Research And Implementation Of Anomaly Detection Technology Of Network Traffic

Network is essential to modern life.With the rapid development of Internet technology and the increasing complexity of network topology,the supervision of network is facing great challenges.In this environment,it is one of the potential technologies for anomaly detection of network traffic to network supervision which can not be ignored in the fields of detection of network intrusion,security monitoring,operation and maintenance.Therefore,an online anomaly detection method of network traffic based on the prediction model and classifier is proposed,and the corresponding system based on this method is implemented in the thesis.The primary work and contributions of this thesis are as follows.(1)In this thesis,the relative techniques of anomaly detection,prediction model based on neural network,classifier,etc.are studied.And an anomaly detection framework named LSTM-SVDD is proposed.This framework combines principal component analysis,prediction of time series based on LSTM,one-class classifier,and other techniques.About the framework,it works based on training the prediction model and classifier with normal data at first.Then the network traffic can be predicted within a normal area based a trained prediction model of network traffic.At last,the deviation sequence is calculated and input into one-class classifier which can check if the traffic is normal of anomaly.(2)In this thesis,the time series of network traffic is predicted by the prediction model based on LSTM.This prediction model needs to be trained based on the data of normal network traffic,and then its prediction data can stay in the normal area.During model training,ADAM algorithm is used to optimize the process of gradient descent.It is found that the effect of prediction is available through the test of the prediction model.(3)It is realized to check traffic by the classifier of normal traffic based on SVDD.The deviation sequence of prediction sequence and actual traffic can be input into this classifier for checking.(4)Through the research and test of the anomaly detection framework,LSTM-SVDD,the prototype system is designed and implemented based on the framework.The system can be divided into four function modules,the subsystem of traffic collection and pre-processing scheduling which can reduce the dimension of data by principal component analysis after traffic collection,the subsystem of prediction model based on LSTM which works for training,optimization,and prediction of traffic of the model,the subsystem of anomaly detection which contains the training and the result output for exception judgement of one-class classifier based on SVDD,and the subsystem of Web management which is in charge of interaction with users.This anomaly detection framework,LSTM-SVDD,is available for online traffic anomaly detection with multiple feature dimensions or a single dimension.It is only necessary to train the prediction model and classifier with normal data sets of different features dimensions.Through the experiments and test of system,the availability and accuracy of system and framework are verified.