Research On Parallel Network Traffic Anomaly Detection Method Based On Deep Neural Network GRU

In the current large-scale complex network environment,network traffic anomaly detection has been one of the most active research branches in the field of network security.It can detect traffic data in the network and find abnormal network activities in time,so as to make early warning.It is the key technology to ensure network security.With the rapid development of information network technology,the types of networks are gradually diversified,and the scale of the network is also expanding.A huge challenge,how to improve the accuracy and efficiency of network traffic anomaly detection has become a hot research topic in this field.Therefore,the paper uses selflearning GRU(Gated Recurrent Unit)neural network and Spark technology to achieve high precision and high efficiency detection of network traffic anomalies.The main research work of this paper is as follows.Aiming at the network traffic data in large-scale and complex network environment is characterized by massive,multi-source and time-dependent characteristics,a parallel network traffic anomaly detection model and method based on GRU and Spark are proposed.The system model is hierarchically divided into network traffic data collection layer,network traffic data preprocessing layer,network traffic anomaly detection layer and application service layer.The core of network traffic anomaly detection layer is to design a parallel network traffic anomaly detection method based on GRU.This method uses GRU network as the detection model to learn the timedependent pattern of network traffic,and realizes the high-precision network traffic anomaly detection under the long-term dependence scenario.Moreover,the whole model greatly improves the efficiency of anomaly detection by virtue of the parallel advantages of Spark technology.Finally,based on the proposed model,the corresponding prototype system is implemented and its effectiveness is verified.Considering the individual differences between the parallel GRU training models,which will lead to the decrease of overall detection accuracy,an integrated learning algorithm Bagging is introduced to improve the parallel GRU network traffic anomaly detection method,and an improved parallel GRU network traffic anomaly detection method(PB-GRU)based on Bagging is proposed.The Bagging algorithm trains the GRU model by parallel fitting,and uses the model averaging method to reduce the mean square error between GRU training models,improve the generalization error,and the detection accuracy of integrated GRU detection model.The experimental results show that,compared with other common methods,the proposed method reduces the mean square error of the integrated detector to a very low level(0.0178),and has higher detection accuracy and efficiency.In view of the large amount of redundancy in network traffic characteristics and the complex and time-consuming process of GRU network parameter adjustment,a GA-based optimization method for GRU parallel network traffic anomaly detection(PG-GRU)was proposed.This method first uses genetic algorithm to select and reduce the input characteristics of traffic data,so as to reduce the burden of GRU detector.Then,the network parameters of GRU are automatically optimized by GA,and the optimal parameters are used to train a high-quality detection model to ensure the abnormal detection accuracy of network traffic.The experimental results show that compared with other common methods,the proposed method has greatly improved the accuracy and efficiency of network traffic anomaly detection.