Research On Network Anomaly Behavior Detection Technology Based On Rough Set And Classification Algorithm

Network applications become more and more which accompanied by a variety of network attacks. Currently network anomaly detection researches based on data mining have achieved some fruit, but due to the diversities and complexities of the attack, these studies in terms of detection efficiency and quality still exist room for improvement. Therefore continuing to research network abnormal behavior detection technology is of great significance.Aiming at the problem of efficiency and quality, this paper studies a kind of network anomaly behavior detection technology based on rough set and classification algorithm.First of all, this paper analyzes the feasibility of reducing the dimension of the network traffic from the theory of rough set reduction algorithm. At the same time, the increasing flow data will take more and more time on dimension reduction, this paper proposes a incremental rough set reduction algorithm based on equivalence class.The method makes the most of what we already have and related equivalence class to get incremental reduction of the new flow. Experiments prove that the incremental reduction based on equivalence classes can shorten the reduction time and reduce the computing resources. The reduction efficiency is increased obviously with the increase of the amount of data.Secondly, this paper discusses the advantages and disadvantages of the network anomaly detection model based on the K nearest neighbor algorithm, and proposes an improved model based on the K dimension tree. The model divides the training data of network traffic on a certain level to facilitate the rapid detection of K nearest neighbors, so as to achieve the purpose of fast detection. The experimental results show that the improved model based on K dimension can improve the efficiency of network anomaly behavior detection under the premise of keeping the detection rate changeless.Then this paper designs and realizes a service-oriented archetype system about network anomaly behavior detection. Under the principle of flexible combination of services the system splits the network anomaly behavior detection technology in all aspects into atomic services. On this basis, the system is added the data dimension reduction services.Finally, this paper makes a regression verification based on the services provided by the system. Basic algorithm verification proves every single classification model based on rough set can improve the efficiency of model training and detection efficiency. Combined model validation proves that the detection model based on combination of multiple single classification model has a higher detection rate and a lower false alarm rate, which means to improve the detection quality of network anomaly detection system.