Anomaly Detection And Classification Of Network Traffic Data Based On Autoencoder Neural Network

With the development of network communication technology and the continuous expansion of network scale,network security will be vital significance.Anomaly detection and classification of network traffic data has become an important means of maintaining network security,it has received more and more attention and research in recent years.However,network traffic data anomaly detection and classification has problems such as large amount of data,unbalanced data distribution,and low accuracy of traditional anomaly detection and classification methods.Autoencoder is an important neural network in the field of deep learning.Because of its excellent feature extraction capability,it has been extensively studied for data anomaly detection and classification.This paper mainly focuses on the research of anomaly detection and classification of network traffic data based on autoencoding neural network for the above problems.The main research contents are as follows:(1)Aiming at the problem of large amount of network traffic data and poor anomaly detection performance,this paper proposes a network traffic data anomaly detection method combining Mahalanobis distance and autoencoder.Use the mean value and covariance matrix of the normal data in the training data set to calculate the reciprocal of the Mahalanobis distance of the data.Through the discrimination threshold,part of the normal data can be quickly identified to reduce the amount of training data;the reciprocal of the Mahalanobis distance is added to the characteristics of the data to improve abnormality detection performance.A multi-hidden-layer autoencoder neural network is proposed to improve the feature extraction capability of network traffic data;the autoencoder and the classifier are combined to avoid the risk of the network falling into a local optimum.Through experiments on CICIDS2017 and NSL-KDD data sets,the experimental results show that this method has better network traffic data anomaly detection effect than other methods.(2)In the network traffic data anomaly detection method combining Mahalanobis distance and autoencoder,the model construction is more complicated,and the unbalanced data set is not conducive to the training of the autoencoder neural network,so this paper proposes a network traffic data anomaly detection method based on the improved variational autoencoder neural network.An improved variational autoencoder with Mahalanobis distance metric is proposed to reconstruct and generate network traffic data with similar Mahalanobis distance,its feature extraction and data generation capabilities for network traffic data is beneficial to improve the anomaly detection performance.The variational autoencoder combined with the classifier is used to construct the variation autoencoder neural network,the construction of the model is relatively simple.In order to reduce the impact of the unbalanced data set,the weight of each item in the cross-entropy loss function of the self-encoding neural network is adjusted.Finally,through related experiments on the CICIDS2017 and NSL-KDD data sets,this method further improves the effect of network traffic data anomaly detection.(3)In order to reduce the impact of unbalanced data sets on network traffic data classification and improve the classification accuracy,this paper proposes a network traffic data classification method based on conditional variational autoencoder.The conditional variational autoencoder is used to generate specific category data to balance the training data set,so that the classification network can obtain a better training.Adding Mahalanobis distance to the data features is conducive to improving the performance of network traffic data classification.Construct a conditional variational autoencoder used to combine classification network,and its inference network is combined with classification network to construct a network traffic data classification model.Experimental verification was carried out on the CICIDS2017 and NSL-KDD data sets.The experimental results show that the classification model has a better classification effect on network traffic data than other methods.