| With the continuous development of network-related technologies,ensuring the network security of data communication networks is becoming more and more challenging.In the face of increasing cyberattacks in recent years,how to quickly detect them has attracted more and more attention from researchers.The performance of traditional network traffic anomaly detection algorithms in detection rate,real-time,and model training automation is difficult to deal with today's frequent and complex network attack behaviors.This paper proposes a LightGBM and Bayesian optimization fusion algorithm for the above three key points,and based on this algorithm,designs and implements a data communication network-oriented network traffic abnormality detection system.The core idea of LightGBM algorithm is to combine multiple weak classifiers into the final strong classifier.It is a collection of multiple fine-grained algorithms,and each sub-algorithm improves the performance of various aspects in a targeted manner.Therefore,the overall efficiency of the algorithm is high,and the detection efficiency and real-time performance are good.However,in actual model training,the algorithm has a high degree of manual participation,and the actual performance is greatly affected by parameter selection,which results in the detection system based on it not being able to automatically and incrementally train the classification model.In order to solve the above problems,this paper combines Bayesian optimization algorithm with LightGBM.Through the function of Bayesian optimization algorithm's excellent automatic optimal hyperparameter combination exploration function,the artificial participation of algorithm model training is reduced to achieve the purpose of automatic model training.The network traffic anomaly detection system designed and implemented based on this algorithm can continuously and incrementally train the classification model,and improve the system's effect of detecting traffic anomalies.Through comparative experiments and simulations,it is proved that the algorithm proposed in this paper is superior to traditional traffic anomaly detection algorithms in terms of detection rate,real-time performance,and degree of automation.The data communication network-oriented network traffic anomaly detection system designed and implemented in this paper consists of a basic service module,a data collection and analysis module,an anomaly analysis and alarm module,and a user management module.The basic service module mainly includes sub-modules such as data persistence,data caching,and logging.It is not the core of the business,but the basis for the normal system work.The data collection and analysis module mainly uses the libpcap function library and related network protocols to collect data packets on network nodes and analyze and extract core information of the data packets.The anomaly analysis and alarm module analyzes the traffic data based on the algorithm proposed in this article and notifies the user of an anomaly by generating an alarm.The user management module designs user permissions and manages user behavior according to requirements.Tests show that the system in this paper can efficiently complete the task of traffic anomaly detection. |
PDF Full Text Request