基于CWGAN-GP平衡化的网络恶意流量识别方法

在网络恶意流量识别任务中，存在恶意流量样本数量与正常流量样本比例不平衡问题，从而导致训练出的机器学习模型泛化能力差、识别准确率低。为此，在网络流量图片化的基础上提出一种利用具有梯度惩罚项的条件Wasserstein生成对抗网络(CWGAN-GP)对少量数据类进行平衡的分类方法。该方法首先借助网络流量图片化方法将原始流量PCAP数据按照流为单位进行切分、填充、映射到灰度图片中；然后使用CWGAN-GP方法实现数据集的平衡；最后，在公开数据集USTC-TFC2016和CICIDS2017上使用CNN模型对不平衡数据集和平衡后的数据集进行分类测试。实验结果表明，使用CWGAN-GP的平衡方法在精确度、召回率、F1这3个指标上均优于随机过采样、SMOTE、GAN以及WGAN平衡方法。

Network Malicious Traffic Identification Method Based on CWGAN-GP Category Balancing

In the network malicious traffic identification task, there is an imbalance between the ratio of the number of malicious traffic samples and the number of normal traffic samples, which leads to poor generalization ability and low recognition accuracy of the trained machine learning model. To solve this problem, this paper proposes a classification method that balances a small number of data classes by using the conditional Wasserstein generative adversarial network (CWGAN-GP) with gradient penalty items based on the visualization of network traffic. This method first uses the network traffic visualization method to segment, fill, and map the original traffic packet capture (PCAP) data into gray-scale images according to the flow as a unit, and then applies the CWGAN-GP method to achieve the balance of the dataset. Finally, in the public dataset USTC-TFC2016 and CICIDS2017, the convolutional neural network (CNN) model is used to classify and test the unbalanced dataset and the balanced dataset. The experimental results show that the balance method using CWGAN-GP is better than the random oversampling, SMOTE, GAN and WGAN balance methods in the three indicators of Precision, Recall, and F1.