Research On Network Traffic Classification And Intrusion Detection Based On Deep Learning Methods

The Network Intrusion Detection System can detect suspicious network attacks and adopt a series of measures to protect network security to reduce user losses.Network traffic classification is the focus of the network intrusion detection task.It can judge the collected network traffic data and detect the traffic with attack behavior.Therefore,network traffic classification and intrusion detection are essential to protect network security.In recent years,with the emergence and development of machine learning and deep learning technologies,the effects of network traffic classification and intrusion detection have also been improved.However,the current traffic classification detection methods based on machine learning or deep learning still have problems such as poor classification and detection effects caused by the loss or damage of the original information of the flow data,poor classification effects of encrypted traffic,and unstable performance in different network traffic environments.Aiming at these problems in network traffic classification and intrusion detection and its research status,this paper proposes a more effective network traffic classification detection model and algorithm.The research work of this article mainly includes the following aspects:(1)Aiming at the problem of poor network traffic classification and intrusion detection effects caused by the loss or damage of the original information of the traffic data in the existing methods,this paper proposes a deep learning model that combines DAE,CNN and LSTM,called a hierarchical network model based on DAE-CNN-LSTM.On the one hand,an important feature of DAE for feature extraction is that it has the ability to reduce noise,so it can reduce the impact of the loss or damage of the original information of the flow data on the flow classification detection results.On the other hand,the model uses CNN and LSTM networks to extract the spatial and temporal features of the traffic data at the same time,so it can get richer flow information.Adding Gaussian noise to the flow data simulates the lack of original information.When the noise level is large(?=0.6),the flow classification accuracy of this model is about 16%higher than the existing CNN+LSTM model.(2)Aiming at the problems of poor classification effects of encrypted traffic and unstable performance in different network traffic environments in the existing methods,this paper proposes an algorithm model called a deep parallel neural network.In the process of deep learning,CNN model,LSTM model,CNN+LSTM model and a hierarchical network model based on DAE-CNN-LSTM are used respectively to adapt to different network traffic environments.The network traffic data are input into these four models respectively,among which the model with the highest accuracy rate is considered as the model most suitable for the current traffic environment,and this model will be the final saved model.Therefore,the deep parallel neural network model has the ability to adapt to different network traffic environments and can maintain good performance in different network traffic environments.In addition,because the deep parallel neural network model can automatically learn from the original traffic data without manual intervention and provide private information,this model is also effective in classifying and detecting encrypted traffic.