Research On Network Anomaly Detection Based On Deep Learning

The network anomaly detection technology can identify network abnormal behaviors by establishing normal behavioral profiles.It can detect noval types of attacks,and is widely used in intrusion detection,botnet detection,and other fields.It is a research hotspot and focus in the industry and academic community.However,with the era of big data,the methods of attacks are changing with each passing day and new types of attacks are emerging,showing a trend of being ubiquitous,intelligent,and complicated.The current network anomaly detection technology cannot meet the ever-increasing performance demands of high detection rate and low false positive rate,and has the following three shortcomings:(1)The detection model based on the traditional machine learning algorithm has low accuracy under multiclass classification tasks,and the detection effect is often poor.(2)The acquisition of a large number of labelled samples is difficult,and limited label samples can only feed back limited information.The supervised classifier trained with a small amount of labelled samples often affects its accuracy.(3)The existing network anomaly detection model seldom considers time series such as the synchronization and the correlation between network flows,and affects its detection effect.This paper focuses on the above outstanding issues in the existing network anomaly detection technology in the areas of intrusion detection and botnet detection.Improving the accuracy of network anomaly detection model is the main research objectives,and the network anomaly detection technology based on deep learning is the main research content.By studying the applications of deep learning in the fields of intrusion detection and botnet detection,corresponding methods are proposed to improve the performance of detection models,and the detection performance of the classification model is further improved,which makes up for disadvantages of existing network anomaly detection technologies..The main research contents and innovations of this paper are as follows:(1)Aiming at the problem that the network anomaly detection technology does not have high accuracy under multiclass classification tasks,a noval deep learning approach for intrusion detection using full-connected recurrent neural networks is proposed.Moreover,we study the performance of the model in binary classification and multiclass classification,and the number of neurons and different learning rate impacts on the performance of the proposed model.The training method is compared with other traditional machine learning methods such as J48,artificial neural network,random forest and support vector machine.The experimental results show that the detection accuracy of the model based on fully connected recurrent neural network is superior to those models based on traditional machine learning under the same conditions.The proposed model reduces the false positive rate and further improves the detection ability of network attack behavior,and provides a new research method for the field of intrusion detection.(2)Aiming at the problem that the fewer labelled sample for training has influence on the detection effect of the supervised classification model,the application modeling method of generative adversarial networks for intrusion detection is studied by means of the idea of the adversarial interaction training.The detection perfermance of the classification model trained by the framework under different parameters is studied,and the corresponding training method is proposed.The framework introduces the generative model in the training phase.The generative model continuously generates fake samples,and expands the original labelled sample set.It can assist the model for intrusion detection,can improve the detection accuracy of the intrusion behavior,and can enhance the model under multiclass classification tasks.The proposed framework provides an effective method to enhance the generalization ability of intrusion detection models.(3)Aiming at the problem that the synchronization and correlation of the communication behaviors appears during the latent quiet period of botnets,a noval botnet detection model based on LSTM network is proposed.We study the communication characteristics based on network flows from different types of botnets,and exact features such as abnormal behavior and similarity,the length of network flows,number of reconnections,duration,and number of exchanged packets.The accuracy,precision and other indicators of the proposed model under different network structures and different learning rates are also studied.The experimental results show that compared with the artificial neural network or decision tree based detection classification method,the proposed model can better express the time series between network flows,and further improve the detection accuracy and reduce the false positive rate.Besides,the proposed approach does not care about the network traffic payload information,does not involve the network traffic privacy problem,and has certain ability for identifying the botnets using encrypted protocols and the novel botnets,which provides a feasible modeling method for the time series based network anomaly detection technology.(4)Based on the research results of intrusion detection technology using generative adversarial network,the generative adversarial network is applied to the field of botnet detection.A botnet detection framework based on generative adversarial network is proposed for training classification model.Experiments show that compared with the original detection model,the botnet detection model training by the proposed framework further improves the detection accuracy of botnets and reduces the false positive rate.