Research On Abnormal Traffic Detection Method Based On EHHO And GRU Neural Networ

In recent years,as networks continue to grow,the proliferation of network traffic has become a common problem.This traffic is often characterised by high density and high volume,which has a major impact on the performance of anomalous network traffic detection systems.At the same time,with the rapid growth of network traffic,the network traffic contains more and more characteristic information.The excessive redundant features contained in the network traffic will greatly increase the computational cost of the algorithm.Therefore,how to identify the important features in network traffic to improve the performance of anomalous network traffic detection systems has become a hot issue in current research.Therefore,this thesis proposes a new anomalous network traffic detection method,which is based on the improved Harris Hawk Optimisation and GRU neural network.Firstly,an EHHO with improved random jump distance,escape energy function and a new fitness function is designed for feature selection,which can more easily identify redundant features in network traffic and select the optimal feature subset.The featureselected dataset is then subjected to anomaly detection using a GRU neural network.After experimental testing,this algorithm not only reduces the feature dimensionality in the network traffic dataset,but also improves the performance of the anomaly detection system.The algorithm was tested on three public network traffic datasets(UNSW-NB15,NSL-KDD and CICIDS2018 datasets)and compared to the GRU neural network without feature selection,the feature dimensionality was reduced to 14%,50% and 12.5%,respectively,and the binary classification accuracy was improved by 4.17% and 16.18%.The rest of the metrics and the results of the multi-classification experiments also showed significant improvements.In summary,the anomalous network traffic detection method proposed in this thesis not only successfully reduces the computational cost,but also significantly improves the performance of the detection system.Experiments show that it can effectively identify redundant features in network traffic and select the optimal subset of features for anomalous traffic detection tasks.