Research On Botnet Detection Dased On GAN-LSTM

While enjoying the services and technologies brought by the times and the continuous development of the network,it also faces various problems and challenges brought by the changes of the network development era.Botnet is one of the most prominent,which can carry out theft,invasion,remote operation of broiler and other attacks.It is an inevitable choice to detect and identify botnets by network traffic earlier and faster than to monitor infected hosts through network traffic rather than monitoring infected hosts knowingly.The main work of this thesis is as follows:1.The long-term and short-term memory network is used to replace the neural network model commonly used in botnet recognition,and the long-term and short-term memory network is used to learn the spatiotemporal correlation between different network traffic.Botnet hosts usually connect to botnet servers continuously to obtain instructions.When they perform preset functions,their behavior patterns will converge with other controlled botnet hosts.So its network connection will show periodicity and repeatability.2.The thesis introduces the generation of countermeasure network,increases the number and types of samples,improves the detection ability of classification model on botnet.The output of classification model changes from normal,abnormal to normal,abnormal and false.3.The long and short-term memory network model is introduced as the classification model in the generation of the counter network,and the effect of two kinds of deep learning network superposition is studied.4.The integrated iscx botnet data set is used,including isot data set,IDS intrusion detection data set,DDo S distributed denial attack data set and botnet traffic in malware capture project.At the same time,there are nine more types of zombie traffic in the test set than in the training set to ensure that the test set can evaluate the detection ability of the model for location traffic.5.The network packets of data set are reorganized into network flow,and on this basis,13 kinds of characteristics are re selected from the basic characteristics of flow,communication characteristics,popularity characteristics and other aspects.The repetitive features are combined and the redundant features are discarded,reduced 4dimensions from 17 dimensions and reduced complexity by 23%.According to the above contents,this thesis recombines the data set,reorganizes the data package,designs the contrast experiment,compares and analyzes the GAN LSTM model and the general neural network model,and verifies the solution.The experimental results show that the detection accuracy of using long-term and short-term memory network instead of artificial neural network is 82.65%,which is6.9% higher than that of artificial neural network.With the addition of the generated sample training,the detection accuracy is improved by 0.93%,which shows the additive effect of the generated model.The experiment has reached the expectation.