通信网络流量分段隐蔽威胁深度包检测方法  被引量：2

作　　者：方欲晓 何可人[1] FANG Yuxiao;HE Keren(Office of IT Services and Big Data,Changzhou University,Changzhou 213164,China)

机构地区：[1]常州大学信息化建设与大数据处,江苏常州213164

出　　处：《现代电子技术》2024年第21期101-105,共5页Modern Electronics Technique

基　　金：江苏省现代教育技术研究2023年度智慧校园专项重点课题(2023-R-107305)。

摘　　要：深度威胁攻击涉及多个网络层次,攻击者可能会在不同层次之间进行转换和伪装,同时还会在不同网络层次中进行横向扩散,增加了威胁检测的难度。为保证通信网络安全、提高网络安全防御能力,需可靠实现流量分段隐蔽威胁深度检测,因此,文中提出基于深度图卷积神经网络的隐蔽威胁检测模型。采用Net-Flow技术捕获通信网络流量数据包;将捕获结果作为深度图卷积神经网络的隐蔽威胁检测模型的输入数据,依据该数据完成图生成,利用多层图卷积层提取深度层次的图节点特征;依据特征结果实现网络模型的离线训练;通过训练完成后的检测模型,在线深度检测网络流量分段隐蔽威胁,输出检测结果。测试结果显示,该方法可精准确定流量中的隐蔽威胁,隐蔽威胁检测的精准率均在0.956以上,检测质量指数结果均在0.95以上。Deep threat attacks involve multiple network layers,and attackers may switch and disguise among different layers.Meanwhile,the attackers spread across different network layers horizontally,which increases the difficulty of threat detection.In view of this,it is necessary to achieve deep detection of hidden threats in traffic segmentation reliably to ensure communication network security and improve the defense capabilities of network security.Therefore,a hidden threat detection model based on deep graph convolutional neural network is proposed.The Net-Flow technology is adopted to capture the communication network traffic data package.The captured results are taken as the input data for the hidden threat detection model based on the depth graph convolutional neural network.The graph generation is completed based on this data.The multi-layer graph convolutional layers are used to extract the graph node features at deep layers.The offline training of network model is implemented based on the results of the features.By training the completed detection model,online deep detection of segmented hidden threats in network traffic is carried out,and the detection results are output.The test results show that the proposed method can identify hidden threats in traffic accurately,and the accuracy rate of hidden threat detection is above 0.956.The results of the detection quality indexes are all above 0.95.

关 键 词：通信网络 流量分段 隐蔽威胁检测 流量包 深度神经网络 图卷积 图节点特征 图生成 

分 类 号：TN711-34[电子电信—电路与系统] TP393[自动化与计算机技术—计算机应用技术]