Task-Oriented Network Abnormal Behavior Detection Method

Since network systems have become increasingly large and complex, the limitations of traditional abnormal packet detection have gradually emerged. The existing detection methods mainly rely on the recognition of packet features, which lack the association of specific applications and result in hysteresis and inaccurate judgement. In this paper, a task-oriented abnormal packet behavior detection method is proposed, which creatively collects action identifications during the execution of network tasks and inserts security labels into communication packets. Specifically, this paper defines the network tasks as a collection of state and action sequences to achieve the fine-grained division of the execution of network tasks, performs Hash value matching based on random communication string and action identification sequence for packet authentication, and proposes a mechanism of action identification sequence matching and abnormal behavior decision-making based on a finite state machine, according to the fine-grained monitoring of task execution action sequence. Furthermore, to verify the validity of the anomaly detection method proposed in this paper, a prototype based on the FTP communication platform is constructed, on which the simulation experiments, including the DDOS attack and backdoor attack, are conducted. The experimental results show that the proposed task-oriented abnormal behavior detection method can effectively intercept network malicious data packets and realize the active security defense for network systems.