| With the rapid development of Internet technology and the application of cloud computing,big data,artificial intelligence and other new network technologies,network traffic is increasing day by day,followed by the interweaving of traditional and new security issues.The increasingly severe security situation not only hinders the development of cyberspace,but also poses a great threat to economic operation,social development and national security.The report to the Party’s 20th National Congress states:"We must unswervingly implement the overall concept of national security,integrate the maintenance of national security into all aspects of the work of the Party and the state,and ensure national security and social stability." Therefore,accurately and efficiently identifying and preventing complex and changeable cyber attacks has become an urgent need to maintain social stability and safeguard national security in the information age.As an important means to maintain the security of the network space,network traffic anomaly detection can monitor,trace and analyze the suspicious traffic and behavior in the network in real time,and then identify the attack behavior in the network timely and accurately,and implement the corresponding blocking measures.In recent years,as deep learning has gained prominence in fields such as text and image processing,researchers have begun to try to apply it to anomaly detection on the web.Deep learning overcomes the traditional shallow learning methods that rely too much on prior knowledge and can realize end-to-end detection.Therefore,it has gradually become a mainstream detection method.In this paper,the deep learning method is used to explore the problems of network anomaly detection,focusing on the construction of the traffic detection model and the recognition of traffic characteristics,to contribute to the construction of our network security environment and the implementation of the strategy of network power.The main contributions of this paper are as follows:(1)To address the problems of over-complexity and low recognition accuracy of existing models,a supervised traffic anomaly detection model DSCNA(Depthwise Separable Convolution Network in Network Attention)based on depthwise separable convolutional network in network and attention mechanism is proposed.The model uses depthwise separable convolution instead of traditional convolutional networks,which greatly reduces the number of parameters required for the model.The channel-space attention module is inserted into the model to further extract refined features,and achieves a lightweight model while ensuring recognition accuracy.The effectiveness of the proposed model is confirmed by a series of experiments and evaluations on two publicly available datasets.(2)Aiming at the problems of high dependence of existing models on data labels and the tendency to ignore key information during feature extraction,an unsupervised traffic anomaly detection model,Stacked Denoising Autoencoder Gaussian Mixture Models(SDAE-GMM),is proposed,which prevents overfitting by Stacked Denoising Autoencoder adds noise to prevent the phenomenon of overfitting,while combining the feature dimension reduction of Stacked Denoising Autoencoder with the density estimation process of Gaussian Mixture Models to improve the feature learning capability and robustness of the model based on unsupervised learning,further enhancing the generalization and applicability of the model.(3)In order to further verify the practicability of the proposed method and promote the practical application of the deep learning model in the field of network security,a network traffic anomaly detection system is designed and implemented.After the requirements analysis and architecture design,the constitution and implementation of each module of the system are described in detail,and the test results of the system are visually displayed.The system can effectively detect abnormal behaviors in the network and help security personnel to grasp the current network situation. |
PDF Full Text Request