Research On Key Technologies Of Network Abnormal Behavior Detection Based On Intelligent Strategy

With the expansion of information network scale,the growth of network data volume and data dimension,and the diversification of network attack technology,the information industry has put forward higher requirements for network robustness and security.Theoretical analysis and technical research on network operation and maintenance data association traceability,network anomaly feature modeling attack identification,network behavior pattern abstraction and so on are of theoretical and practical significance for network security guarantee and abnormal behavior detection.Utilizing big data,machine learning and other emerging theories and intelligent strategies to detect abnormal network behaviors and conduct multi-angle joint analysis and modeling has become one of the current research hotspots.However,there are still the following problems in the current network abnormal behavior detection scheme:the difficulty in association mining and tracing of massive network data,the poor interpretability of machine learning at the business level,and the lack of abstract model of network abnormal behavior pattern.This article carries out the following researches from the aspects of theoretical research,algorithm optimization and experimental verification:1.To solve the problem of multiple classification of abnormal traffic,an end-to-end abnormal behavior recognition model based on measurement learning is proposed.Considering that the traditional network abnormal traffic identification model is not suitable for the network environment where the encrypted traffic is increasing,and the data feature extraction under the traditional machine learning algorithm requires abundant domain knowledge,this article optimizes the feature expression of loss function,and maps the features of high-dimensional traffic data in Euclidean space to cosine space,and achieve the classification mapping of feature hyperplanes by increasing class spacing by squeezing the inter-class space,and extend it to open set scene to solve unknown classification.The experimental results show that the measurement learning embedding can effectively improve the performance of the traffic classification model,and the open set can effectively increase the generalization ability of different data sets.2.For the interpretability of algorithm business level,a cross-algorithm interpretation framework based on network structure and data characteristics is proposed.Since the service interpretability for network anomaly traffic classification model is not high,and the characteristics of "black box" of the model to explain the classification result in the problem of confidence level is not high,this dissertation embarks from the business understanding,based on the model structure and data characteristics,design a kind of can explain framework to improve the reliability of the algorithm,improve the unusual behavior of classified information.Experimental results show that the joint framework can explain the business characteristics of network security traffic,optimize algorithm selection and classification model of feature selection.3.Aiming at the network abnormal data in the alarm log,a network abnormal behavior discovery model based on alarm transmission is proposed.Timing constraints are introduced to detect anomalous behaviors.Filtering useless sequences such as time constraints,sliding time windows,and classification levels are optimized for frequent item sets in wireless networks,topology screening verification,and cross-domain alarm correlation based on alarm delivery topology.The experimental results show that the improved GSP algorithm combined with time windows to mine time series correlation alarms can effectively correlate the alarm information,and the compression redundancy provides data basis for fault tracing.4.Aiming at the network modeling of abnormal behavior propagation,a hierarchical expression model of network behavior based on dependency relationship is proposed.Construct a multi-layer network cascade model with asymmetric dependency groups,introduce abnormal recovery mechanisms within and between layers,and analyze the effects of different parameters on behavior propagation and robustness.The experimental results show that the approximate theoretical solution of the mean field is consistent with the simulation results,and the intra-layer fault threshold and the intra-layer recovery threshold have the strongest impact on robustness.