Research On Network Traffic Anomaly Detection Method Based On Combination Learning

With the continuous development of the Internet,the network has penetrated into all aspects of life.While the network brings great convenience to people's lives,it also brings serious network security problems.Intrusion detection technology based on network traffic has always been a hot issue in network security.This paper uses the combined learning method for the study of network traffic anomaly detection.A method of network traffic anomaly detection algorithm based on logistic regression and decision tree is proposed,and a distributed denial of service attack detection algorithm based on genetic algorithm and gradient lifting tree is proposed.The main work of this paper is as follows.Firstly,it is found that there is a problem of high-dimensional features in network traffic detection by analyzing the research status of network traffic anomaly detection technology.However,useless features will increase the computational complexity and reduce the accurary when detecting the traffic anomaly.Secondly,this paper proposes a feature selection method based on recursive feature elimination and logistic regression for the problem of high-dimensional characteristics of network traffic data to obtain the order of importance of traffic characteristics.Using the decision tree algorithm to model and classify network traffic with accuracy rate indicators.Thirdly,it is found that it is difficult to distinguish normal traffic and denial of service attack when detecting the network traffic anomaly,however,the current security domain is more concerned with distributed denial of service attacks,because it is more harmful but having the same principle with DOS.Therefore,this paper designs a detection algorithm for distributed denial of service attacks.The first stage of the algorithm is the feature extraction of the distributed denial of service attack using genetic algorithm and decision tree.The selected optimal feature subset is input to the second stage of distributed denial of service attack detection algorithm based on gradient lifting tree.Finally,this paper conducts experiments on the UNSW-NB15 dataset by using the method of network traffic anomaly detection algorithm based on logistic regression and decision tree,and performs distributed denial of service attack detection in the CICIDS dataset by using a method based on genetic algorithm and gradient lifting tree.The effectiveness of the proposed method is verified by experiments.