Shuhan Chen,Congqi Shen,Danrui Yu,Yuqin Wu,Chunming Wu

DOI: https://doi.org/10.1109/isncc52172.2021.9615889

2021-01-01

Abstract:Botnets provide a fundamental infrastructure for various kinds of network attacks, such as DDoS attack, etc. Detecting DDoS attack in botnet is a long-standing challenge. In this paper, we propose a novel method to detect DDoS attack in botnet through the analysis of packet forwarding and network traffic. The primary idea is to collect features from both overall network traffic and packet to describe the attack pattern and conduct a detection model with high accuracy. Firstly, apart from overall network traffic, we calculate several statistics related to looking up functions of flow tables during packet forwarding on switches to describe attack pattern. Secondly, these features are put into a deep learning model to detect DDoS attack. We perform evaluations under Software Defined Networking (SDN) paradigm. In particular, we compare the proposed method with traditional methods. The experimental results demonstrate that the proposed method is meaningful in improving the accuracy of DDoS attack detection by adding packet-level features extracted from packet forwarding.

Lu Chen,Tao Zhang,Yuanyuan Ma,Mu Chen

DOI: https://doi.org/10.1109/iist62526.2024.00098

2024-01-01

Abstract:With the increasing complexity, automation, and intelligence of network attacks, new types of attacks are constantly emerging in the network, posing great challenges to network attack detection and timely response based on prior rules. In order to more effectively and accurately identify abnormal traffic, a network abnormal traffic detection algorithm based on improved convolutional neural networks is proposed. The algorithm first inputs the key features of traffic anomaly monitoring, converts them into color images through visualization technology, extracts higher dimensional features, and then uses neural structure search technology to find a lightweight convolutional network structure with high accuracy and less time consumption. The optimal model is used to output the type of traffic anomaly. The results indicate that the algorithm has a higher accuracy and the shortest classification time for a single image.

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jun Li,Noel B. Linsangan,Huiguo Dong

DOI: https://doi.org/10.62677/ijetaa.2407123

2024-08-25

Abstract:This paper proposes an intelligent solution for network traffic prediction and anomaly detection in campus networks, addressing the increasingly severe network security challenges. The proposed approach innovatively integrates Convolutional Neural Networks (CNN) and Long Short-Term Memory networks (LSTM) to simultaneously extract local features and capture dynamic temporal dependencies of network traffic, significantly improving prediction accuracy. Based on this, an adaptive threshold anomaly detection algorithm is designed to automatically adjust detection sensitivity according to traffic variations, achieving a better balance between accuracy and recall rates. Additionally, an anomaly visualization scheme is presented, intuitively displaying the spatiotemporal distribution of network anomalies through heatmaps, assisting administrators in decision-making. Large-scale experiments demonstrate that this approach can effectively identify various security threats such as DDoS attacks, scanning probes, and botnets, with an overall detection rate exceeding 90% while maintaining a low false positive rate. Compared to traditional statistical and machine learning methods, the proposed approach exhibits stronger adaptability and generalization capabilities, providing crucial support for building an intelligent, precise, and reliable campus network security protection system. Future work will focus on further improving the real-time performance and robustness of the solution, expanding its application in new network scenarios such as IoT and edge computing.

Xisong Chen,Kaihong Yan,Tao Fu,Jin Zhang,D. Niu,Li Wang

DOI: https://doi.org/10.1109/CAC51589.2020.9327030

2020-11-06

Abstract:With the rapid development of information network, network security is becoming more and more important. Intrusion detection is an important component of the network security system. The traditional signature-based matching detection method is difficult to cope with the increasingly complex network environment. On the contrary, anomaly detection which is based on network traffic pattern analysis has obvious advantages in dealing with encryption attacks, zero-day attacks and other new attacks. This paper studies the network traffic anomaly detection, and proposes a traffic anomaly detection model which combines convolution neural network and eXtreme Gradient Boosting algorithm. First, the collected traffic data is preprocessed into appropriate format that meets the input requirements of the model. Then the improved LeNet-5 convolution neural network is used for feature learning, and finally XGBoost algorithm is used to classify the learning features. Experimental results show that the proposed network traffic anomaly detection method based on CNN and XGBoost has a high accuracy, and good experimental results have been achieved in both two- classification and multi-classification.

Computer Science

Jing Chen,Xiangyan Tang,Jieren Cheng,Fengkai Wang,Ruomeng Xu

DOI: https://doi.org/10.48550/arXiv.1903.11844

2019-03-28

Abstract:Distributed denial of service (DDoS) attack becomes a rapidly growing problem with the fast development of the Internet. The existing DDoS attack detection methods have time-delay and low detection rate. This paper presents a DDoS attack detection method based on network abnormal behavior in a big data environment. Based on the characteristics of flood attack, the method filters the network flows to leave only the 'many-to-one' network flows to reduce the interference from normal network flows and improve the detection accuracy. We define the network abnormal feature value (NAFV) to reflect the state changes of the old and new IP address of 'many-to-one' network flows. Finally, the DDoS attack detection method based on NAFV real-time series is built to identify the abnormal network flow states caused by DDoS attacks. The experiments show that compared with similar methods, this method has higher detection rate, lower false alarm rate and missing rate.

Cryptography and Security

Nisha Ahuja,Debajyoti Mukhopadhyay,Gaurav Singal

DOI: https://doi.org/10.1007/s00779-023-01785-2

2024-01-25

Personal and Ubiquitous Computing

Abstract:Software-defined networking will be a critical component of the networking domain as it transitions from a standard networking design to an automation network. To meet the needs of the current scenario, this architecture redesign becomes mandatory. Besides, machine learning (ML) and deep learning (DL) techniques provide a significant solution in network attack detection, traffic classification, etc. The DDoS attack is still wreaking havoc. Previous work for DDoS attack detection in SDN has not yielded significant results, so the author has used the most recent deep learning technique to detect the attacks. In this paper, we aim to classify the network traffic into normal and malicious classes based on features in the available dataset by using various deep learning techniques. TCP, UDP, and ICMP traffic are considered normal; however, malicious traffic includes TCP Syn Attack, UDP Flood, and ICMP Flood, all of which are DDoS attack traffic. The major contribution of this paper is the identification of novel features for DDoS attack detection. Novel features are logged into the CSV file to create the dataset, and machine learning algorithms are trained on the created SDN dataset. Various work which has already been done for DDoS attack detection either used a non-SDN dataset or the research data is not made public. A novel hybrid machine learning model is utilized to perform the classification. The dataset used by the ML/DL algorithms is a collection of public datasets on DDoS attacks as well as an experimental DDoS dataset generated by us and publicly available on the Mendeley Data repository. A Python application performs the classification of traffic into one of the classes. From the various classifiers used, the accuracy score of 99.75% is achieved with Stacked Auto-Encoder Multi-layer Perceptron (SAE-MLP). To measure the effectiveness of the SDN-DDoS dataset, the other publicly available datasets are also evaluated against the same deep learning algorithms, and traffic classification accuracy is found to be significantly higher with the SDN-DDoS dataset. The attack detection time of 216.39 s also serve as experimental evidence.

computer science, information systems,telecommunications

Yanfang Fu,Yishuai Du,Zijian Cao,Qiang Li,Wei Xiang

DOI: https://doi.org/10.3390/electronics11060898

IF: 2.9

2022-03-14

Electronics

Abstract:With an increase in the number and types of network attacks, traditional firewalls and data encryption methods can no longer meet the needs of current network security. As a result, intrusion detection systems have been proposed to deal with network threats. The current mainstream intrusion detection algorithms are aided with machine learning but have problems of low detection rates and the need for extensive feature engineering. To address the issue of low detection accuracy, this paper proposes a model for traffic anomaly detection named a deep learning model for network intrusion detection (DLNID), which combines an attention mechanism and the bidirectional long short-term memory (Bi-LSTM) network, first extracting sequence features of data traffic through a convolutional neural network (CNN) network, then reassigning the weights of each channel through the attention mechanism, and finally using Bi-LSTM to learn the network of sequence features. In intrusion detection public data sets, there are serious imbalance data generally. To address data imbalance issues, this paper employs the method of adaptive synthetic sampling (ADASYN) for sample expansion of minority class samples, to eventually form a relatively symmetric dataset, and uses a modified stacked autoencoder for data dimensionality reduction with the objective of enhancing information fusion. DLNID is an end-to-end model, so it does not need to undergo the process of manual feature extraction. After being tested on the public benchmark dataset on network intrusion detection NSL-KDD, experimental results show that the accuracy and F1 score of this model are better than those of other comparison methods, reaching 90.73% and 89.65%, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Dongpo Wang,Chengli Zhao,Xue Zhang,Boyu Liu,Xiang Li,Dongyun Yi

DOI: https://doi.org/10.1088/1742-6596/1693/1/012050

2020-01-01

Journal of Physics Conference Series

Abstract:With the increasing network threat, network anomaly detection has become a very challenging and indispensable task. In this article, we propose an anomaly detection algorithm through modeling computer network as temporal network. The active subnetwork is extracted from the original computer communication network and then projected to an undirected weighted network series, finally the abnormal behavior patterns of network series are detected based on eigenvectors. Data test experiment shows that the proposed algorithm has achieved very good results.

Aiguo Chen,Yang Fu,Xu Zheng,Guoming Lu

DOI: https://doi.org/10.1016/j.cose.2021.102600

2022-03-01

Abstract:The Internet environment is exposed to diverse and increasingly numerous intrusion attacks due to its continuously expanding scale, threatening the information and assets of individuals and companies. The application of machine learning and deep learning methods has significantly improved the performance of network behavior anomaly detection (NBAD). However, existing NBAD methods based on machine learning classify network behaviors with hand-selected feature vectors, which are not flexible enough to adapt to various cyber environments and new categories of attacks, resulting in low accuracy. Moreover, high-dimensional and large-scale data have significantly increased the training, retraining, and detection time, resulting in low scalability. To solve these problems, an efficient NBAD algorithm based on deep belief networks (DBN) and long short-term memory (LSTM) networks is proposed. First, a nonlinear feature extraction method using a DBN is applied to extract features automatically and reduce the dimension of the original data while guaranteeing accuracy. Then, a light-structure LSTM network is used to obtain the classification results. The results of multiple experiments show that the proposed approach performs well in feature learning and has high accuracy while obtaining results in a timely manner and easily updating the model.

computer science, information systems

Jin Ye,Xiangyang Cheng,Jian Zhu,Luting Feng,Ling Song

DOI: https://doi.org/10.1155/2018/9804061

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:The detection of DDoS attacks is an important topic in the field of network security. The occurrence of software defined network (SDN) (Zhang et al., 2018) brings up some novel methods to this topic in which some deep learning algorithm is adopted to model the attack behavior based on collecting from the SDN controller. However, the existing methods such as neural network algorithm are not practical enough to be applied. In this paper, the SDN environment by mininet and floodlight (Ning et al., 2014) simulation platform is constructed, 6-tuple characteristic values of the switch flow table is extracted, and then DDoS attack model is built by combining the SVM classification algorithms. The experiments show that average accuracy rate of our method is 95.24 % with a small amount of flow collecting. Our work is of good value for the detection of DDoS attack in SDN.

computer science, information systems,telecommunications

Zecheng Li,Shengyuan Chen,Hongshu Dai,Dunyuan Xu,Cheng-Kang Chu,Bin Xiao

DOI: https://doi.org/10.1109/tr.2022.3204349

IF: 5.883

2022-01-01

IEEE Transactions on Reliability

Abstract:Abnormal traffic detection is the core component of the network intrusion detection system. Although semisupervised methods can detect zero-day attack traffic, previous work suffers from high false alarms because the trained model is simply based on normal traffic. In this article, we propose an accurate abnormal traffic detection method using pseudoanomaly, consisting of an efficient feature extraction framework and a novel denoise autoencoder-generative adversarial network (DAE-GAN) model. The feature extraction framework adopts an innovative packet window scheme to extract spatial and temporal features from traffic flows. The DAE-GAN model has multiple DAEs to achieve efficient data augmentation and generate high-quality pseudoanomalies. The pseudoanomalies are obtained by adding noise on normal traffic and enhanced by adversarial learning in DAE-GAN. Our semisupervised detection method, exploiting both normal data and generated pseudoanomalies, achieves a precision of 98.6 on the NSL-KDD dataset and 98.5 on the UNSW-NB15 dataset. Compared with the state-of-the-art, the detection precision and recall under different user behaviors are significantly improved. The evaluation on four attack datasets shows that our method has a high flow-wise precision of over 99 and a high recall of 60.6.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Fei Wang,Hailong Wang,Xiaofeng Wang,Jinshu Su

DOI: https://doi.org/10.1016/j.mcm.2011.02.025

2011-01-01

Mathematical and Computer Modelling

Abstract:Detection of distributed denial of service (DDoS) attacks has been a challenging problem for network security. Most of the existing works take into account the anomaly features of the traffic caused by DDoS. However, these detection methods suffer from either less generality or high computational and memory costs in detecting subtle DDoS attacks. In this paper, we first present a model for DDoS attacks with quantitative measurements. Based on this model, we find that there are two factors that have a severe influence on the deviation of traffic features. In view of these two factors, the DDoS attack traffic observed by monitors can be trivial, leading to the subtle DDoS attacks which are difficult to detect. To detect the subtle DDoS anomalies at monitors close to the attack sources, we propose a novel multistage DDoS detection framework that consists of a NTS (Network Traffic State) prediction, a fine-grained singularity detection and a malicious address extraction engine. We also briefly introduced how to distribute our detection framework to enhance the performance of detecting world-wide DDoS attacks. Moreover, the prototype system is implemented and evaluated with real network traces from our campus network and testbed. The results show that our method can detect various DDoS attacks efficiently even though the attack rate is low. Our method can extract malicious IPs for attack reaction with records for a short period, and multiple monitors distributed in the network can fuse the results of extraction seamlessly to improve the accuracy of detection

Fengqin Zuo,Damin Zhang,Lun Li,Qing He,Jiaxin Deng

DOI: https://doi.org/10.1016/j.heliyon.2024.e32087

IF: 3.776

2024-05-29

Heliyon

Abstract:One of the critical technologies to ensure cyberspace security is network traffic anomaly detection, which detects malicious attacks by analyzing and identifying network traffic behavior. The rapid development of the network has led to explosive growth in network traffic, which seriously impacts the user's information security. Researchers have delved into intrusion detection as an active defense technology to address this challenge. However, traditional machine learning methods struggle to capture complex threats and attack patterns when dealing with large-scale network data. In contrast, deep learning methods have the advantages of automatically extracting features from network traffic data and strong generalization capabilities. Aiming to enhance the ability of network anomaly traffic detection, this paper proposes a network traffic anomaly detection based on Deep Residual Shrinkage Network (DRSN), namely "GSOOA-1DDRSN". This method uses an improved Osprey optimization algorithm to select the most relevant and essential features in network traffic, reducing the features' dimensionality. For better detection performance of network traffic anomalies, a one-dimensional deep residual shrinkage network (1DDRSN) is designed as a classifier. Validation is performed using the NSL-KDD and UNSW-NB15 datasets and compared with other methods. The experimental results show that GSOOA-1DDRSN has improved multi-classification accuracy, precision, recall, and F1 Score by approximately 2 % and 3 %, respectively, compared to the 1DDRSN model on two datasets. Additionally, it reduces the time computation costs by 20 % and 30 % on these datasets. Furthermore, compared to other models, GSOOA-1DDRSN offers superior classification accuracy and effectively reduces the number of features.

Beenish Habib,Farida Khursheed

DOI: https://doi.org/10.1002/cpe.7996

2024-02-16

Concurrency and Computation Practice and Experience

Abstract:Summary Internet data thefts, intrusions and DDoS attacks are some of the big concerns for the network security today. Detection of these anomalies, is gaining tremendous impetus with the development of machine learning and artificial intelligence. Even now researchers are shifting the base from machine learning to the deep neural architectures with auto‐feature selection capabilities. We in this paper propose multiple deep neural network architectures which can select, co‐learn and teach the gradients of the neural network by itself with no human intervention. This is what we call as meta‐learning. The models are configured in both many to one and many to many design architectures. We combine long short‐term memory (LSTM), bi‐directional long short‐term memory (BiLSTM), convolutional neural network (CNN) layers along with attention mechanism to achieve the higher accuracy values among all the available deep learning model architectures. LSTMs overcomes the vanishing and exploding gradient problem of RNN and attention mechanism mimics the human cognitive attention that screens the network flow to obtain the key features for network traffic classification. In addition, we also add multiple convolutional layers to get the key features for network traffic classification. We get the time series analysis of the traffic done for the possibility of a DDoS attack without using any feature selection techniques and without balancing the dataset. The performance analysis is done based on confusion matrix scores, that is, accuracy, false alarm rate (FAR), sensitivity, specificity, false‐positive rate (FPR), F1 score, area under curve (AUC) analysis and loss functions on well‐known public benchmark KDD Cup'99 data set. The results of our experiments reveal that our models outperform existing techniques, showing their superiority in performance.

computer science, theory & methods, software engineering

Daniel M. Brandão Lent,Vitor G. da Silva Ruffo,Luiz F. Carvalho,Jaime Lloret,Joel J. P. C. Rodrigues,Mario Lemes Proença

DOI: https://doi.org/10.1109/access.2024.3402069

IF: 3.9

2024-05-24

IEEE Access

Abstract:Network management is a crucial task to maintain modern systems and applications running. Some applications have become vital for society and are expected to have zero downtime. Software-defined networks is a paradigm that collaborates with the scalability, modularity and manageability of systems by centralizing the network's controller. However, this creates a weak point for distributed denial of service attacks if unprepared. This study proposes an anomaly detection system to detect distributed denial of service attacks in software-defined networks using generative adversarial neural networks with gated recurrent units. The proposed system uses unsupervised learning to detect unknown attacks in an interval of 1 second. A mitigation algorithm is also proposed to stop distributed denial-of-service attacks from harming the network's operation. Two datasets were used to validate this model: the first developed by the computer networks study group Orion from the State University of Londrina. The second is a well-known dataset: CIC-DDoS2019, widely used by the anomaly detection community. Besides the gated recurrent units, other types of neurons are also tested in this work, they are: long short-term memory, convolutional and temporal convolutional. The detection module reached an F1-score of 99@ in the first dataset and 98@ in the second, while the mitigation module could drop 99@ of malicious flows in both datasets.

computer science, information systems,telecommunications,engineering, electrical & electronic

Guanghan Duan,Hongwu Lv,Huiqiang Wang,Guangsheng Feng,Xiaoli Li

DOI: https://doi.org/10.1109/tifs.2024.3385321

IF: 7.231

2024-05-10

IEEE Transactions on Information Forensics and Security

Abstract:Deep learning (DL) greatly enhances cyber anomaly detection capabilities through effective statistical network characteristic. However, previous methods have not fully addressed two real-world scenario-driven challenges. 1) Frequent node access and disconnection sourced from free-bounded 5G/B5G cyberspace introduce unfamiliar communication behavior patterns, reducing the detection ability of the pre-trained DL model. 2) Low-frequency or sporadic communication behaviors lack stable patterns, posing a challenge for existing AI-driven models, including DL-based detection methods. To address these issues, we propose a cyber anomaly detection framework based on Continuous Temporal Graph (CTG) neural network from a new interaction-centered perspective. The proposed framework refines the concrete information interaction between network entities into the CTG evolution process, thereby naturally incorporating new node access behaviors into feature extraction on CTG neural network. We furthermore present a message aggregation scheme on CTG with fusion of spatio-temporal neighborhood, the actual time distribution and the historical state, thus transforming communication into a more stable pattern for the learning of low-frequency interactions. Extensive experiments on 4 novel datasets, including ToN-IoT, UNSWNB15, CIC-Dark2020, J.P. Morgan payment, demonstrate that our approach outperforms state-of-the-art methods, particularly in detecting new access and low-frequency behaviors.

computer science, theory & methods,engineering, electrical & electronic

Yonghong Wang,Xiaofeng Wang,Mazeyanti Mohd Ariffin,Masoumeh Abolfathi,Abdulmajeed Alqhatani,Laila Almutairi

DOI: https://doi.org/10.1016/j.compeleceng.2023.108655

2023-05-01

Abstract:The Software-Defined Network (SDN) provides a more flexible and effectively managed network design for next-generation networking. Network managers can easily manage and regulate the entire network using its programmable central controller architecture. This central controller serves as the focal point for numerous attack vectors due to its centralized structure. However, Distributed Denial of Service (DDoS) attacks against the SDN is the most prominent. The goal of this project is to use a machine learning method to categorize SDN traffic as either attack or normal traffic. Next, the Feature Selection method, such as the Filter-based Fisher score method, Wrapper-based method, and analysis of variables (ANOVA) f-test, is used for finely-granulated detection. Then, a rule-based detection method using the Renyi joint entropy algorithm is employed to detect DDoS attacks on SDN controllers. We manage a public "DDoS attack SDN Dataset" with 23 attributes overall. The dataset includes normal and attack traffic for the Internet Control Message Protocol (ICMP), User Datagram Protocol (UDP), and Transmission Control Protocol (TCP). Except for attributes that specify the target and source machines, the dataset, which contains more than 100,000 recordings, has statistical features such as byte count, duration sec, packet rate, and packet per flow. In the classification process, many classifiers such as Artificial Neural Network (ANN), XGBoost (XGB), Support Vector Machine (SVM), and k-Nearest Neighbor (k-NN) were used. The test results demonstrated the efficacy and efficiency of the suggested strategy using the analysis of variables (ANOVA), which performed better than competing methods across a range of evaluation parameters.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Minghui Gao,Li Ma,Heng Liu,Zhijun Zhang,Zhiyan Ning,Jian Xu

DOI: https://doi.org/10.3390/s20051452

IF: 3.9

2020-03-06

Sensors

Abstract:Anomaly detection systems can accurately identify malicious network traffic, providing network security. With the development of internet technology, network attacks are becoming more and more sourced and complicated, making it difficult for traditional anomaly detection systems to effectively analyze and identify abnormal traffic. At present, deep neural network (DNN) technology achieved great results in terms of anomaly detection, and it can achieve automatic detection. However, there still exists misclassified traffic in the prediction results of deep neural networks, resulting in redundant alarm information. This paper designs a two-level anomaly detection system based on deep neural network and association analysis. We made a comprehensive evaluation of experiments using DNNs and other neural networks based on publicly available datasets. Through the experiments, we chose DNN-4 as an important part of our system, which has high precision and accuracy in identifying malicious traffic. The Apriori algorithm can mine rules between various discretized features and normal labels, which can be used to filter the classified traffic and reduce the false positive rate. Finally, we designed an intrusion detection system based on DNN-4 and association rules. We conducted experiments on the public training set NSL-KDD, which is considered as a modified dataset for the KDDCup 1999. The results show that our detection system has great precision in malicious traffic detection, and it achieves the effect of reducing the number of false alarms.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhihong Zhang

DOI: https://doi.org/10.1109/ICTEI60496.2023.00065

2023-09-11

Abstract:At present, most network intrusion detection is to analyze the data afterwards, that is, after the attack, it can react. This is not conducive to the timely detection of anomalies and the effective management of the network. Therefore, this paper designs a network traffic anomaly detection algorithm based on Deep CNN (Convective Neural Network). For the safety and reliability of data transmission and the reasonable allocation of network resources, it is necessary to detect the anomaly of network traffic. In view of the current Internet security requirements, simple and quick methods can quickly and effectively detect security incidents when they break out, thus gaining time for network defense. Finally, the detection accuracy of the algorithm proposed in this paper is compared with GA and ACA. The results show that the detection accuracy is the ratio between the number of abnormal traffic time series detected and the expected number of abnormal sequences. It can be seen that the accuracy of the three algorithms can reach $50 \%$, but the detection accuracy of the algorithm proposed in this paper is the highest, with an average accuracy of $94.13 \%$. The algorithm in this paper ensures a high detection speed while maintaining a certain detection accuracy.

Engineering,Computer Science