关键词: 异常流量检测, 注意力机制, 数据不平衡, 轻量级网络, 通道空间注意力

Abstract: Network abnormal traffic detection is an important part of network security protection. At present, abnormal traffic detection methods based on deep learning treat the port number attribute the same as other traffic attributes, ignoring the importance of the port number. Considering the idea of attention, a novel abnormal traffic detection module based on Convolutional Neural Network (CNN) combining Port Attention Module (PAM) and Convolutional Block Attention Module (CBAM) was proposed to improve the performance of anomalous traffic detection. Firstly, the original network traffic was taken as the input of PAM, and the port number attribute was separated and sent to the full connection layer, and the learned port attention weight value was obtained, and the traffic data after port attention was output by multiplying with other traffic attribute points. Then, the traffic data was converted into grayscale map, and the CNN and CBAM were used to extract the information of the feature map on the channel and space more fully. Finally, the focus loss function was used to solve the problem of data imbalance. The proposed PAM has the advantages of small number of parameters, plug and play, and universal application. The accuracy rate of the model in this paper is 99.18% for the anomalous traffic detection dichotomous task and 99.07% for the multi-classification task on the CICIDS2017 dataset, and it also has a high recognition rate for classes with only a few training samples.

Key words: abnormal traffic detection, attention mechanism, data imbalance, lightweight network, Convolutional Block Attention Module (CBAM)