Research On The Method Of Traffic Anomaly Detection For Large-scale Network

With the rapid development of computer networks,computer networks become more and more important in the daily activities.In particular,computer networks have become a part of critical infrastructure that has strategic implications to our society and economy.These developments result in highly dynamic network utilization,where traffic fluctuations and seemingly random and anomalous traffic patterns are often present and difficult to detect.In order to ensure the protection and recovery of the network,it is necessary to make better observation and analysis of the network traffic.As such,traffic anomaly detection is designed to detect and describe key anomalies that affect the network infrastructure,which can be malicious or unintentional,such as attacks,failures,misconfiguration,or legitimate but abnormal network usage,such as flash crowd.However,while there are a large number of algorithms and techniques for studying different factors of network traffic anomalies,most studies are usually focused on a particular aspect or method,with little research on the overall environment.This paper aims to analyze the current situation of network anomaly detection,and decomposed the traffic anomaly detection problem into four dimensions: processing cost,granularity of diagnosis,theoretical method and traffic features.Then,the research field of traffic anomaly detection is further analyzed,and the various components of the problem are discussed respectively.Combined with many kinds of statistical analysis,information theory and other technologies,a variety of traffic anomaly detection methods are put forward from different angles.The main contents of the study are as follows:Firstly,it is difficult to eliminate the abnormal network communication generated by weak correlation data.Therefore,propose a detection method of abnormal weak correlation data in network communication based on feature analysis.The proposed method updates the basic detection principle of the traditional method and adds thesteps to set abnormal weak correlation data feature types by using association rule to get more difference features between normal and abnormal data.The method tests abnormal flow data by using Netflow system,unifies data format,and extracts abnormal weak correlation data feature in abnormal flow according to coarse grain size representation.The information entropy is used to define the standard information entropy of abnormal weak correlation data.The weak correlation data is detected in fractal dimension for different time periods,and anomaly detection results are obtained.Experimental results show that the proposed method can effectively improve the adaptive ability of network communication.Secondly,when using machine learning algorithms for traffic anomaly detection,the selection of feature subsets is very important.In the case of using support vector machine(SVM)for traffic anomaly detection,the efficiency and performance of the SVM algorithm mainly depend on the kernel type and its parameters.To deal with the problem,in the use of SVM for traffic anomaly detection,it is necessary to consider both feature selection and parameter optimization.Therefore,the idea of combining genetic algorithm with optimization is proposed to optimize SVM parameters at the same time of feature selection.However,when using genetic algorithm to solve optimization problems,the user must specify some parameters.Because different genetic operators are suitable for different application fields,parameter adjustment is a difficult task.In this paper,a genetic algorithm scheme of random variation of genetic operators is proposed.The proposed method aims to mimic nature more closely.In this approach,non-uniform crossover and selection techniques are employed.Gender reproduction is also used in cases where the number of children born depends on the fertility rate.In addition,parents can adopt a new child.Added age and age of death between exploration and development of search space.Using these methods,population diversity can be effectively maintained and the performance of genetic algorithms improved.Then,combining the improved adaptive genetic algorithm and support vector machine.The improved adaptive genetic algorithm is used to find the best subset of features adaptively and optimize the parameters of SVM model at the same time,so asto improve the efficiency of the algorithm in abnormal flow detection.Experimental results show that the proposed method maximizes the accuracy of SVM in detecting abnormal flow while minimizing the number of selected features.Finally,k-means clustering has been widely studied and applied to the problem of traffic anomaly detection.Its performance is affected by the different selection of random initial clustering center and the effect of abnormal detection and classification.The idea of combining grasshopper optimization algorithm to optimize k-means clustering is proposed.Taking the best solution of the grasshopper optimization algorithm as the initial point of k-means algorithm,which greatly improves the global search ability and local search ability of traffic anomaly detection.The experimental results show the effectiveness of the proposed algorithm.