forwarding strategies and customization of security mechanisms that align with specific requirements,thereby enhancing the detection of attacks.In the asynchronous updating module,the paper builds a dynamic update system for the model based on the idea of horizontal federation learning.This system can adapt to changing attack types in the network,increase the generalization of the running entity detection model.Besides,the paper designs a semi-asynchronous federated learning mechanism.The paper also adds a client selection algorithm and model compression mechanism to optimize the global update algorithm,thereby improving the efficiency and quality of the global model.Finally,a relevant experimental environment is established to deploy the designed traffic anomaly detection system,and its performance is evaluated based on the CICDDo S2019 and Edge-IIo Tset data sets.The system’s model training,anomaly sensing and model asynchronous updating functions are verified,and the data balancing and feature extraction methods are tested.The voting classification algorithm is also evaluated for its performance in detecting abnormal traffic.Following the online deployment of the model,the entire system is tested,and the detection results are used to forward traffic to different ports.The distributed update and model compression are also tested to assess the system’s efficiency.The experimental results demonstrate the effectiveness of the proposed system in solving network data imbalance issues and significantly improving the accuracy and efficiency of the detection model.The designed system is capable of real-time detection of abnormal traffic and implementing measures against different types of attacks.Furthermore,the model’s convergence speed and detection efficiency are increased by three times.Therefore,the proposed system effectively enhances the performance of anomaly recognition and provides valuable insights for maintaining network security. |
PDF Full Text Request