Research On Network Abnormal Traffic Classification Technology Based On Deep Learning

Active network attack has become the mainstream attack method,and active network intrusion detection firsts need to classify network traffic and identify abnormal traffic related to attack behavior.Compared with traditional machine learning methods,the network traffic classification method based on deep learning has higher efficiency and accuracy.This paper studies the network abnormal traffic classification technology based on deep learning.The main work and innovations are as follows:1)Aiming at the poor interpretability of existing network abnormal traffic classification models,a method of Stacked Convolutional Attention Network(STACON-ATTN)based on Self-attention mechanism and convolutional neural network(CNN)is proposed.Unlike the CNN classification,this method ensembles the Self-attentive mechanism in CNN networks,improves the interpretability of CNN,and enhances the network anomalous traffic classification.The proposed model is experimentally validated in the publicly available NSL-KDD dataset for binary and multi-classification,and the STACON-ATTN model is superior in accuracy,precision,and F1 score compared with ANN,Alert Net,Goog Le Net,and Res Net-50 models.2)To address the reality that there exists a large amount of unlabeled traffic data,the unsupervised learning approach leads to certain randomness of the output data,while supervised learning requires huge cost for data labeling,a Gated Recurrent Unit network(GRU)based Semi-supervised method(SEMI-GRU)is proposed.This paper introduce Semi-supervised loss,extract traffic time information features,and use a combination of supervised and Semi-supervised learning to achieve network abnormal traffic classification based on a multi-layer bi-directional GRU.It is evaluated on three publicly available datasets such as NSL-KDD,UNSW-NB15,and CIC-Bell-DNS-EXF-2021.Compared with traditional machine learning models and deep learning models such as DNN and ANN,the SEMI-GRU method outperforms in terms of accuracy,precision,recall,false alarm rate,and F1 score.3)To enhance the stability and robustness of the model,this paper propose an ensemble model for network anomaly traffic classification based on Bagging and Stacking integration strategies,respectively.Compared with the test results of individual model,this paper proposed integrated model have different degrees of improvement in accuracy,precision,recall,and F1 score,and reduce the false alarm rate.By comparing experiments on three public datasets under the experimental setting of this paper,the Bagging integration learning strategy is more applicable to the CIC-Bell-DNS-EXF-2021 dataset and the Stacking integration learning strategy is more applicable to the NSL-KDD dataset.