Research On Network Anomaly Detection Algorithm Based On Traffic Data

Upon the Internet appeared in our life, the internet technology is in a highly development that respect the Internet society is coming, so does the Big Data Times( Digital Marketing), which is not only convenient the parturition, but also benefits the people’s daily life greatly. While as the great evolution of Internet in convenient of human beings, the network security problems still accompanied with the endlessly attract, which bring great harm to people’s lives. Especially in the era of big date times, government and military agencies have demand to promote network security in national strategy.People to the internet research have a long history, but also enduring and appeared all kinds of problems about network security solves in the changeable world. Nowadays researches have got great achievements on the integrated results of previous studies, but at the same time, the low efficiency, the detection rate is relatively low, it’s need to deal with huge date in a high speed, so we still have a further study on the network anomaly detection.In order to improve the efficiency of building normal behavior model, the detection on rate and reduce the rate of false positives. First of all, reviews the development of network technology and related knowledge of network anomaly detection, analyzes the problems existing in the anomaly detection, defined as the study of network anomalies of total principle. And then, through the analysis of network flow data, according to the network abnormal data of rule to extract the four characteristics of data attribute index, reducing the amount of data characteristics by means of information entropy, then use the modified binary K-means algorithm of feature attribute index establishing normal behavior characteristics of the training set. Finally, according to the characteristics of normal behavior training set to check testing data, by the study of TCM-KNN algorithm analysis to improve proposed fusion modified binary K-means algorithm ATCM-KNN algorithm thought together.For verification of algorithm, this paper chose Lincoln laboratory data sets, using theory and simulation experiment, is given to illustrate the effectiveness of the chosen data attributes, data by means of information entropy features reduce a certain amount of data; in the validation build normal behavior characteristics when the efficiency of the training set, modified binary K-means algorithm is used to contrast the traditional clustering algorithm on efficiency is improved; on the test of data checking the balance between detection rate and false alarm rate compared with the traditional detection algorithm is relatively better, when did we take ATCM-KNN algorithm in anomaly detection.