Method, model and system for abnormal network traffic detection

Abstract

The present invention proposes a network abnormal traffic detection method, model and system optimized based on residual gated recurrent unit (Re-GRU) and integrated dynamic extreme learning (ELM). Firstly, the feature optimization method of Fisher Score and maximum information coefficient is established; secondly, the original GRU candidate hidden state activation function is changed to a non-saturated activation function, and the residual structure is introduced into the GRU candidate hidden state, so as to avoid the problem of gradient disappearance and make the network It is more sensitive to gradient changes and achieves the purpose of alleviating network degradation. Then the model is optimized and designed as a two-way residual GRU structure, which makes the model extract network traffic characteristics more superior; finally, a two-step game integrated dynamic ELM network traffic detection method is proposed, and the full connection layer and dropout layer are used to alleviate the overfitting problem and improve detection. Accuracy, output the detection result. The present invention builds an experimental simulation model and verifies effectiveness according to different parameter comparison results. Compared with traditional detection methods, the present invention has better detection effect and accuracy when detecting abnormal network traffic.

Description

technical field [0001] The invention belongs to the technical field of the Internet, and relates to a method for monitoring abnormal network traffic, a model, a method and a system for model training. Background technique [0002] With the rapid development of network technology, the network structure is becoming more and more complex, and the risk of network intrusion and abnormal traffic attacks is also increasing. How to identify various network intrusions has become a matter of great concern to people. The continuous increase and increase of network scale, network speed and intrusion types make intrusion detection technology face more and more challenges. Therefore, how to design a network intrusion detection method for complex network environments and future intelligence, while improving the detection accuracy of intrusion detection, reducing the false negative rate, and improving detection performance has become the core issue of concern in related fields. [0003] Ai...

AI Technical Summary

Problems solved by technology

However, ordinary cyclic neural networks will become unstable due to the problems of vanishing gradient (Vanishing Gradient) and gradient explosion (Exploding Gradient), so researchers propose a long short-term memory unit (Long Short Term Memory, LSTM) neural network to improve the above question

Although LSTM is indeed effective, its complicated threshold leads to unsatisfactory detection results, and the detection performance becomes worse and worse as the number of network layers increases

Among the existing methods, the Highway-Networks method can alleviate the degradation problem of the network, but this method will increase the amount of network parameters and time-consuming training

The SRU network that has received much attention in the past two years also includes a structure similar to Highway-Networks. At the same time, SRU discards the time parameters in the recurrent unit, so it can perform deeper network training while running fast, but in complex networks When testing in the environment, the problem of gradient disappearance still occurs

Furthermore, with the intermittent arrival of the data stream, the imbalance degree of the initial sample is difficult to be constant

In the current network traffic sample interval, there will also be severe label imbalance and imbalance deflection. However, it is difficult to guarantee the credibility of new samples by using neighborhood sample resampling and undersampling data processing methods, and new data information may lead to overfitting

Especially for multi-class label classification, decomposing the multi-classification problem into multiple binary classification problems will cause problems such as model redundancy and difficulty in calculation

If the relationship between the model and the data cannot be established, the classifier will be limited to multiple parameter categories, it will be difficult to obtain the optimal weight, and the stability of the model cannot be guaranteed

[0005] There are multiple types of sample labels in complex network traffic, while the traditional Recurrent Neural Network (RNN) is prone to gradient disappearance and network degradation problems during network anomaly detection, resulting in low detection accuracy and high false negative rate

Images