Research And Implementation Of Anomaly Network Traffic Detection Technology Based On Transfer Learning

With the frequent occurrence of network security events,network security has been paid more and more attention.As an important part of network attack identification and detection,network traffic contains data flow and control flow data in network space,which can be used as an important basis to identify network attacks.At present,the network anomaly detection technology based on machine learning algorithm is a fast developing field,but these methods often do not take into account the changes in network environment and the development of network attack means,as a result,the algorithm model using open source network anomaly traffic data set or existing network traffic training appears obvious effect drop when it is deployed to the target environment.Aiming at this phenomenon,this paper applies transfer learning to the research of network anomaly traffic detection technology.First of all,aiming at the small gap between the source domain and the target domain,this paper proposes a anomaly network traffic detection algorithm based on fine-tuning domain adaptive network,which achieves knowledge transfer through step-by-step process of expanding the similarity between domains and learning knowledge from the source domain network traffic.The AUC value of the transfer experiment from KDDTrain+to KDDTest-21 is 88.17%,which proves that the proposed algorithm is better than traditional machine learning algorithm and classical TCA algorithm.The training process and network structure of domain adaptive network based on fine-tuning is relatively simple,training time and computational effort requirements are low,but it is difficult to deal with the big difference of traffic data distribution scenarios,suitable for the source domain and the target domain in the network traffic data distribution gap is small situation.Then,beyond-sharing parameters adversarial domain-adaptive network is proposed for the situation where there is a big gap between the source domain and target domain.In the same training process,the algorithm expands the similarity among the domains and learns knowledge from the traffic of the source domain;The beyond-sharing parameter design of the feature mapping network preserves the domain-specific features that are useful for traffic label recognition.In the experimental part,the transfer experiments from CIC-IDS-2017 to CSE-CIC-IDS-2018 datasets are designed and the comparative experiments based on traditional machine learning algorithm and classical migration learning algorithm TC A are set up,the AUC value of the proposed algorithm has been improved by up to 30%.The beyond-sharing parameters adversarial domain-adaptive network can both learn the general features and retain the domain-specific features,but the adversarial training process is complicated,the number of network parameters is large,and the training time-consuming and calculating force are required.At last,the prototype system of network anomaly traffic detection is designed and implemented,and the algorithm model of beyond-sharing parameters adversarial domain-adaptive network is deployed through modular component functions.