Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (6A): 250200080-9.doi: 10.11896/jsjkx.250200080

• Information Security • Previous Articles     Next Articles

Network Attack Mitigation Framework Based on Normalized Processing and TrafficLLM

CHENG Kai, TANG Weidong, TAN Lintao, CHEN Jia, LI Xin   

  1. Centralchina Branch of State Grid Corporation of China,Wuhan 430077,China
  • Online:2025-06-16 Published:2025-06-12
  • About author:CHENG Kai,born in 1988.His main research interests include electric power network and information security.
  • Supported by:
    State Grid Corporation of China Company Science and Technology Project Research(SGHZ0000DKJS2400249).

PDF (PC)

46

Abstract: With the continuous expansion of the scale of power distribution and transformation network infrastructure,the information and communication traffic data generated by various types of security secondary equipment,edge terminal nodes,and business systems show significant differences in terms of format,protocol,and semantic characteristics.The main issues are reflected in the lack of a data normalization processing algorithm for multi-source heterogeneous network anomaly traffic detection in existing mitigation frameworks,the reliance of network attack behavior analysis on rule engines based on manual feature extraction,and the difficulty in determining effective network attack mitigation measures.To address the above pain points,a network attack mitigation framework based on normalized processing and TrafficLLM(NAMF-NPTLLM) is proposed.This framework includes four stages:feature selection,normalization processing,model fine-tuning,and generation of attack mitigation plans.Firstly,in the feature selection stage,an integrated voting mechanism is used to combine the results of various feature selection methods to accurately extract key features that have a significant impact on classification results.Secondly,the selected key features are norma-lized to generate a unified natural language token sequence expression,providing standardized input for the TrafficLLM model for traffic anomaly analysis in this network attack mitigation framework.Then,the TrafficLLM model is fine-tuned to enable it to understand prompt template instructions and learn the traffic patterns of attack behaviors.Finally,the fine-tuned large model is used for inference to generate attack mitigation instructions,allowing the framework to dynamically adjust network attack mitigation strategies based on the characteristics of attack behaviors.

Key words: Attack behavior detection, Data parsing, Normalization process, Integrated learning models, Cyber attack mitigation, Parameter fine tuning

CLC Number: 

  • TP393.08
[1]GUO Y D,MA J.DeepSeek was attacked by the network,sounding the alarm for the security of large models [N].2025-02-06.
[2]HUSSAIN F,ABBAS S G,SHAH G A,et al.A Framework for Malicious Traffic Detection in IoT Healthcare Environment [J].Sensors,2021,21(9).
[3]MA Q,SUN C,CUI B,et al.A novel model for anomaly detec-tion in network traffic based on kernel support vector machine [J].Computers & Security,2021,104.
[4]SHAFIQ M,TIAN Z,BASHIR A K,et al.CorrAUC:A Malicious Bot-IoT Traffic Detection Method in IoT Network Using Machine-Learning Techniques [J].IEEE Internet of Things Journal,2021,8(5):3242-3254.
[5]WEN W P,HU Y Z,ZHAO G L,et al.Design and Implementation of an Abnormal IP Identification System Based on Traffic Feature Classification[J].Netinfo Security,2021,21(8):1-9.
[6]FU C,LI Q,SHEN M,et al.Realtime Robust Malicious Traffic Detection via Frequency Domain Analysis [C]//Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security.2021:3431-3446.
[7]WANG J,YANG L L,YANG M.Multitier ensemble classifiers for malicious network traffic detection[J].Journal on Communications,2018,39(10):155-165.
[8]ZENG Q P,HE S M,CHAI J L.A Malicious TLS Traffic Detection Method with Multi-modal Features[J].Journal of Information Security Research,2025,11(2):130-138.
[9]YANG Y,LV H,CHEN N.A survey on ensemble learning under the era of deep learning [J].Artificial Intelligence Review,2023,56(6):5545-5589.
[10]WANG T,XIE X,ZHANG L,et al.ShieldGPT:An LLM-based Framework for DDoS Mitigation [C]//Proceedings of the 8th Asia-Pacific Workshop on Networking.2024:108-114.
[11]LIU X,LIU J.Malicious traffic detection combined deep neural network with hierarchical attention mechanism [J].Scientific Reports,2021,11(1):12363.
[12]LIN K,XU X,XIAO F.MFFusion:A multi-level features fusion model for malicious traffic detection based on deep learning [J].Computer Networks,2022,202:108658.
[13]WANG Z,THING V L.Feature mining for encrypted malicious traffic detection with deep learning and other machine learning algorithms [J].Computers & Security,2023,128:103143.
[14]TAN G X,PAN Y X,LIU Y J,et al.Current Status,Hotspots,and Trends in Malicious Traffic Identification Research-Visual Analysis Based on CiteSpace Knowledge Graph [J].Advances in Applied Mathematics,2024,13:2392.
[15]LIANG Z Q.Deep Learning Based Malicious Traffic Detection and Attack Recognition Research[J].Information Recording Materials,2023,24(12).
[16]YANG Y P,WANG S T.Study on Malicious Traffic Classification Algorithm Based on CNN Combined with BiGRU[J].Computer Science,2024,51(S2):867-875.
[17]XIA W,QIN C,HAZAN E.Chain of lora:Efficient fine-tuning of language models via residual learning [J].arXiv:240104151,2024.
[18]CHEN Y,QIAN S,TANG H,et al.Longlora:Efficient fine-tuning of long-context large language models [J].arXiv preprint arXiv:230912307,2023.
[19]GINIG E,YASOD,SILVA,et al.Trafficllm:Llms for Improved Open-Set Encrypted Traffic Analysis[OL].http://dx.doi.org/10.2139/ssrn.5074974
[20]BBEIMAN L.Random forests[J].Machine Learning,2001,45:5-32.
[21]FRIEDMAN J H.Greedy function approximation:a gradient boosting machine[J].Annals of statistics,2001:1189-1232.
[22]CORTES C,VAPNIKV.Support-vector networks[J].Machine Learning,1995,20:273-297.
[23]CHEN T,GUESTRIN C.Xgboost:A scalable tree boosting system[C]//Proceedings of the 22nd ACM Sigkdd International Conference on Knowledge Discovery and Data Mining.2016:785-794.
[24]DIETTERICH T G.Ensemble methods in machine learning[C]//International Workshop on Multiple Classifier Systems.Berlin:Springer,2000:1-15.
[25]WU D,WANG X,QIAO Y,et al.NetLLM:Adapting LargeLanguage Models for Networking [C]//Proceedings of the ACM SIGCOMM 2024 Conference.2024:661-678.
[1] SUN Ruijie, LI Peng, ZHU Feng. Study on Efficacy Mechanism for IoT Data Flow Threats [J]. Computer Science, 2025, 52(6): 397-404.
[2] LI Yuanbo, HU Hongchao, YANG Xiaohan, GUO Wei, LIU Wenyan. Intrusion Tolerance Scheduling Algorithm for Microservice Workflow Based on Deep Reinforcement Learning [J]. Computer Science, 2025, 52(5): 375-383.
[3] SUI Jiaqi, HU Hongchao, SHI Xin, ZHOU Dacheng, CHEN Shangyu. Tor Network Path Selection Algorithm Based on Similarity Perception [J]. Computer Science, 2025, 52(3): 391-399.
[4] TANG Ying, WANG Baohui. Study on SSL/TLS Encrypted Malicious Traffic Detection Algorithm Based on Graph Neural Networks [J]. Computer Science, 2024, 51(9): 365-370.
[5] CHEN Liang, LI Zhihua. Abnormal Traffic Detection Method for Multi-stage Attacks of Internet of Things Botnets [J]. Computer Science, 2024, 51(8): 379-386.
[6] LI Wenting, XIAO Rong, YANG Xiao. Improving Transferability of Adversarial Samples Through Laplacian Smoothing Gradient [J]. Computer Science, 2024, 51(6A): 230800025-6.
[7] TAN Jingqi, XUE Lingyan, HUANG Haiping, CHEN Long, LI Yixuan. Data Security Management Scheme Based on Editable Medical Consortium Chain [J]. Computer Science, 2024, 51(6A): 240400056-8.
[8] LIU Daoqing, HU Hongchao, HUO Shumin. N-variant Architecture for Container Runtime Security Threats [J]. Computer Science, 2024, 51(6): 399-408.
[9] WU Fengyuan, LIU Ming, YIN Xiaokang, CAI Ruijie, LIU Shengli. Remote Access Trojan Traffic Detection Based on Fusion Sequences [J]. Computer Science, 2024, 51(6): 434-442.
[10] WANG Yu, WANG Zuchao, PAN Rui. Survey of DGA Domain Name Detection Based on Character Feature [J]. Computer Science, 2023, 50(8): 251-259.
[11] WANG Qingyu, WANG Hairui, ZHU Guifu, MENG Shunjian. Study on SQL Injection Detection Based on FlexUDA Model [J]. Computer Science, 2023, 50(6A): 220600172-6.
[12] WEI Tao, LI Zhihua, WANG Changjie, CHENG Shunhang. Cybersecurity Threat Intelligence Mining Algorithm for Open Source Heterogeneous Data [J]. Computer Science, 2023, 50(6): 330-337.
[13] BAI Zhixu, WANG Hengjun, GUO Kexiang. Adversarial Examples Generation Method Based on Image Color Random Transformation [J]. Computer Science, 2023, 50(4): 88-95.
[14] LIU Wen-he, JIA Hong-yong, PAN Yun-fei. Mimic Firewall Executor Scheduling Algorithm Based on Executor Defense Ability [J]. Computer Science, 2022, 49(11A): 211200296-6.
[15] LI Jia-rui, LING Xiao-bo, LI Chen-xi, LI Zi-mu, YANG Jia-hai, ZHANG Lei, WU Cheng-nan. Dynamic Network Security Analysis Based on Bayesian Attack Graphs [J]. Computer Science, 2022, 49(3): 62-69.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.