Traffic Analysis And Anomaly Detection Applications For Network Interaction

With the rapid development of Internet technology,the scale of the network and the size of the user community continues to expand,and the Internet has become an indispensable part of people's daily lives.While enjoying the convenience brought by the Internet,cybersecurity incidents are gradually threatening our lives.Computer viruses,privacy leaks,hacker attacks and other malicious incidents have occurred frequently,causing different degrees of losses to the state,enterprises and individuals.At the same time,due to the continuous development of current Internet technologies,various new types of attacks are emerging,making the network security situation even more severe.As one of the most important defense technologies in the field of network security,network traffic anomaly detection technology plays an important role in ensuring the normal operation of the network and maintaining network space security.Most of the traditional anomaly detection methods rely on the characteristics of manual design and extraction of traffic,and there are problems such as high false positive rate,low accuracy of multi-class detection,and poor generalization ability.In this context,this thesis studies the traffic analysis and anomaly detection application for network interaction,in order to effectively detect and distinguish all kinds of abnormal attack traffic in the network.The main work content is as follows:(1)Analysis and feature extraction of network traffic.There are two sources of traffic data in this thesis.One is to obtain the benchmark data set NSL-KDD in the field of anomaly detection,which is used to verify the feasibility of this method for traffic anomaly detection.The other is to obtain the original traffic data set IDS2017 provided by the Canadian Cyber Security Institute,after analyzing the original traffic data packet and analyzing the traffic features,extracts the 75-dimensional features and constructs a new traffic data set with timing features to verify the effectiveness of the proposed method.(2)Designing an anomaly detection model based on attribute association within sequences.In view of the advantages of convolutional neural network in image feature extraction,this thesis regards traffic sequence as a special image data with only one dimension,and uses onedimensional CNN to implement the proposed anomaly detection model,so as to effectively learn the attribute association of traffic sequence.(3)Designing an anomaly detection model based on temporal superposition between sequences.In order to make better use of the temporal characteristics of network traffic,this thesis uses the improved Long Short-Term Memory network(LSTM)to implement the proposed anomaly detection model,which not only learns the characteristics of traffic sequences,but also learns the timing characteristics between traffic sequences,to achieve accurate detection of abnormal traffic for different attack types.(4)Performance verification of two anomaly detection models.Using the self-built abnormal traffic data set,the above two models were trained and experimentally verified by setting different network structures.The experimental results show that compared with several commonly used machine learning-based methods,the two models proposed in this thesis can better learn the features of traffic,improve the detection accuracy of abnormal traffic,and reduce the false positive rate.It should be pointed out that the proposed improved LSTM model exhibits the optimal detection effect in the experiment by learning the timing characteristics between the flows.