| Cyberspace analysis capability is a new focus of national interests,and the discovery of threats is a significant primary issue in safeguarding cyberspace.Threat behavior is carried in the network flow data and often carries out hidden processing such as encryption,confusion,and camouflage.It is of great significance to detect threat behavior in a complex network data stream.With the rapid development of the social economy,network communication ensures people’s intelligent production and life.The amount of network communication increases sharply,and the number of network equipment continues to rise.The security problem of cyber security is becoming more and more critical.Therefore,it is essential to improve network communication security through defense,monitoring,and tracking for personal security,social security,and national security.Network flow threat behavior detection is a vital threat behavior analysis method in weak cooperative and non-cooperative network scenarios.It does not depend on other permissions and can complete data collection on any device and communication node.The leading network flow analysis technologies have some shortcomings,such as low analysis efficiency,poor mobility,complex data annotation,and low business interpretability,making it challenging to meet the needs.Therefore,it is urgent to study the cognitive framework of network flow threat behavior from practical application and consider the specific needs of different scenarios.This paper attempts to establish a network flow threat behavior analysis system with high accuracy,high efficiency,portability,and better interpretation based on the machine learning algorithms,which improves the ability of threat discovery in the defense system.The main work of this paper is described as follows:Firstly,this paper proposed a network flow threat detection model based on model search.Aiming at the problems of low deployment and poor mobility caused by network model redesign according to different background networks in the network flow threat detection scenario,this paper studied the network flow threat behavior detection model based on model search.An efficient and transferable framework for network flow data is designed through the network architecture search method.The proposed method can complete rapid migration and deployment in different application scenarios in cyberspace with diverse background networks and complex environments and improve deployment in different network environments.Secondly,this paper proposed a few-shot detection model for threat behavior detection based on deep features.In the actual application scenario of network security,the number of samples of different types of abnormal and threatening behavior is very small or far less than normal behavior,resulting in poor threat detection effect on unbalanced data.This paper studied the scheme of data argumentation and treats detection methods,which combined convolution neural networks,generative adversarial networks,and auto-encoder networks.The proposed method can improve the threat detection accuracy for a few-shot application,which is significant for a natural network connection environment.Thirdly,this paper proposed a cognitive model for network flow threat behavior detection based on multi-source fusion.In view of the complexity and diversity of network flow data information,the variety,and rapid change of threat behavior,it is difficult to find a common rule.It is not easy to obtain complete information from a single data source.This paper studies the multi-source fusion scheme for network flow data and business feature data to make the popular network analysis more stable.Data fusion,feature fusion,and decision fusion realize the fusion of original network flow information and artificial feature information.The proposed method can improve the stability of the network threat analysis model,realize the compatibility between the manually extracted feature data and the original network flow data,and be compatible with the manual experience and data features to improve the effect of threat identification.Fourthly,this paper proposed a network flow cognitive analysis model for threat behavior representation.In view of the weak interpretability of current network popularity,this paper discusses the characteristics of different network behaviors,threat behaviors,and attack behaviors,studies the template construction method for threat behavior representation,constructs an interpretable network flow analysis system by building a neural network layer by layer,The proposed method can be combined with business features and data distribution to analyze the characterization differences of different network threat behaviors.It provides a new idea for studying the mechanism of network threats. |