Deep Learning For Abnormal Network Traffic Detection

With the development of Internet of Things technology and communication technology,hardware and software facilities have grown rapidly.People are more and more used to communicating on the Internet,and they enjoy the convenient living that brought by network services,application software,website applications and other platforms all the time.However,hidden security risks in the network always threaten people's information security.Although people have proposed various protection mechanisms such as resource permission,encryption,or identity authentication in order to protect network security,attackers can always destroy network systems by illegal means and obtain the important information for users.Therefore,abnormal network traffic detection is very necessary as an additional protection method.Abnormal network traffic detection relies on the collection,filtering and analysis of traffic data at different times.Establishing a detection model for the interaction of these data can better understand the structure and dynamics of the network.In the past,time series anomaly detection based on deep learning was mainly modeled through spatial features or temporal features.Recently,in order to make better use of temporal and spatial features,a C?LSTM network structure model has emerged.This model first extracted spatial features through CNN,and then connected LSTM to extract temporal features.However,due to the structure stacking,the time features may be affected by the convolution operation,which makes the time dependence lost,and ultimately causes the LSTM to be unable to extract most of the time features in the time series;At the same time,the existing deep learning algorithms only analyzed the entire time series data to obtain the overall category,but cannot determine the category of the flow data corresponding to each time point in the time series.In response to the above two problems,this article proposes an improvement plan,the main innovative work is as follows:(1)As the existing series structure model destroys the time feature,the model expression ability is not strong,which affects the precision of abnormal flow recognition.We proposed a neural network model in this paper which is based on the parallel-series structure of a 2D?CNN,LSTM,1D?CNN and DNN.The model completes anomaly detection of network traffic by learning features at different levels of granularity.The parallel structure model is used in many research fields,but it is rarely mentioned in the anomaly detection task.In addition,this paper adds a 1D?CNN structure on the basis of the parallel structure of CNN and LSTM to further extract the local and global features of space-time features,so as to improve the expressive ability of the model.Moreover,the 1D?CNN has fewer model parameters,which will not increase the additional training burden or reduce the training speed.This paper verifies the feasibility and superiority of the method through the public data set.(2)Aiming at the problem that the existing anomaly detection methods cannot detect abnormal data points,we proposed a traffic anomaly detection method based on a fully convolutional neural network.We first convert the time series into grayscale images,put the abnormal pixels in the images as detection targets and take the normal pixels as the background to manually design the label set.Turn anomaly detection problems into target detection problems.Next,we classify the pixels in the grayscale image through a fully convolutional neural network to detect which pixel is normal and which is abnormal.Finally,through the deconvolution operation,the output classification results are restored into pictures.The restored grayscale image can not only determine the location of abnormal data points,but also determine what kind of attacks exist in the network according to the distribution of abnormal points.