Research On Network Abnormal Traffic Detection Method Based On Deep Transfer Learning

In recent years,network attacks become more and more frequent,and network security incidents break out one after another.Network traffic contains data-flow and control-flow information in network space,which can be used as a key basis to identify network attacks.For a long time,most researchers using traditional machine learning method and shallow deep learning method to detect abnormal network flow,but in the current network situation,this kind of method has the problem of low detection rate and high false positive rate,for the sake of accurate and effective detecting abnormal network flow,this paper puts forward the network anomaly traffic detection algorithm model based on Res Net-Bi GRU.Then,it is difficult to detect IPv6 abnormal network traffic because of the few domestic related research based on IPv6 anomaly detection and the difficulty of IPv6 data annotation.To solve this problem,this paper proposes a network abnormal traffic detection algorithm model based on deep domain adversarial transfer,applies the idea of transfer learning to IPv6 network traffic detection.The work of this paper mainly includes three aspects:First,in view of the uneven distribution of network traffic data and the problem of low detection rate of abnormal flow,this paper puts forward the network anomaly traffic detection algorithm model based on Res Net-Bi GRU.First,oversampling the data set using SMOTE algorithm,then add attention feature fusion(AFF)to strengthen the performance of convolution,afterwards using residual neural network(Res Net)and bidirectional gated recurrent neural network(Bi GRU)to explore the spatial feature and bidirectional scheduling of network traffic data set respectively.Experimental results show that the accuracy of the proposed model reaches 100% on NSL-KDD data set and92.23% on IPv4 data set.Compared with several deep neural network models,the proposed deep learning model is superior to other models in terms of accuracy and recall rate,which verifies the superiority and effectiveness of the model.Secondly,in view of the large amount of IPv6 network traffic data and the difficulty of annotation of data set,this paper designed a network anomaly detection algorithm model based on deep domain adversarial transfer.In the feature extraction stage of the algorithm,Res Net and Bi GRU are used to deeply extract network traffic features,then the adversarial training between feature extractor and domain classifier was realized through the gradient reversal layer.In the experimental stage,IPv4 data set is taken as the source domain and IPv6 data set as the target domain,then 54719 abnormal data are predicted in IPv6 data set which without abnormal fields.In order to verify the effectiveness of the algorithm in predicting new network attack modes,KDDTrain+ and KDDTest-21 in NSL-KDD dataset are used as source domain and target domain respectively for domain adversarial training.By comparing with several classical machine learning algorithms,the validity of the deep domain adversarial transfer anomaly detection algorithm is verified.Finally,the prototype system of network abnormal traffic detection is designed and implemented based on the deep domain adversarial transfer algorithm model.The system mainly realizes the user information management module and the traffic detection module,which focuses on the traffic detection module.The system determines whether the traffic is abnormal by the input IPv6 network data traffic information.If abnormal,the page will send an alarm.In the system test stage,this paper uses kdd＿cernet2v6 data set to test the system’s various functions.