恶意流量检测模型设计与实现
Design and Implementation of Malicious Traffic Detection Model
屠晓涵 1张传浩 1刘孟然2
作者信息
- 1. 郑州警察学院网络安全与智慧警务学院,郑州 450053
- 2. 北京铁路公安局天津公安处,天津 300100
- 折叠
摘要
随着网络攻击手段的日益精进和多样化,传统安全防护面临准确识别恶意流量困难的挑战.文章针对恶意流量检测中常见的无效特征众多、数据不平衡以及攻击手段复杂化等问题,开发了一种较高效的检测方法.首先,文章提出一种数据清洗和均衡化方法,能够提升流量特征数据的质量和有效性;然后,文章结合简单循环神经网络(Recurrent Neural Network,RNN)与多头注意力机制,使检测模型能够更精确处理序列数据,有效捕捉和识别各类信息及其依赖关系,大幅提升特征提取的准确度;最后,文章利用集成学习、深度学习和机器学习的优势,使检测模型能够在有限的样本上高效学习,并快速适应不同的网络特征.实验结果表明,该方法在多个公共数据集上展现了较好的检测性能.
Abstract
With the increasing sophistication and diversification of cyber attack methods,traditional security defenses face a significant challenge in accurately identifying malicious traffic.This study addresses common issues in malicious traffic detection,such as numerous ineffective features,data imbalance,and the complexity of attack methods,by developing an efficient detection method.The main contributions include:proposing a data cleansing and Firstly,this paper balancing technique to effectively enhance the quality of traffic feature data;Secondly,innovatively the combination of a simple recurrent neural network with a multi-head attention mechanism,enabled proposed the detection model to precisely handle sequential data,effectively captured and identified various types of information and their dependencies,thereby significantly improved the accuracy of feature extraction;Finaly,the advantages of ensemble learning,deep learning,and machine learned to enable the detection model to efficiently learn from limited samples and quickly adapt to different network characteristics.Through experimental validation,this method demonstrates prominent detection performance on multiple public datasets.
关键词
恶意流量检测/RNN/特征提取/集成学习Key words
malicious traffic detection/RNN/feature extraction/ensemble learning引用本文复制引用
基金项目
中央高校基本科研业务费专项(2022TJJBKY002)
中央高校基本科研业务费专项(2023TJJBKY012)
中央高校基本科研业务费专项(2022TJJBKY009)
河南省重点研发与推广专项(222102210302)
河南省重点研发与推广专项(232102210022)
河南省高等学校重点科研项目(23A520042)
出版年
2024
NETL
NSTL
万方数据