Research On Network Traffic Anomaly Detection Based On KNN Algorithm

With the rapid development and widespread application of Internet technologies,people's lives and work are increasingly dependent on the Internet.However,due to the diversification and complexity of network anomaly attacks,network devices are subject to various abnormal attacks.The network data flow anomaly detection technology is fast,accurate and comprehensive identification and protection before the network equipment is attacked,which has great practical significance for ensuring the security of the information system.The core idea of anomaly detection in network data flow is to classify normal data and anomaly data using anomaly detection algorithm.Aiming at the status of anomaly detection of network data flow,this paper summarizes in detail the anomaly detection of network data flow using text categorization method,systematically analyses the classical text categorization algorithm-KNN(K-Nearest Neighbor)algorithm,optimizes and improves its shortcomings,designs an anomaly detection system of network data flow,and proposes using KNN algorithm to detect network traffic in anomaly detection system.Types are classified and identified,and the experimental simulation is completed with MATLAB.The experimental results show that the improved algorithm can effectively identify the types of network attacks and improve the detection efficiency of network data flow anomalies.The main contents are as follows:(1)Improved KNN algorithm.The principle of network traffic anomaly detection based on KNN algorithm is analyzed systematically.The algorithm is improved and the improved KNN is optimized for the disadvantages of large computational complexity,slow classification speed and no optimization after clustering.The algorithm is used for anomaly detection.The simulation experiment scheme of KNN algorithm is designed to verify the correctness and effectiveness of the improved algorithm.The simulation results show that the improved algorithm has less computational complexity and higher accuracy than KNN algorithm.(2)The network traffic anomaly detection system is designed.The system uses Flume to collect data.The collected data is stored in Kafka.The Storm platform implements data analysis and processing,and completes the function and implementation of the system structure module.Taking the network anomaly attack DDOS as an example,the wireshark captures the packet,the information entropy calculates the purity of the collected data,and the network data flow anomaly detection based on the improved algorithm is implemented on the Storm platform.The network data flow anomaly detection method based on the improved KNN algorithm studied in this paper has been greatly improved in terms of false alarm rate,missed detection number and detection rate through simulation experiments and system simulation verification,and has certain research value.