Research On Network Traffic Anomaly Detection Method Based On Dcgan And Transformer

With the rapid development of information technology,smart devices have penetrated into people’s daily life,which has greatly improved people’s life quality and office efficiency.The Internet brings great convenience at the same time there are also many potential safety problems,some criminals use loopholes in the network transmission process or virus software to carry out network attacks for their own interests,which seriously endangers the interests of the country and the people.Abnormal traffic tends to exhibit certain abnormal traffic characteristics.Therefore,establishing effective network traffic detection mechanism is an important means to ensure network security.This thesis conducts an intensive study on how to accurately detect abnormal network traffic,the main research contents include the following two aspects:(1)A network traffic anomaly detection model Trans-M based on improved Transformer is proposed.The Transformer model is better at dealing with long-term dependencies between sequence elements,but relatively weak in local feature information perception.Therefore,In order to detect network traffic anomaly information more efficiently.Trans-M uses the dilated convolution with different dilation rates to increase the receptive field area.and uses the Patch segmentation algorithm based on SoftPool to process the features from different regions.Thus,the Patch segmentation quality is improved and a more expressive Patch embedding representation is obtained.Considering the information loss after Patch segmentation.Trans-M fuses the patches of different receptive fields through the multi-receptive field fusion algorithm based on Encoder to effectively extract the local feature information in the data.and combine it with the global information-dependent modeling capability of the Transformer model to improve the information extraction ability of global and local features.In order to optimize the model structure and reduce the number of parameters,this thesis removes the decoder part of the Transformer model.The experimental results on different datasets show that the Trans-M model performs better in terms of overall performance than other models.(2)When the number of samples in different classes of network traffic data is unbalanced,the anomaly detection model may not be able to fully learn the features of the minority class samples,which may lead to the model’s poor performance in handling the minority class samples.To address the above problems,a class balancing model RM-DDCG based on improved DCGAN is proposed.The class balancing model is applied to the unbalanced dataset before anomaly detection.Firstly,considering that DCGAN is susceptible to interference and overfitting,a random mask block based on Bernoulli distribution is used to increase the randomness and diversity of the data.The random mask blocks are inserted into the generative and discriminative networks,thus improving the generalization ability and robustness of the whole RM-DDCG model.Secondly,considering that the single discriminant network may lead to problems such as training instability and mode collapse.In this thesis,a dual adversarial discriminative network as the discriminative network of the RM-DDCG,so that the improved model can distinguish real data and generated data more effectively and further improve the classification performance and stability.The experimental data show that the RM-DDCG model not only improves the network traffic anomaly detection indicators,but also performs better than other class balance models.(3)With the network traffic anomaly detection model proposed in this thesis as the core,a network traffic anomaly detection system based on the combination of DCGAN and Transformer is designed and implemented.