Research And Implementation Of Network Abnormal Behavior Detection Method Based On Deep Forest

With the rapid development of science and technology,the scale of the Internet continues to expand,and the number of Internet users is increasing.How to protect users' information security has always been a problem worthy of in-depth study in the field of network security.Network abnormal behavior detection can discover unknown attack behavior at an early stage,and can provide important technical support for network situational awareness.In recent years,it has received more and more attention.In an open network environment,the obtained network behavior data has the characteristics of low availability,high redundancy,and multi-source heterogeneity.In the context of the increasingly complex network environment,how to efficiently study and study the original network behavior data Using and improving the accuracy of detection is the key to network abnormal behavior detection.Therefore,this paper mainly studies the problem of abnormal detection of network behavior in the real-time network environment,and the main work is as follows:(1)In the real-time network environment,the characteristics of network behavior data are low quality,large scale,and multi-source heterogeneity.This article first preprocesses and formats the data.Its purpose is to store the network behavior data in a directly usable data format.,To facilitate subsequent operations and algorithm learning.The main steps of data preprocessing include data cutting,data cleaning,format conversion,data standardization and normalization.(2)Aiming at the problem of low accuracy of traditional network abnormal behavior detection,this paper proposes a network abnormal behavior detection model based on deep forest algorithm.The model uses the Deep Forest algorithm to scan the original data through multi-granularity scanning to improve the ability of representation learning.In this process,in order to find the hyperparameters that make the algorithm have the best performance,this paper uses K-fold cross-validation to adjust the model.excellent.Then it deeply analyzes each classifier of the deep forest algorithm,researches its performance characteristics,and finds the classifier combination with better overall performance through experiments.The experimental results show that the accuracy of the model on the collected real data and other data sets,regardless of the number and size of the training set,is above 99.8%;and the deep forest and traditional clustering algorithm are used to convolve the neural network and support Compared with the vector machine,it is found that the accuracy and overall performance of the deep forest algorithm model are better than other algorithms.(3)In response to the user's demand for network abnormal behavior detection in a real-time network environment,this paper designs and implements a network abnormal behavior detection system based on the deep forest algorithm.The system is divided into a data acquisition module,a data conversion module,a rule editing module,an anomaly detection module and a detection result visualization module.Among them,the data collection module uses Wireshark software to obtain the original network behavior data from the real network environment and store it;the data preprocessing module converts the obtained original data into the data format required by the algorithm;the rule editing module detects and obtains according to the rules entered by the user Whether the network behavior data contains abnormal behavior;the abnormal detection module uses the deep forest algorithm to monitor the user's network environment in real time.Once the abnormal behavior is detected,the system sends a warning message to the user;finally,the system provides a visual platform for the detection results and other Visual display of functional modules.