Summary
With the continuous improvement of the complexity, automation and intelligence of network attacks, new attack types are constantly emerging in the network. These unprecedented new attacks bring great challenges to signature-based network attack detection and response. . Network traffic anomaly detection can detect traffic that is significantly different from normal traffic by analyzing network traffic. Because it does not rely on static signatures, it is regarded as an effective means of detecting unknown new attacks. Researchers have proposed many solutions for the detection of abnormal network traffic, including solutions based on statistical learning methods, solutions based on unsupervised machine learning, and solutions based on supervised machine learning, ranging from traffic characteristics, feature engineering, detection models, and application scenarios to these The program was systematically reviewed.
Content directory:
1 Network traffic data collection
1.1 Basic characteristics of connections
1.2 Content characteristics of connections
1.3 Traffic statistical characteristics
1.4 Original load
2 Detection model
2.1 Statistical model
2.1.1 Simple statistical model
2.1.2 Model based on covariance matrix
2.1.3 Hidden Markov-based model
2.2 Supervised classification model
2.3 Unsupervised model
2.3.1 Model based on clustering algorithm
2.3.2 Model based on isolated forest
2.3.3 Model based on autoencoder
2.3.4 LSTM-based model
3 Future research directions and challenges
4 Conclusion
The rapid development of network technology and the great convenience it brings have made it widely used in daily production and life. But what followed was a large number of attacks targeting hosts and network infrastructure on the network. According to a security report released by Check Point Software in 2021, global cyber attacks against enterprises have increased by 29%. Among them, US enterprises suffered an average of 443 attacks per week, and the Asia-Pacific region suffered an average of 1,338 attacks per week. Among these frequent attacks, many employ new