Research On Identification Of Malicious Network Traffic

With the popularity of the Internet,the network environment becomes more complex.In recent years,with the frequent occurrence of network attack events,network security issues have become prominent.As the main carrier of information transmission and interaction,network traffic can effectively perceive the current network situation.Therefore,it is important for maintaining network security to obtain effective information from network traffic,to identify malicious traffic,and to respond to the corresponding malicious behavior.However,with the expansion of data size and the development of network technology,problems such as uneven data distribution,high dimension of traffic characteristics,and difficult to identify after encryption arise in the identification of malicious traffic.To address these issues,the main work of this thesis is as follows:(1)To solve the problem of uneven data set,the SMOTE-ENN sampling method is used to process the data set and compare it with other sampling methods.The results show that the model trained by the processed dataset improves the average recall rate and the average F1 value index significantly,and the LGBM model improves by an average of 10%.It verifies that the sampling method can effectively improve the sensitivity of the model to malicious traffic classes.(2)To solve the problem of high data feature dimension,a method of combining multiple feature selection is presented,and the optimal subset is selected by soft voting.The experimental results show that the combination of multiple feature selection can effectively reduce the training time of the model and improve the recognition ability of the model.Compared with Random Forest,XGBoost mainstream machine learning model and other models mentioned in the literature,this model increased average recall rate and average F1 value by 6.6%,10.7%,and reduced training time by 33.7% compared with untreated LGBM model.(3)To solve the problem of identifying easily confused after traffic encryption,a malicious encrypted traffic identification model that combines one-dimensional Inception structure with Vi T is presented.Replace the two-dimensional convolution of Inception structure with onedimensional convolution,add a pooling operation to reduce the dimension of the data,and fuse the Vi T model with its multi-head attention to highlight important features,which further enhances the distinction of features to improve the model detection results.The results show that compared with seven variant models and eight other existing models,this model has the best recognition performance,reaches 99.42% in average recall rate and 99.39% in average F1 value,respectively,and has better discrimination in confusing malicious encryption traffic classification.