Research On Malicious Traffic Detection In Cyber Security

With the vigorous development of computer network and mobile communication technology,the Internet has been closely connected with people’s daily life.The increasing global Internet traffic not only promotes the rapid development of social economy,but also further intensifies the cybersecurity problems caused by malicious traffic.The proportion of malicious traffic in the whole network has increased year by year,which has seriously affected cybersecurity,it has not only caused huge losses to the global economy,also seriously threatened the national security.By using technical means to sense the network status,detecting malicious traffic in time and taking effective measures,the emergency response ability of network can be enhanced,the anti attack ability of network can be improved,which is of great significance to cybersecurity.Malicious traffic detection method is such an effective technology,which can detect malicious traffic in the network,it can provide an important technical basis for other sensing and processing methods.Most of the traditional malicious traffic detection technologies are based on machine learning,which need to build traffic feature sets and detection models artificially,and they are facing the risk of failure as the current needs of real-time intelligent analysis of traffic.Convolutional neural network(CNN)can automatically learn low to high-order features from the original net traffic data,and can build an effective model through the training set,it can well solve the problems of traditional machine learning methods,which is mentioned above.However,problems such as model storage and computational complexity limit the practical advancement of this technology.With the popularization of 5G technology and the comprehensive promotion of Internet of things,various application scenarios put forward higher requirements for lightweight and real-time performance of the model.On the premise of ensuring the accuracy of identification,reducing the complexity of the model and computing cost for malicious traffic identification has become an urgent problem to be solved,which can not only promote the practicality of the technology and realize real-time intelligent analysis of traffic,but also reduce the useless bandwidth of external communication and the energy consumption of embedded devices,it is of great significance to network information security.Therefore,this dissertation has carried out the following two aspects of research on malicious traffic detection technology based on CNN: the applicability of lightweight CNN to malicious traffic detection and hardware acceleration of CNN based malicious traffic detection.(1)Research on lightweight CNN model for malicious net traffic detection.Aiming at the problem of model complexity,the applicability of four CNN structures for malicious traffic detection has been researched.It is found that a smaller CNN named as MDNet has the same high recognition accuracy and strong model generalization ability.According to the model size and computational complexity,the effects of different convolution kernels and full connections on the test accuracy and model generation ability is studied,and a lightweight model named as MDNet-mini is designed.In addition,quantization technique is further used to reduce the storage space and the computational complexity of the model.All the above work provides a model basis for the subsequent research on malicious net traffic detection hardware acceleration,and establishes a clear research direction for the study.(2)FPGA based reconfigurable acceleration scheme for malicious net traffic detection.To solve the problem of data reading in convolution windows,a buffer configuration gating unit which can meet the needs of different convolution sizes is proposed,which can provide multiple convolution windows data read at the same time.Based on the characteristics of convolution weight sharing and full connection input sharing,a reconfigurable hardware acceleration circuit suitable for convolution and full connection computing is designed for the 8bit quantized MDNet-mini model.Aiming at the bandwidth bottleneck of off chip data reading,a block on-chip storage system is proposed.Through structure design and reasonable allocation of the on-chip storage resources,the loopback of computing data on-chip is realized,and the problem of data read-write bandwidth is effectively avoided.Finally,based on the above hardware design,a reconfigurable acceleration architecture for malicious net traffic detection is constructed.The reconfiguration of the model can be realized by updating the model parameters,also the reconfiguration of circuit functions and pipeline levels can be realized by loading different instruction parameters.The maximum data throughput of the reconfigurable hardware acceleration scheme can reach 742.6Mbps,which is 186 times and 31 times faster than CPU and GPU respectively.(3)Research on malicious net traffic detection and acceleration scheme based on XNOR-CONV.Aiming at the problem of test accuracy loss in binary neural network,a tentative malicious traffic detection method based on ternary input,weight/offset is proposed,which verifies the effectiveness of ternary technology in malicious traffic detection.The ternary of input,weight/offset effectively reduces the amount of calculation in convolution layer,which also has a certain compression effect on the model size.Based on this,a hardware acceleration circuit for malicious net traffic detection based on XNOR-CONV is designed.The peak data throughput of the hardware acceleration scheme for XNOR-CONV based malicious traffic detection can reach1194.6Mbps,which achieves 299 times and 50 times acceleration compared with CPU and GPU respectively.This work verify the advantage of the ternary model for hardware acceleration within the reasonable accuracy loss,which provides a reference for the further study of ultra-low precision quantification of the whole model parameters.The malicious net traffic detection technology based on lightweight CNN proposed in this paper has the characteristics of no manual design of feature sets and detection model,and its hardware acceleration scheme has high data throughput and can meet the needs of real-time intelligent analysis for network traffic,which has certain academic significance and application value for the next generation firewall technology and information security of Internet/Internet of things.