Svm-based Network Traffic Anomaly Detection System

With the continuous development of Internet, network security has become a growing concern, network traffic anomaly detection system, following the gradual rise of the firewall protection after one of the means. Flow-based anomaly detection techniques have, such as domain-based value, statistics, wavelets, Markov and other stochastic processes, and based on machine learning, data mining, and neural network detection techniques. One major problem of network is how real-time, accurate assessment of traffic anomaly detection.This article will introduce SVM to the network traffic anomaly detection system, the improved SMO algorithm based on network traffic and further improve the detection time and accuracy. Support Vector Machine learning because of its excellent performance by more and more people concerned about the mature theoretical system, and gradually formed the basis of the basic framework of the various algorithms into the twenty-first century to explore network traffic anomaly detection of a new idea.This paper is a study of Support Vector Machines as the core module build a network traffic anomaly detection systems, first introduced Support Vector Machines classification of key technologies, on the current SVM classical algorithm for comparing and analysis, and presents the WC-adaptive SMO SVM classification machine learning algorithm, using this algorithm to generate the training model as discrimination based on the weighted combination of the idea category predicted the existence of abnormal test samples.The main contributions of this paper include:the adaptive learning method is introduced to the training of Support Vector Machine algorithm to speed up the training data samples, detection speed, on this basis to improve the detection accuracy;Based on the model CIDF proposed to improve the network traffic anomaly detection system, through various modules in the system, gives the system the role and functions, including traffic anomaly detection SVM as the core module to play a major role;In order to further improve the performance of Support Vector Machines, in the verification process on the current use of the various kernel functions were compared, through the various attempts, finally established network traffic anomaly detection system for the kernel function method.