Abnormal Traffic Detection System Based On Machine Learning

With the development of network technology, network security issues have become increasingly prominent; anomaly detection in this field has also been a focus of the majority of scientists. The researchers use self-similar method, the theory of data mining, statistical models and others to research in this area. This paper studies the network traffic anomaly detection in-depth.Support vector machine is an algorithm based on statistical learning theory in the beginning of the nineties of the last century. It is based on the structural risk minimization and VC dimension theory, and it is able to handle a small sample of data and has good generalization ability. So it is widely used in pattern recognition, regression estimation and other fields. This article uses support vector machine to detect abnormal network traffic.This paper designs network anomaly detection system based on support vector machines which based on CIDF framework, uses support vector machine for system core-Event Analyzer. This paper analyses its feasibility, constructor of multi-class support vector machine, and elaborates the functions of the various components and data interaction processes.Anomaly flow data has a high dimension. This paper uses feature selection algorithm based on information entropy, extract the important feature and remove redundant features and reduce the dimension. By contrast experiment, to verify the correctness of the algorithm, the detection accuracy is almost the same; reduce the training and testing time. Kernel functions and parameters choice has always been the core problem of support vector machine, this paper found RBF kernel is more suitable for the detection of abnormal traffic problems by contrast experiment. This paper analyses advantages of BRF function. The paper elaborates the basic nature of the kernel function and how to construct a kernel function. On this basis, the part of the distance in the original RBF kernel is replaced by a new one with the right value of distance formula to construct a new nuclear function. The improved RBF kernel considers that abnormal flow data sets is heterogeneous data sets, the standardization of the value of the difference between data is more conducive to machine learning, and to consider the contribution of each characteristic attribute for categories, to achieve weight values of different characteristics are different purpose by fuzzy function. Theoretically speaking, the improved RBF function is reasonable solution for a set of heterogeneous data and improves detection accuracy.