Research And Implementation Of A Semi-supervised Deep Learning Method For Malicious Traffic Identification

With the rapid development of communication and network technology,network traffic has shown explosive growth,and among these network traffic is often mixed with malicious traffic that threatens network security,how to timely detect and deal with potential malicious traffic has become an important goal to achieve network security in the Internet era.In recent years,the application of machine learning to malicious traffic identification has gradually become a research hotspot,but most of the existing machine learning-based malicious traffic detection methods use a large amount of tagged data for model training,i.e.the use of supervised machine learning methods to achieve the detection and identification of malicious traffic.However,labeling traffic data item by item is very costly and labor-intensive,and most of the labeled public datasets are very limited in size,making the trained models prone to overfitting and often underperforming in real-world network scenarios.At the same time,as more and more unknown attacks emerge,the original models need to be updated frequently to accommodate the detection of unknown attacks.In contrast,if unsupervised learning recognition methods are used,the lack of labelling data leads to the inability of the model to identify the specific type of attack application.Based on the above description,this paper proposes a semi-supervised deep learning approach to detect and identify malicious traffic.Firstly,a semi-supervised CNN and SAE model based on semi-supervised deep learning is designed,and a combination of pre-training and re-training is used to obtain a malicious traffic identification model based on semi-supervised deep learning by first pre-training with a large number of unlabelled datasets and then re-training with a small number of labelled datasets.Compared with the traditional AE model,the semi-supervised SAE model uses a random deactivation technique in the fully connected layer to avoid the overfitting phenomenon.Then the datasets IMTH2019 and CIC-IDS2017 were pre-processed respectively to obtain training and test datasets that meet the experimental requirements of this paper,and the pre-processed datasets were input to the semi-supervised model SAE for classification and recognition experiments,and compared with the semi-supervised model CNN for experiments,and finally found that the semi-supervised SAE model is more effective in traffic recognition,especially malicious traffic It is found that the semi-supervised SAE model has better performance than other semi-supervised learning models in the field of traffic identification,especially malicious traffic identification.Finally,based on the optimisation of algorithms and models,a malicious traffic monitoring system is designed to detect and alert malicious traffic that may occur in network traffic at any time.The system is equipped with the main functions of data collection,data analysis,traffic identification and data processing,and has developed a visual data display and alerting page.The performance testing of the system verifies that the system meets the design requirements and further validates that the algorithms and models proposed in this paper have strong practical value.