关键词: 恶意流量检测, 深度学习, 多模型并行融合, 卷积神经网络, 双向长短期记忆网络

Abstract:

A malicious traffic detection method based on a multi-model parallel fusion network was proposed to address the issue of incomplete reflection of original traffic information and poor accuracy in identifying malicious traffic when using a single sequential deep learning detection model. The parallel approach was used to combine one-Dimensional Convolutional Neural Network （1D-CNN） and Bi-directional Long Short-Term Memory （Bi-LSTM） network for feature extraction and traffic recognition. Each branch directly facing to the original traffic， both spatial and temporal features were extracted. A common fully connected layer was used for feature fusion， which could more accurately reflect the original traffic information and effectively improved the accuracy of malicious traffic identification. Experimental results on the open-source NSL-KDD dataset demonstrate the superior performance of the proposed method in terms of feature extraction capability， robustness， and online learning ability for malicious traffic detection.

Key words: malicious traffic detection, deep learning, multi-model parallel fusion, Convolutional Neural Network (CNN), Bi-directional Long Short-Term Memory (Bi-LSTM) network