| In recent years,with the rapid development of science and technology,critical information infrastructure,as the most important infrastructure,has become an indispensable part of people's daily life and work.The information and data transmitted and stored in business-critical network contain huge economic value.Therefore,many cyber attackers deliberately want to obtain the potential benefits of business network.Business-critical network are facing huge security threats.At present,there is an urgent need to adopt effective abnormal traffic detection methods to realize the alarm function of network security events,quickly and accurately detect and analyze the network operation status,and find the root cause of the abnormality to prevent attacks from causing more serious damage to the business-critical network.The traffic anomaly detection system for business-critical network must meet the three requirements of high accuracy,low false alarm rate and high efficiency.Therefore,this thesis proposes a traffic anomaly detection method based on the combination of information entropy and LSTM.First,the traffic is preliminarily detected by calculating the information entropy of the selected features,and the obtained entropy value is compared with the set threshold to obtain a rough judgment result.If suspicious traffic is detected,LSTM is used for in-depth detection.The suspicious traffic sequence is predicted through LSTM,and the predicted value is compared with the actual value to finally determine whether the suspicious traffic is attack traffic.Information entropy can reflect the obvious changes of the network and quickly find and locate network anomalies,while LSTM is very suitable for modeling and predicting network behaviors with a fixed working sequence.The two algorithm complement each other to a large extent and overcome the disadvantages of high false alarm rate and low detection efficiency.The CICIDS2017 dataset is used to evaluate the flow anomaly detection method.Experiments show that this method can meet the high-efficiency detection of abnormal flow to a great extent,which confirms its feasibility and accuracy.Based on the verification results of the above-mentioned traffic anomaly detection methods,this paper designs and implements a traffic anomaly detection system for the business-critical network.Through a detailed introduction to the system's overall architecture design,functional module composition,and the implementation process of each module,the design ideas and implementation process of the entire system are shown from the whole to the part.On this basis,various functions of the system are verified through simulation experiments,and the detection perfor-mance is evaluated.The simulation experiment results demonstrate that the system meets the requirements of high accuracy,low false alarm rate,and high efficiency in traffic anomaly detection for business-critical network to a large extent. |
PDF Full Text Request