The Deep Learning Modules for Cyberattack Identification in NetFlow Data Log with Ceph

摘要

In today's fast-moving information era, there is no doubt that the Internet has become an indispensable part of human life. However, in the world of the Internet, it also hides unusual network behavior. Find the hidden unusual network behavior can reduce the vulnerability in the network. This paper proposes a complete architecture to store and analyze the collected network log data. We process and integrate the network data collected by each router on the campus, and store the integrated data in the Ceph storage. Ceph distributed storage environment with open source, high performance, high reliability and scalability, and preliminary preprocessing of raw materials through Python, eliminating redundant fields and unit unification. The collated data set is divided into two parts analysis, and part of the abnormal analysis is part of attack identification. In the sub-analysis, we find the abnormal data period and total flow through the standard deviation of three standard deviations. Moreover, we use Keras to identify the real-time data obtained by a cyberattack, establish an automatic identification model through the recurrent neural network (RNN), an experiment and adjust various parameters without affecting the accuracy. Further, optimize the RNN automated identification model. The identification accuracy of the optimization model in attack identification is about 98%.