A Research Of Network Traffic Model And Anomaly Detection Technology

The quantification and complexity of network traffic have become the normal situa-tion,and how to identify,monitor,and analyze network traffic has become an important research direction and hotspot.In particular,the research on anomaly detection methods based on deep learning has received widespread attention from the industry,academia and research circles.The combination of anomaly detection with machine learning,deep learning and other artificial intelligence technology is an important branch of research in the field of network security.As a means of detecting advanced threats,traffic analysis technology combines artificial intelligence,big data and other technologies to model traf-fic,analyze traffic behavior,identify and detect abnormal traffic,and provide important technical support for network administrators in network planning,network optimization,network monitoring,etc.The content of this dissertation is applying traditional statistical methods,deep learn-ing and reinforcement learning methods to the field of network traffic modeling and anomaly detection.The traffic model is the basic research work of anomaly detection based on traffic.Mastering traffic characteristics is a prerequisite to build robust,safe and reliable network.The traffic model helps to grasp the network traffic operating status,make traffic forecasts,and can carry out anomaly detection research on this basis.The main research content and contributions include:(1)Research on the application of statistical methods in the field of time series mod-eling represented by traffic,summarize a set of modeling procedures,which can be used to guide model selection,indicator design and model evaluation,and propose a hybrid model of machine learning and statistics.The degree of accuracy has increased by more than 10% for time series forecasting.An encrypted video stream recognition scheme is de-signed,and the nearest neighbor and dynamic time warping algorithm of the video stream is proposed.The experimental results show the effectiveness of the scheme.Based on the increase in the uncertainty of encrypted traffic,the entropy value is increased,and combined with the machine learning classification algorithm,an encrypted traffic iden-tification method is proposed.Compared with the traditional method,the method has improved the identification accuracy and other indicators by more than 10%.(2)After analyzing the performance of long and short-term memory networks,a deep learning flow model based on the fusion of attention mechanism and self-encoding and decoding is proposed.Compared with the existing model,the training time is shortened by about 80%.Based on the flow model,an anomaly scoring mechanism is designed and an attention-based anomaly detection model is proposed.This model combines the advantages of the attention network on the premise of ensuring the detection accuracy and other indicators,which greatly improves the efficiency of the model.The experimental results show that the accuracy of anomaly detection meet or exceed the existing model,the model training time is significantly reduced by around 80%.(3)Through the application of Generative Adversarial Neural Network(GAN)to the field of traffic modeling and anomaly detection,a traffic model based on GAN is proposed.This model overcomes the instability and other problems that are prone to GAN training and generates a high degree of simulation samples.Based on this model,an abnormal scoring mechanism is further designed to detect abnormal traffic.Experimental tests show the effectiveness of the model,and its recognition accuracy reaches or exceeds the existing model.(4)Through the research of the reinforcement learning framework of Asynchronous Advantage Actor and Critic(A3C),the network anomaly detection behavior is modeled,and the experimental tests on four benchmark data sets show that the detection accuracy,recall and F1 scores and other evaluation model performance indicators meet or exceed the current Some models.