Research And Implementation Of Trojan Traffic Detection System Based On Deep Learning

With the advent of the information age,the speed of the Internet become faster and faster.When people browse websites,emails,videos and other applications,lawbreakers use malicious Trojans embedded in them to obtain user information,control user computers and destroy user data and other illegal acts,which greatly damage the healthy development of the Internet.The detection and identification of Trojans are becoming increasingly important.In recent years,with the development of deep learning technology,it is possible to identify Trojans by transforming Trojan traffic into vector forms such as pictures into deep learning network.Many new methods and technologies to detect Trojan traffic have emerged,and they have been applied to the real traffic identification.Nowadays,the mature Trojan detection technology is mainly based on program signature,host behavior and network behavior.These three detection methods have different disadvantages:(1)the detection method based on program signature depends on the collection and analysis of static Trojan samples,with a time lag.(2)The detection method based on host behavior has the problem of occupying host resources.(3)the detection method based on network behavior mainly depends on the feature extraction of Trojan horse,which has the problem that the feature extraction is not accurate enough.Nowadays,the research of Trojan detection mainly focuses on the research based on network behavior,among which the research based on traditional machine learning method is more extensive.In the research,there are many problems,such as the human can not mark all traffic,a large number of unmarked traffic is not used.In order to solve the above problems,this paper introduces deep learning technology to solve the problem of inaccurate feature extraction,and combines semi-supervised deep learning with Trojan traffic detection to use a large number of unlabeled network samples for model training.Among them,the mean teacher model,which is more excellent in the field of semi-supervised deep learning,is used to improve the recognition rate by setting two deep learning networks,students and teachers,so that they can train at the same time.In addition,this paper also improves the mean teacher model to improve the generalization performance of the model,and proposes the virtual adversarial mean teacher model.Through the combination of virtual confrontation training model and mean teacher model,we can achieve better detection and classification effect.Finally,this paper also designs and implements a Trojan intrusion detection system,which applies the theoretical model to the actual traffic detection and achieves good results.