Multi-head Self-attention Based Multi-Feature Anomaly Detection And Classification Of Network Traffic

With the development of the Internet and the emergence of various new applications such as cloud computing,big data,and the Internet of Things,network security is also facing huge challenges.Anomaly detection and classification are effective means to protect network security.However,many problems still exist in the research process.First,due to the characteristics of the network environment,the amount of attack traffic in the network is limited,which will inevitably lead to a serious imbalance between normal traffic and attack traffic.Secondly,most of the current researches using machine learning methods require artificial feature selection.Although the deep learning method can learn automatically without manual extraction,it has a long-term dependency problem.In order to deal with the problem of data set data distribution imbalance,solve the defects of manual feature extraction and longterm dependence,and achieve the purpose of improving accuracy,this paper proposes a network traffic anomaly detection and classification method based on multi-head self-attention mechanism.Research on the data set after the re-sampling method,the initial data set is sampled and reorganized to form a new data set with balanced data distribution,which is mainly divided into the following two points:1.Adopt the resampling method combining the cluster-based under-sampling technology CUT and the data-based over-sampling technology Borderline-SMOTE to solve the problem of data set imbalance.This resampling method reorganizes the original data set with unbalanced distribution to form a new data set with balanced distribution,which is used for subsequent anomaly detection and classification model research.The results show that the data set after this sampling method is helpful for model training and improves the accuracy of model classification.2.Use the multi-head attention mechanism to learn the correlation between multiple features,and design an anomaly detection and classification model,and perform coding analysis on the extracted multi-feature correlation to achieve the purpose of anomaly detection and classification.The machine learning method based on feature selection classifies according to a limited number of features,which has certain limitations.The multi-head attention mechanism can learn the correlation between multiple features from a global perspective,which helps to identify complex and diverse attack traffic.Experiments show that the proposed model has better performance compared with other methods.The data set processed by resampling technology is applied to the training and testing of the proposed model,and compared with the other two benchmark methods.The experimental results show that the proposed model has achieved good results in anomaly detection and classification.