Research On Malicious Traffic Detection Based On Deep Learning

With the rapid development of the Internet,individual users,corporate users,and even national key industries face various network attacks,and there are substantial hidden dangers in cyberspace security.Malicious traffic detection is an essential prerequisite for preventing network attacks and has been a research hotspot in network security.Traditional malicious traffic detection methods suffer from the shortcomings of requiring feature engineering,low efficiency,and low accuracy,while deep learning has excellent feature learning capability.Therefore,it is essential to study deep learning-based malicious traffic detection methods to improve the accuracy of malicious traffic identification and enhance network security performance.This thesis takes malicious traffic carrying network attacks as the research object and proposes a series of malicious traffic detection methods based on deep learning theory.Firstly,a malicious traffic classification method based on an indefinitely long convolutional neural network is proposed for the problem that truncation or zero-fill operation will lose valid information or adulterate invalid information to improve the detection accuracy.Second,to address the problem that CNN training relies on a large amount of data and new attacks are difficult to collect a large number of samples quickly,this thesis further proposes a transfer learning-based classification method for few-shot malicious traffic,which can achieve the effect of accurate classification of few-shot malicious traffic in a few-shot scenario.Then,to further reduce the algorithm complexity of the malicious traffic classification model,this thesis improves the model with channel splitting and designs and implements a malicious traffic classification system.The main research contributions are summarized as follows:1.In this thesis,a convolutional neural network with indefinite length input is designed by taking advantage of the property that the convolutional layer has no fixed length requirement for the feature vector.At the same time,to meet the requirement of fixed-length vectors in the fully connected layer,the indefinite vectors are transformed into fixed-length vectors by global average pooling in the network and finally achieve accurate classification of indefinite network traffic.In addition,multiple convolutional kernels of different sizes are designed in the convolutional layer of the network for the model to learn better features that are conducive to differentiation.The model is finally experimented with using the CICIDS-2017 dataset.The experiments verify the validity of the indefinite length input,and the model can finally achieve99.92% accuracy,which is 1.14‰ better than the state-of-the-art method using the same data set.2.In this thesis,a small-sample malicious traffic classification method is designed using migration learning.The mapping relationship between network traffic feature representation and classification weights is transferred using a weight learner,and fine-tuning of the model classification weights can be done with only a small number of samples in the fine-tuning step to achieve better performance of the model.Finally,while maintaining the accuracy of the original malicious traffic classification,we complete the classification of few-shot malicious traffic for the new categories.Moreover,the classification accuracy of small sample malicious traffic can reach 89.52%,improving the accuracy of 8.40% compared with the method using the same dataset.3.Based on reducing the model complexity,this thesis further improves the malicious traffic classification model and designs and implements a malicious traffic classification system.By adding channel splitting to the traffic classification model,the complexity of the model is reduced.The experimental results prove that improving the traffic classification model can reduce the training time and prediction time of the model by 6%.Meanwhile,to classify malicious traffic more efficiently and intelligently,the system uses an infinitely long convolutional neural network to classify malicious traffic of known categories.It can quickly complete the update iteration of the model when facing the addition of new categories with a small number of samples,improving the system’s adaptability to complex network environments.