| Today, the number of Internet users is continuously increasing with new networkapplications. People’s work and daily life increasingly rely on the Internet. But, at the same time,network security attacks have emerged endlessly which have the characteristics of stealthinessand frequent update. Many security vulnerabilities are exposed and exploited by attackers. Inorder to guarantee for the healthy development of the Internet, it is necessary to enhanceanomaly traffic detection. Now, many researchers focus on the detection methods using machinelearning technologies.This thesis mainly studies the remote control malwares which can disclose users’ privacyand steal sensitive information, such as accounts and passwords. In this thesis, we analyze theinteractive communication features of the anomaly traffic, and then present the selected featureset. We also in-depth study knowledge of the machine learning algorithms and feature selectionalgorithms. This thesis analyzes the shortcomings of the traditional anomaly traffic detectionmethods. After that, we propose a two-level abnormal network traffic detection system usingmachine learning algorithm. The detection process can be divided into two steps. In the first step,the system filters out the most normal flows by computing the similarity value to reduceprocessing overhead in the system. In the second step, the remaining network traffic will beidentified by the classifier. We evaluate the performance which includes accuracy and speed ofthe system by using Weka, a kind of machine learning software. The experimental results showthat the system has good performance in terms of accuracy and speed. |
PDF Full Text Request