Multi-model Combination For Network Traffic Anomaly Detection

As an important means to ensure network security,network traffic anomaly detection is a hotspot in the field of network security.Most of the existing detection methods use machine learning to detect network traffic anomalies,but the traditional machine learning algorithms need to design features manually,which will lead to very high labor costs in the current big data environment.Because of its strong representation ability,deep learning can automatically extract features from massive and complex network data.This paper analyzes the methods of network traffic anomaly detection and deep learning,and studies the method of network traffic anomaly detection based on the multi-model combination.The main research contents of this paper are as follows:Aiming at the problem of low accuracy caused by the single network traffic feature extracted by a deep neural network,a hybrid feature extraction model based on the residual neural network and the bi-directional gated recurrent unit is proposed.The model can use a residual neural network to extract the spatial feature of network traffic data,use the bi-directional gated recurrent unit to extract temporal features of network traffic data,and mix the two features at the same time to enhance the expression ability of network traffic.The experimental results on various datasets show that the hybrid feature extraction model based on a residual neural network and the bi-directional gated recurrent unit is superior to the single deep learning method and machine learning method in performance.Aiming at the problem of partial information loss caused by cutting the traffic when the original traffic data,a multi-information fusion model based on a convolutional neural network and an autoencoder is proposed.The model uses a convolutional neural network to extract features directly from the original traffic data,uses an autoencoder to encode the statistical features extracted from the original traffic data,and the statistical features are used to supplement the information loss caused by clipping.These two features form a new comprehensive feature of network traffic.The combined new feature has the load information in the original traffic data and the global information of the original traffic data obtained from the statistical features,so it can more completely express the information contained in the network traffic.The experimental results show that the accuracy of network traffic anomaly detection based on this model can exceed that of the classical machine learning method.