Font Size: a A A

Research And Application Of Abnormal Traffic Mining Algorithm In Encrypted Traffic Environment

Posted on:2024-08-27Degree:MasterType:Thesis
Country:ChinaCandidate:W T HongFull Text:PDF
GTID:2558307100988859Subject:Electronic information
Abstract/Summary:
Abnormal traffic detection is an important strategy for maintaining network security and stability.In order to improve the performance of abnormal network traffic detection in the encrypted traffic environment,this paper conducts research from the perspectives of abnormal network traffic detection model improvement and unbalanced learning,and proposes an abnormal traffic detection algorithm based on token learning.On this basis,two models are used to improve the loss function,and two abnormal traffic detection algorithms are proposed to deal with unbalanced data,The effectiveness of the proposed algorithm was verified through experimental analysis and practical application systems.The main research work and achievements include:1.A representation learning based anomaly traffic detection algorithm CBS suitable for encrypted traffic environments is proposed.This algorithm uses representation learning to extract features,and based on a parallel model of 1DCNN and Bi GRU,introduces an adaptive normalization layer to improve training and convergence speed,thereby effectively improving the detection efficiency of abnormal traffic in encrypted traffic environments.The experimental results on the USTC-TFC2016 and CICIDS2017 datasets show that the proposed algorithm has certain improvements in classification recognition accuracy,training,and convergence speed,and significantly improves detection efficiency compared to other normalization methods.2.In response to the two phenomena of imbalanced overall categories and extremely imbalanced individual categories of data,the anomaly traffic detection algorithm QP-CE based on quantity proportion cost coefficient and the anomaly traffic detection algorithm MP-CE based on misclassification proportion cost coefficient are proposed.Among them,the QP-CE algorithm gives weight to the loss function based on the proportion of traffic of each category in each batch as the cost coefficient to solve the impact of the imbalance of the overall category data.The MP-CE algorithm gives weight to the loss function based on the cost coefficient of the proportion of traffic classification errors of each class in each batch,which solves the problem of low classification accuracy of some difficult classification classes.The experimental results on the USTC-TFC2016 and CICIDS2017 datasets show that both proposed algorithms can effectively alleviate the impact of data imbalance.The QP-CE algorithm can effectively improve the classification and recognition accuracy in cases of overall category imbalance,while the MP-CE algorithm can better improve the classification and recognition accuracy in cases of extremely imbalanced individual categories of data.3.Based on the proposed anomaly traffic detection algorithm,a anomaly traffic detection system suitable for encrypted traffic environments has been designed and implemented.The system adopts technologies such as Kafka to achieve core functions such as traffic capture,data processing,traffic detection,online event analysis,and offline file detection.Tests have shown that the system can effectively detect and identify online and offline abnormal traffic in encrypted traffic environments,and can monitor network traffic in real-time through various visualization methods,verifying the availability of the proposed algorithm.
Keywords/Search Tags:Abnormal traffic detection, Classification of encrypted traffic, Unbalanced learning, Cost matrix, Kafka
Related items