Research On Network Abnormal Traffic Detection Technology Based On Deep Reinforcement Learning

In recent years,the network has developed in the direction of high speed and diversification,which has also driven the development of network applications in the direction of diversification.Due to the expansion of the network scale and the increase in the number of netizens,the activities of network attacks have increased significantly.Existing network attacks are good at hiding and disguising,and the detection capabilities of traditional methods such as signature-based detection,host-based detection,and network-based detection have failed,while network abnormal traffic detection technology,as one of the most effective security protection technologies,can effectively detect attack activities,and is also the main direction of current research.This thesis conducts research on the problems of unbalanced datasets,real-time detection,and resource consumption due to repeated training of complex models,as follows:1.A dataset generation method based on generative adversarial deep convolutional network is proposed to address the problem of low accuracy of malware traffic caused by unbalanced datasets.The method first performs data preprocessing to remove redundant features in the original traffic data,and then optimizes the preprocessed data and detects and classifies it through a generative adversarial deep convolutional network.The experimental results show that the method can effectively improve the F1-Score of Neris and Virut of malware traffic while improving the overall accuracy.2.Aiming at the difficulty of real-time online detection of complex models,a network abnormal traffic detection method based on semi-supervised deep reinforcement learning is proposed.In this method,the current network uses an autoencoder-deep neural network,the target network uses a deep neural network,and a greedy strategy algorithm is used to calculate the action at the maximum Q value.At the next moment,you only need to input the traffic features,predict its label through the K-means algorithm,then predict its Q value through the target network,and finally calculate the target Q value with the reward value and discount factor.The experimental results show that the method can also effectively detect in the environment where there are unknown attacks,and can meet the needs of real-time detection.3.Aiming at the problem of resource consumption caused by repeated training of complex models in a new attack environment,an abnormal traffic detection method based on deep transfer reinforcement learning is proposed.This method transfers the adversarial environment dueling double deep Q-network model parameters trained in the reinforcement learning stage to the fine-tuning stage,and implements fine-tuning of the target model.The experimental results show that the method can effectively reduce the model training and prediction time.In summary,this thesis first proposes a generative adversarial deep convolutional network solution for the data imbalance problem,and based on this,a semi-supervised deep reinforcement model for real-time online detection is proposed.Finally,in order to deal with the problem that the real-time detection model needs to be repeatedly trained in different attack environments,a deep transfer reinforcement learning model is proposed combined with the fine-tuning idea.