| Network traffic anomaly detection is an important research content in the field of network security management.By analyzing network traffic,manager can assess the health of network environment and provide early warning and prevention of anomalies and attacks.In particular,it provides practical and effective guidance for the identification and classification of network traffic anomalies.This paper identifies and classifies abnormal traffic caused by web attacks based on the HTTP protocol.A new analysis perspective is proposed,that is,analyzing external parameters of network traffic packets that do not involve content,in order to identify and distinguish the traffic anomalies caused by the two kinds of web attacks.The required external parameters are obtained through a series of pre-processing and selection tasks.From this point of view,this paper proposes two kinds of analysis models,one is the classification method based on wavelet decomposition to extract energy features,the external parameters are regarded as signals and using wavelet function to decompose and extract energy-related features and use the features as training data of classifiers.One is based on the autoencoder compression and extraction feature to do classification,the external parameters are sent to the built autoencoder deep network,the expression features learnt from the deep network and the features are sent into the classifier for training and prediction.Through qualitative and quantitative experiments and comparative experiments,both methods can obtain good classification performance,and the classification accuracy is above 88%,especially the classification method based on wavelet decomposition to extract energy characteristics,and the classification accuracy reaches 91%.It proves that the network traffic anomalies caused by two kinds of web attacks can be recognized and classified effectively through the method proposed in this paper,and this method also has certain reference in the analysis of network traffic. |
PDF Full Text Request