Research On Network Traffic Anomaly Detection Methods Based On Deep Learning

The popularity of mobile Internet is accompanied by a large number of network security issues,many new types of network attacks emerge in endlessly,and network crisis events occur frequently.China's Internet security situation is still grim.How to deal with network attacks and ensure network security is one of the issues we need to study urgently.In the face of the ever-changing attack methods,traditional network traffic anomaly detection methods no longer applicable to the current network environment.Traditional network traffic anomaly detection methods rely too much on the manual selection of features,which lack self-adaptability and have low accuracy in the face of new types of anomaly.And when in the face of massive high-dimensional traffic data,it is difficult to for them to effectively extract the key features to meet the real-time detection requirements of the system.By the way,network traffic data mostly have the problem of unbalanced distribution between classes,making the model detection effect has a large bias,and the detection effect is poor for class with a small number of samples.In recent years,deep learning has become an effective scheme for network traffic anomaly detection because of its excellent performance in processing complex and large-scale data and extracting the inherent characteristics of traffic data.To address the shortcomings of existing network traffic anomaly detection models,such as difficulty in handling massive and high-dimensional imbalance data,high false alarm rate and leakage rate,and poor real-time detection,a series of deep learning-based network traffic anomaly detection methods are proposed in this paper,and the main contributions include the following:(1)This paper proposes a traffic data feature extraction method based on deep learning theory using Stacked Sparse Autoencoder(SSAE).SSAE is used to realize the nonlinear mapping from high-dimensional features to low dimensional features of network traffic,which is suitable for high-dimensional feature classification task in massive data environment.The experimental results on the UNSW-NB15 dataset show that the optimized SSAE can effectively reduce the data dimensionality without losing the amount of information among the original traffic data,and reduce the resource consumption while maintaining a high detection rate of the classifier.(2)To address the problem of unbalanced distribution of network traffic datasets,this paper uses Synthetic Minority Oversampling Technique(SMOTE)to process the original traffic datasets and adjust the distribution balance of traffic data sets between classes.The experimental results show that using SMOTE to oversample the training data can effectively improve the F1-score of the network traffic anomaly detection model,which means the precision and recall of the model have reached a good balance,and also can reduce the FNR of the model.(3)This paper also integrates attention mechanism into deep learning network,and proposes a network traffic anomaly detection model based on multi-layer attention mechanism.The results on the experimental dataset show that the detection accuracy of the model is as high as 98.68% and the false alarm rate is only 1.32%,both of which exceed similar methods.Finally,the effectiveness of the multilayer attention mechanism on traffic feature selection is visually demonstrated through visualization,which helps future work on network traffic feature selection.