Research On Technology Of Intelligent Analysis And Detection For Data Flow Anomalies Based On Of Network Secure Access

Network security access is the security foundation for ensuring the confidentiality of data and services of internal networks in important departments such as enterprises and institutions,and is an important support of network and information security.Sensitive data and key services of important departments are of great value in defense,military,and civil applications.At present,abnormal network behaviors such as facility destruction and data theft of the internal network are emerging.Therefore,it is necessary to study abnormal analysis and technology.Artificial intelligence methods such as machine learning and neural networks have broad application in network anomaly detection.However,the existing anomaly intelligent detection technologies still have problems such as incomplete anomaly analysis,low detection rate,and low efficiency,which cannot meet the needs of deployment in actual network environments.This thesis makes an indepth analysis of three types of data flow abnormalities,including anomaly from external network access,anonymous visiting anomaly in internal network,and anomaly with abnormal attributes association.This thesis studies the technologies of multi-task fine-grained intelligent classification of encrypted network flows,intelligent detection of anomaly from external network access,intelligent detection of anonymous visiting anomaly in internal network.The main work includes:1.Aiming at the problems that traditional network flow classification algorithms do not pay enough attention to the influence of flow characteristics,and the accuracy of multitask classification is not high enough,the multi-task fine-grained intelligent classification of encrypted network flows is realized by improving the KNN algorithm,designing the feature adaptive algorithm,constructing the flow feature candidate set,and designing the framework for flow classification.The feature weighted KNN algorithm is proposed,which improves the accuracy of network flow distance calculation.A feature adaptive algorithm is proposed,which selects features and adjusts weights adaptively based on the classification target and training data rules.It solves the problem of low classification accuracy caused by insufficient feature engineering construction to classification targets.A multi-task fine-grained classification algorithm for encrypted network flows is proposed.By analyzing the encryption status of network flows,application types of encrypted flows,and content types of encrypted flows,the basis of network flow pre-classification for anomaly detection is realized.The validity of the algorithm is verified through experiments.2.Aiming at the problems that the existing anomaly detection technology only analyzes the single characteristics of the network flow,resulting in insufficient portrayal of network flows and weak anomaly detection,deep detection for anomalies from external network access is achieved,through multi-dimensional flow feature design,hybrid neural network analysis,and accurate portrayal of network flow.A flow feature set oriented to the 3-dimensional characteristics of network flow is constructed.By designing a 7-dimensional single-flow packet sequence feature set,a 38-dimensional single-flow statistical feature set and a 12-dimensional multi-flow environment feature set,a deep analysis foundation for flow portraits based on sequential,statistical and environmental characteristics is realized.A hybrid neural network structure based on one-dimensional convolutional neural networks and dense neural networks is designed for depth analysis of three-dimensional characteristics.An anomaly detection method based on the deep portrayal of flow is proposed,which improves the detection rate of anomalies.Experiments verify that the algorithm has a good detection effect on various external access anomalies.3.Aiming at the problems of difficult extraction of useful features of anonymous traffic and difficult analysis of anonymous visiting behavior,an in-depth study of anonymous traffic is carried out from the depth analysis of burst to achieve effective detection of anonymous visiting anomalies.A website fingerprinting analysis model for closed world scenarios is proposed.Through burst automatic extraction,burst abstract learning and burst in-depth analysis,effective analysis of website fingerprints is achieved.An open world scene model based on random forest algorithm is designed.Through intelligent learning and analysis of the correlation of each dimension of fingerprint vector,the effect of binary classification of anonymous visiting abnormalities is improved.An anomaly detection framework was constructed.Through the in-depth analysis of website fingerprints and the effective learning of the fingerprint vector correlation,the overall detection effect of anonymous visiting anomalies was improved.Experiments verify that the model has a greater performance than the other algorithms in terms of detection rate and efficiency.4.Aiming at the needs of anomaly analysis and detection in network security access,through logic module design and overall system architecture construction,an anomaly intelligent analysis system is designed.Designed core modules such as detection of anomaly from external network access,detection of anonymous visiting in internal network,analysis of anomaly with abnormal flow attributes association and comprehensive analysis of anomaly,etc.Through the implementation of targeted detection of various anomalies,the overall detection is improved.The system framework based on data visualization is built.Through the effective coupling of logic modules and the scientific use of resource such as Django and Highcharts,the visualization of abnormal detection data is realized,which improves the analysis for network secure access.Through the offline verification and real-time testing methods,the anomaly detection rate and delay of the system are analyzed to verify the feasibility and effectiveness of the system.