Network Traffic Anomaly Detection Based On Learning Automata

As an effective proactive security countermeasure,network traffic anomaly detection can provide premise support for the detection of known and unknown network attacks.It is one of the important research projects in the field of information security.Along with the wide spread of the network and explosive growth of the data volume in cyberspace,network traffic data increasingly shows the characteristics of large traffic,high feature dimensions.And at the same time,the types of network attacks faced are also becoming increasingly diverse,and also more complex in attacking behaviors.In this context,in order to adapt to the requirements of new environment for network development,people have been constantly pursuing the performance improvement of network traffic anomaly detection technology.In terms of network traffic anomaly detection,the current mainstream method is to use feature optimization selection combined with classification to carry out traffic detection.However,in the aspect of feature selection or classification judgment,there is still room for further improvement of network traffic anomaly detection technology in either process mentioned above.In view of this,from the perspective of machine Learning and based on the theory of Learning Automata(LA),this paper further studies the network traffic anomaly detection technology with better performance based on Learning Automata,which have utilized the abilities of self-adaptive learning and searching for optimization in a random environment of Learning Automata.First of all,for performance improvement from the angle of feature selection,encountered with the latent redundancy in complex multidimensional network traffic features,on the basis of feature relevance analysis and the Collaborative LA model built,a Collaborative-LA-based feature optimization selection method is put forward.On this premise,further combined with Support Vector Machine(Support Vector Machine,SVM),an efficient network traffic anomaly detection technology has been formed.Experimental results show that this technique can lower the dimension and the complexity of feature in network traffic anomaly detection,thus effectively enhance the performance of network traffic anomaly detection.Secondly,considering the fact that the classifier utilized in classification of anomaly detection technology usually requires training in advance by samples,and training speed and precision of the large amount of data from overall network both have limitations,anomaly detection performance can be further improved by dividing the whole sample of network traffic into small traffic classes for training.Combine the above words,on the analysis of existing related clustering method based on the classification,with the fact in consideration that LA has good adaptive learning ability,a new LA-based sample data clustering method is put forward in this paper.This method will be one of the foundations of further research work.Experiments demonstrate that this method can perform the clustering task stably for the sample data with different complexity and different attributes,also with good universality.Finally,for performance improvement from the perspective of feature selection,considering anomaly detection methods of better precision and the analysis of classification decision method based on decision tree,from the perspective of simultaneously increasing performance of feature selection and classification,a multi-category hybrid network traffic anomaly detection method is presented in this paper,which combined with feature optimization selection,sample clustering and decision tree.Experimental results show that this method has higher detection accuracy than the anomaly detection method for the whole network traffic.