Research On Detection Method Of Anomaly Traffics Based On Entropy And Improved SVM

Network system and information technology are developing rapidly all around the world. Society and the people’s life can’t live without them. Computer and network bring much benefit to the world. But at the same time, we must confront with all sorts of network security problems. Anomaly detection as the network security protection system has gradually become the research emphases in the network security area. Network anomaly traffics analysis is a key part of the anomaly detection, detected abnormal accurately and timely on improving network availability and reliability has the extremely vital significance.First of all, the paper makes some analyses and researches to the existing network anomaly traffics detection methods, each method has its own characteristic and applicability. According to large network traffic data with dimensions and rapid speed, and the characteristics of various abnormal attacks, availability of the existing statistic analysis with this kind of data ability is limit. It is necessary that a simple and effective anomaly analysis method detect abnormalities quickly and accurately.This paper proposes a detection method of anomaly traffics based on entropy and improved SVM. It uses flow link level as test object and introduces entropy theory, which extracts flow data according to flow feature attribute, and reflects the changes of the flow characteristic value. Then, the paper proposes SVM method and illustrates its purpose and theory. At the same time, the paper showed the importance of adding KKT condition as the improvement vividly. After combining the above two methods, the paper respectively trained normal traffic set and abnormal traffic set, using them to finish detection of network traffic anomaly.The result, which has been turned out by many simulated attacks and contrasting unimproved SVM anomaly detection method shows that using the abnormal flow new detection method based on entropy and improved SVM can effectively discover the abnormal traffic and make a good distinction between the different abnormal traffic. This method, which operation is simple, the processing time is short, in the meanwhile, it has the lower false negative rate and false alarm rate. To some extent, the method proposed in this paper improve the network anomaly traffics detection and classification ability and provide the valuable reference for designing actual distributed anomaly detection svstem.