基于深度学习的通信网络异常流量快速识别
Rapid Recognition of Abnormal Traffic in the Communication Network Based on Deep Learning
祝荣华 1周玲军1
作者信息
- 1. 华南农业大学珠江学院,广东 广州 510900
- 折叠
摘要
通信网络中的异常流量种类繁多,包括各种类型的攻击、恶意行为等,并且具有非常复杂、高层次的抽象特征,无法捕捉其中的局部异常行为,使得识别异常流量的效率较低.为此,引入卷积神经网络,提出基于深度学习的通信网络异常流量快速识别方法.采用Wire-shark 工具,获取并融合网络流量数据,利用加权平均滤波方法,对其均衡化处理,选取深度学习中的卷积神经网络Convolutional Neural Network,CNN)作为异常流量特征提取算法,在卷积层中,输入网络流量数据中的局部特征,实现对异常流量特征提取.计算异常流量特征的整体相似度,设定异常流量阈值,通过通信网络中流量的异常概率实现对异常流量快速识别.实验结果表明,所提算法应用下的召回率最高达0.96,在200byte数据量的情况下,识别延时仅为9.2ms,为快速识别和处理异常流量的应用场景提供有效的支持.
Abstract
There are many kinds of abnormal traffic in the communication network,including various types of attacks,malicious behaviors,etc.,and has very complex and high-level abstract characteristics,which cannot capture the local abnormal behavior,making the efficiency of iden-tifying abnormal traffic low.Therefore,the convolutional neural network is introduced to pro-pose a fast identification method of abnormal traffic in the communication network based on deep learning.Using Wireshark tool to obtain and fuse network traffic data,using the weighted average filtering method,select the convolution neural network Convolutional Neural Net-work,CNN)as the abnormal flow feature extraction algorithm,input the local features in the convolution layer,realize the abnormal flow feature extraction.The overall similarity of the ab-normal traffic characteristics is calculated,the abnormal traffic threshold is set,and the abnormal traffic is recognized quickly through the abnormal probability of the traffic in the communica-tion network.The experimental results show that the recall rate of the proposed algorithm is up to 0.96,and in the case of 200 byte data,the identification delay is only 9.2ms,which provides effective support for the application scenario of quickly identifying and processing abnormal flow.
关键词
卷积神经网络/通信网络/特征提取/异常流量识别Key words
convolutional neural network/communication network/feature extraction/abnormal traffic identification引用本文复制引用
出版年
2024
NETL
NSTL
万方数据