Research On Network Abnormal Traffic Detection System Based On Machine Learning

The rapid development of network technology and its deep integration with human society in modern society have brought new risks and challenges to cyberspace security while bringing convenience to human life.As an effective active defense technology,machine learning-based network anomaly traffic detection technology is of great significance in maintaining cyberspace security.At present,research on abnormal traffic detection using machine learning algorithms generally suffers from the problems of difficult feature design and extraction and single type of extracted features,while the problem of data set balance is not fully considered in machine learning modeling,leading to poor model effects in practical applications.In addition,the researcher’s expertise is relied on in model hyperparameter setting,which cannot guarantee to find the optimal hyperparameter combination,thus limiting the performance of the model.To solve the above problems,this study designs three different algorithms: data augmentation,hyperparameter optimization and feature extraction,and combines them organically for implementing the network anomaly traffic detection task.The main research works and innovations of this study are as follows:(1)A Traffic-CGAN based network traffic data enhancement algorithm is proposed.The algorithm utilizes the undersampling technique and Traffic-GGAN-based traffic sample generation technique to construct a new set of balanced dataset based on the original dataset.The experimental results show that the classification accuracy of various machine learning models obtained by modeling on the dataset constructed using Traffic-CGAN is significantly higher than that of the original dataset,and also outperforms the oversampling techniques such as random oversampling and synthetic minority oversampling.(2)A hyperparameter optimization algorithm based on PEPSO is proposed.In this study,the PSO algorithm is firstly improved by using the principle of population evolution,and the PEPSO algorithm is proposed to overcome the disadvantages of slow convergence and easy to fall into local optima of the PSO algorithm.Then based on the PEPSO algorithm,the hyperparameter optimization algorithm is further designed to automatically optimize the specific hyperparameters of the machine learning model,which reduces the workload of manual testing.The experimental results show that the PEPSO algorithm is significantly better than the PSO algorithm in terms of solution speed and is less likely to fall into local optima.The MLP and 1D-CNN models optimized by the PEPSO-based hyperparameter optimization algorithm also improve the accuracy by 0.31% and 0.52%,respectively.(3)A network anomaly traffic detection algorithm based on spatio-temporal feature fusion is proposed.In the temporal feature extraction part,location coding and multi-head attention mechanism are used to extract important temporal information from traffic data.In the spatial structure feature extraction part,the original traffic data are downscaled by an encoder,and then fed into a parallel structured 1D-CNN model to extract features,and the SE attention mechanism is used to assign weight coefficients to each feature value.Finally,the obtained spatio-temporal features are fed into the softmax function in a weighted fusion manner for classification.The experimental results show that the proposed algorithm is higher than similar algorithms in terms of detection accuracy and other evaluation indexes,where the accuracy rate reaches 99.02%.