Security issues of large-scale local area network are becoming more prominent and the anomaly detection for the network traffic is the key means to solve this problem. On the other hand, it is a challenge to extract effective and accurate traffic features for anomaly detection. In order to resolve this challenge, multi-types of network flow features are designed and analyzed in the present study. These features include sequence packet features, general statistical features and environmental features, which can profile the characteristics of network flows accurately. Moreover, a method based on the hybrid neural network is proposed to detect anomaly by analyzing these features. One-dimensional convolutional network is implemented to analyze the sequence features in the hybrid neural network, while deep neural networks are utilized to learn the characteristics of high-dimension feature vectors including general statistical features and environmental features. The method can make comprehensive analysis for network anomaly detection. Two datasets of ISCX-IDS-2012 and CIC-IDS-2017 are carried out to evaluate the performance of the proposed method and other similar algorithms. The present study shows that the comprehensive performances of the proposed method are better than that for others algorithms. It is concluded that the proposed method can be applied for the anomaly detection applications with reasonable performance.

Introduction

Access security of the Large-scale Local Area Network (LLAN) is currently a network security issue that needs urgent attention [1].With the advent and development of network systems, most military and government institutions have built large-scale local area networks to enhance the corresponding office convenience. Studies show that the LLAN is a widely adopted network organization mode. Meanwhile, important LLANs store a large amount of private and sensitive information so that they are frequently faced with malicious acts of malefactors [2]. Therefore, security issues of local area networks are of significant importance and they have become increasingly prominent. Network anomaly detection is the main means of maintaining the network security [3]. Based on specific characteristics of the network traffic, a wide variety of anomaly detection methods and models has been developed. Different assumptions, including the sequential characteristics of the network traffic [4], statistical characteristics of the traffic [5] and the overall environmental distribution of the traffic [6], are made in this regard. However, almost all of these models only analyze the network traffic from a single characteristic. In fact, these methods only analyze one of the traffic characteristics among the sequence, statistics and the environmental properties of the network. On the other hand, the network traffic has different characteristics from different perspectives so that it is impossible to fully describe the characteristics of the network traffic [7].