| The original design of Internet is mainly used in trusted environment,which mainly focuses on the interconnection of networks but is lack of the consideration of network security.With the Internet becoming more and more commercial,it is facing serious security threats.Although the "plug-in" security mechanism can solve specific security problems,it makes the network protocol more and more bloated,which derives the research of endogenous security network.Network traffic security is an important direction of endogenous security.How to identify malicious traffic in network flow is particularly critical under the condition of high efficiency,accuracy,low cost and taking into account user privacy.Focusing on the endogenous security requirements,this paper analyzes the problems and difficulties of malicious traffic identification in the current network and puts forward the corresponding solutions.(1)Aiming at the difficulty of obtaining data sets,this paper proposes a few-shot transfer learning method EGF(EfficientNet Global Finetune).Using EfficientNet as the backbone model and the transfer learning method of global finetune,this paper compares the model weights of different source domain data sets pre training,and randomly samples a variety of proportion of training set samples from the original data set to evaluate under the same test set.In USTC-2016 traffic data set,EGF algorithm uses different source domain data for comparative experimental analysis,combined with a variety of target domain data sampling training.the results show that EGF algorithm has excellent performance.The results show that EGF can achieve 91.11%performance under 2%target domain data.(2)Aiming at the frequent update of flow data and model,this paper proposes an incremental learning method of distillation learning+deviation correction named DLDC(Distillation Learning and Deviation Correction).Network traffic is a constantly updated dynamic data,so malicious traffic identification should also be able to dynamically update with the change of data.The premise of incremental learning is to identify new categories accurately while minimizing the error rate of old categories.In this paper,an incremental learning method with distillation learning and bias correction is proposed to alleviate the impact of "catastrophic forgetting".The experiments show that DLDC can complete the updating of the model when the performance of the model is reduced by about 3%.(3)Aiming at the problem of user privacy and data isolation,this paper proposes a federated learning method based on the PySyft framework named Federal-EfficientNet.The original intention of federated learning is to protect users' privacy and data security.Without sharing the original data set,each sub model will be trained with an independent data set separately.Finally,weights and parameters of the models will be merged and updated together.In this paper,Federal-EfficientNet is applied to malicious traffic detection.The result of the final experiment simulation of 50 participants'federated learning is 13%higher than the effect of participants' training with the same data set alone.The above three research points solve the problem of malicious traffic recognition task in current network and provide the support for the research of endogenous security. |
PDF Full Text Request