Research For Network Anomaly Detection Based On Deep Learning

With the continuous development of Internet technology,cyberspace resources are becoming an important information infrastructure of a country.However,cyberspace security is facing major challenges.Many lawbreakers use information technology to carry out cyber attacks against the interests of the country and the public in order to seek private interests..How to identify and stop the endless and ever-changing cyber attacks is both a national strategy and a social need.The primary task of this is to study effective network anomaly detection technologies.Anomaly detection technologies based on neural networks and deep learning are entering the vision of researcher.Most of these methods use network traffic or its feature set for anomaly detection,but there are also technical obstacles that limit the effectiveness of network anomaly detection.This article focuses on two aspects: first,how to rely on the original network traffic with temporal and spatial characteristics to improve the accuracy of anomaly detection;second,how to use the effective information provided by structurally missing data to ensure the network when the data used is incomplete Robustness of anomaly detection.Aiming at the above two problems,this paper designs two methods based on deep learning to apply to network anomaly detection.The main research contents and innovations of this paper are as follows:First,in order to make better use of the spatio-temporal features of network traffic data and the deep-level representation learning capabilities of deep learning,to achieve efficient and reliable network anomaly detection.This paper proposes a deep learning network anomaly detection model(DST-NAD)for network traffic.This article tries not to rely on the statistical characteristics of the network flow,but uses the raw byte data of the network flow to construct the network flow matrix as the input data of the deep learning network model.Reduce the complexity and workload of data preprocessing.The model uses the processed network flow matrix as the model input,and expands and amplifies the timing characteristics by delay embedding in the data packet dimension.After the network flow matrix is converted into a third-order tensor,the tensor neural network is used to perform multi-projection,and finally the convolutional neural network is used to deeply mine the internal information of the tensor after dimensionality reduction.Experiments and evaluations on two public data sets have confirmed the effectiveness of the DST-NAD model,which is superior to the existing methods in terms of comprehensive performance.Second,in order to solve some cases,there are certain structural missing data in the tensor data set of network anomaly detection,which affects the classification effect of the anomaly detection model.This paper proposes a network anomaly detection model for structural missing data(AMD-NN).This method does not simply delete and impute the original data,but extracts the data with non-missing subscripts in the original data,using tensor multi-projection method projects the structurally missing data to the common subspace,extracts multi-features,and then inputs it to the neural network for learning.Experiments and evaluations of the model were carried out on two data sets,which verified the usability of the AMD-NN algorithm.The performance of the model under different data missing rates can be more stable than the conventional filling method,and each evaluation index declines more slowly.