Improved SVM For Recognition And Classification Based On Malicious Traffic

Malicious traffic detection as a proactive defense technology can make up for the limitations of traditional security technology.As a common machine learning algorithm for malicious traffic detection,support vector machine(SVM)has great influence on the classification results.The gravity search algorithm is a new type of intelligent search algorithm,which has excellent performance and rich theoretical basis.However,when the traditional gravity search algorithm is used to search for optimal results,the problem of local optimization often occurs.To improve the effect of malicious traffic detection,not only can the performance of the classifier be improved,but feature selection is also an important part of malicious traffic detection.The existence of redundant features will not only reduce the performance of the classification model,but also greatly increase the classification time of the model.Therefore,how to effectively select features has become a hot research topic.Based on these problems,this thesis has done the following work:1.This thesis improves the gravitational search algorithm,mainly aiming at the shortcomings of the gravitational constant rapid decline in the algorithm and the particle's non-group learning ability that are easy to cause local optimization.The optimization ability of the algorithm is improved by introducing Sigmoid function and particle swarm algorithm ideas.Then the benchmark function is used to test the traditional algorithm and related algorithms.The results prove that the improved algorithm in this thesis not only has good optimization ability but also has the ability to jump out of local optimization.Finally,the algorithm in this thesis is used to optimize the relevant parameters in the support vector machine to construct a classifier,and the NSL-KDD data set is used to detect malicious traffic.The final experimental results show that after optimization,the classification accuracy is effectively improved by 8.3%,compared with the comparison algorithm Increased by 3.6%,which proves the effectiveness of the algorithm in this thesis.2.In this thesis,the decision tree and recursive feature elimination are combined to build the encapsulation feature selection.At the same time,the filter feature selection algorithm is used to improve the efficiency and build the hybrid feature selection model.The optimal feature subset is obtained by feature selection for the data set composed of normal traffic and four attack types.Then,the decision tree classifier and random forest classifier are used to build the prediction model,and the two models are compared with the prediction results without feature selection.The experimental results show that after using the feature selection algorithm in this thesis,the classification time of decision tree algorithm is reduced by 11.6s,which is 21.9% of the original time.With the addition of filter feature selection algorithm,the time of feature selection process is reduced to 70.5% of the original time,and each index is slightly improved.Finally,the results of this algorithm are compared with the relevant literature.The results show that this algorithm is reasonable and provides a new idea for the research of malicious traffic detection.