Research On The Multi-Classification Algorithm For Security Data Based On Siamese Neural Network

With the use of artificial intelligence,cloud computing and other technologies by attackers,network security attack means are gradually showing the characteristics of intelligence,the types of attacks are changing endlessly,the characteristics of network attack and normal network activities are increasingly difficult to distinguish,the security situation of network space is increasingly serious.It is very important for the overall security defense to recognize the specific attack category of a single point in real time and accurately in the systematic attack behavior,especially the unknown category that the algorithm has never learned.At the same time,the high-quality black data used by security personnel for algorithm training has become more difficult to obtain with the evolution of attack methods and the development of personal privacy protection.Multi-classification algorithms for security data need more learning ability in a small sample environment.However,the existing security detection algorithms have many problems.Neither statistical analysis-based methods nor traditional feature-engineering-based machine learning algorithms nor neural network in-depth learning models are competent for real-time and efficient multi-classification of secure data in complex real-time network environments.Specifically,mature traditional machine learning algorithms can perform effective anomaly detection,but it is difficult to identify specific types of attacks.The in-depth learning model based on large-scale and high-quality training datasets can effectively carry out multi-classification tasks of secure data,but in the face of the new situation,the difficulties in acquiring attack samples,fast iteration of attack means,and so on,will expose many problems.Therefore,under the background of the complex network environment,this paper strives to design an algorithm which can recognize both existing and new unknown attack means effectively in a small sample environment,and have excellent ability to counteract class imbalance and resolve collapse problems in a complex real network environment.The main innovative work in this paper is as follows:Based on the security data multi-classification task goal and Siamese-architecture,an algorithm named Siam-BLA,which has the ability of security data multi-classification and unknown class recognition in a few-shot environment,is proposed.A series of modules,including input pairing algorithm,feature extraction structure,similarity measurement module,Siamese-multi-classification and unknown class recognition mechanism,are modified,adjusted and originally designed.The efficiency of multi-classification of Siamese-architecture has been greatly improved and excellent experimental results have been achieved.With 2000 samples per class,the algorithm can recognize all 16 DGA attack classes and white samples with 98%accuracy,some classes even reach 100%accuracy,and can effectively identify unknown classes.Based on the collapse phenomenon that the algorithm encounters in the complex network environment and the special class imbalance problem in the security scenario,this paper makes targeted adjustment and optimization,and puts forward the anti-collapse and anti-class imbalance scheme of Siam-BLA,which effectively alleviates the class imbalance problem and the influence of the anti-collapse phenomenon on the multi-classification effect of the algorithm.By Testing 10 million samples of real network nodes,the practicability of the algorithm is verified,and rate of false positives of the algorithm in the current network environment is reduced by 4%,which is controlled to about 1%.The security data multi-classification algorithm Siam-BLA based on siamese neural network proposed in this paper has the ability to accurately classify means of attack in few-shot environments,especially when the number of attack samples is small,and can effectively identify unknown classes.At the same time,in the complex network environment,the algorithm can effectively overcome the severe class imbalance and Siamese-structure restrictions,and greatly reduce the rate of false positives.