Research On Firewall Abnormal Traffic Identification Based On Bat Algorithm

With the rapid development of the Internet,the use of the Internet will continue to expand.Every day,hundreds of millions of people use the Internet,browse the web,shop online,pay online,send emails,and more.The Internet has brought security threats to people as well as convenience.Therefore,how to improve the security,reliability and usability of the network is an urgent problem to be solved.Accurate identification of abnormal traffic is a key issue for improving network security in network security.Support Vector Machine(SVM)has been widely used in the field of pattern recognition.However,in the concrete problems,the features of abnormal traffic,the selection of kernel function and its parameters will play a key role in the classification performance of SVM.Therefore,the main work of this paper is mainly on two aspects of the problem under the framework of a Linux firewall system based on SVM.Firstly,an improved binary bat algorithm is proposed to reduce the dimensionality of high-dimensional anomalous traffic in the data preprocessing module.Secondly,in the SVM recognition module,an improved bat algorithm is used to optimize the SVM kernel parameter and penalty parameter C to improve the recognition accuracy.In this paper,The concrete research work has the following aspects.(1)Linux firewall system framework based on SVM algorithm is proposed.The advantages and disadvantages of DPI and DFI anomaly traffic identification technology are analyzed.Therefore,the framework of Linux firewall system based on SVM is proposed.In this framework,the Netfilter framework is used to capture network packets,and abnormal traffic is recognized by the SVM identity module in user mode.Iptables rules are dynamically added to defend against network attacks.(2)Improved binary bat algorithm is used for abnormal traffic feature selection.Firstly,because the defects that the basic bat algorithm is easy to fall into the local optimum and the solution precision is not high,an improved new bat algorithm is proposed.Experimental results show that the improved new bat algorithm improves the performance of optimization compared with the basic bat algorithm and particle swarm optimization algorithm.Second,due to the large amount of data and the high number of dimensions in the abnormal traffic,this will result in a large amount of computation and a decrease in recognition rate.An abnormal traffic feature selection method based on improved binary bat algorithm is proposed,and the optimal feature subset is saved when the fitness function is optimal.(3)Anomaly Traffic Identification Based on Improved Bat Algorithm to Optimize Support Vector Machine Parameters.Because the selection of kernel function parameters and penalty parameters plays a key role in the classification performance of SVM,Support vector machine kernel function parameters and penalty parameters are optimized by the improved bat algorithm to improve abnormal traffic identification rate.In this paper,several standard UCI datasets and true abnormal traffic datasets are selected,and the improved bat algorithm,the basic bat algorithm and the PSO algorithm are compared respectively.The experimental results show that the improved new bat algorithm optimizes SVM parameters,making the SVM classification accuracy higher than basic bat algorithm and particle swarm optimization.