Research And System Construction Of Deep Learning Based Mechanism For Detecting Encryption And Abnormal Network Traffic

With the development of computer networks,a great many electronic devices are connected to the Internet,which makes the network scale expand continuously.And the computer network becomes an essential part of human life.Network traffic data,as a carrier of network information transmission,can be analyzed to fetch service types,sense abnormal behavior,detect malicious attacks,predict link bandwidth,and so on.Therefore,network traffic detection is one of the most important tasks in the network field and is a prerequisite for network resource management,cyberspace security,Qo S(Quality of Service),etc.Especially for cyberspace security,network traffic detection,as an effective way of network protection,can sense abnormal traffic in the network and provide important support for various tasks,which has long received extensive attention from scholars.However,traffic encryption,obfuscation,and anonymity technologies have become a common practice in the industry,which makes it difficult to perceive and manage traffic at the network level.After encryption and obfuscation,the traffic fingerprint,statistical characteristics,and traffic distribution of network traffic will change,which makes it increasingly difficult to achieve highspeed and accurate network traffic detection and identification.At the same time,various means of network attacks on the Internet have evolved,and a large number of new types of network attacks have appeared in cyberspace,which has a great impact on cyber security and privacy protection.There are many shortcomings in existing methods for the detection of unknown attacks,and much worse,malicious traffic is more likely to circumvent existing network anomaly detection systems with encryption and obfuscation techniques,posing a great threat to network security.This work focuses on network encrypted traffic classification and network malicious traffic detection,and the research includes the following aspects:(1)The TSCRNN model is proposed to address the problems of difficult feature extraction for encrypted traffic detection and poor real-time offline algorithms,which combine the temporal and spatial features of traffic to achieve the identification of traffic service types and automatic feature extraction using deep learning methods.In addition,we discuss the sampling strategies,which are used to collect samples from the middle of the long-lived flow.The experiments show that TSCRNN can efficiently identify encrypted traffic and anonymous traffic with the use of a small number of flow packets,whose performance outperforms other existing methods in multiple experimental scenario settings.(2)Our work studies network anomalous traffic detection,proposing a multi-level feature fusion model,MFFusion,which solves the problem of difficult model training in the case of network malicious traffic data imbalance.MFFusion extracts three different levels of traffic features to obtain more stable model performance and improve the detection rate of malicious traffic detection while reducing the false alarm rate.To address the data imbalance problem,we propose the Adaptive Balance Training(ABT)method,design the self-balancing loss function which named Attention Loss,and give the related mathematical analysis.Experiments show that MFFusion can train the model in the case of severely skewed data and obtain an excellent anomaly detection rate and false alarm rate,which outperforms other existing deep learning-based methods.In addition,this work also applies MFFusion to malicious traffic detection in Io T scenarios,and its performance reaches the application level.(3)The training of deep learning models relies heavily on labeled data,but the acquisition of labeled data is still a major challenge in the field of network traffic detection.To address this problem,we further investigate the use of unlabeled traffic data and discuss the application of unsupervised learning and semi-supervised learning methods in traffic detection.In this section,we propose the Sauce model,which combines Auto Encoder,clustering algorithms,and Self-training techniques to reduce the reliance on labeled data and utilize unlabeled data more efficiently during training by replacing labeled data with pseudo-labeling.(4)Based on the above research,the last part designs a deep learning-based encryption and abnormal traffic detection system,which achieves efficient identification of encrypted traffic and abnormal traffic.Besides,it simulates network attacks in LAN(Local Area Network),and real-time analysis and detection of abnormal traffic are achieved in the system.