Research And Implementation Of Network Traffic Detection System Based On Multiple Random Projections And EM

With the rapid development of the Internet and the comprehensive popularization of network applications,the whole society has completely entered the Internet era.But at the same time,Cybersecurity is being threatened by various serious problems.Network worldwide is being frequently attacked,and massive network security problems occur from time to time,which seriously threatens the normal operation of the Internet and the security of important information.And the occurrence of network security accidents.In recent years,with the rapid development of network technology,all kinds of network applications have been developed and popularized in continuously.People all over the world have been enjoying the convenience brought by the Internet.However,the network is also facing major threats on the other hand.If the hidden danger of network security cannot be effectively prevented,information security and daily needs of network users worldwide cannot be effectively guaranteed.As an important component of network communication,network traffic can fully reflect the security problems and hidden dangers of the network.Therefore,in order to ensure the security and stability of the network environment,it is of great significance to detect the abnormal traffic accurately and efficiently.The main research object of this paper is abnormal traffic detection.After the research and comparison of the traditional abnormal traffic detection algorithm,an abnormal traffic detection model based on the combination of random projection and clustering algorithm is proposed based on the network traffic characteristics,in which the random projection is used to optimize the data dimensionality reduction required by the clustering algorithm,and the performance of the detection and calculation method is optimized based on the improved EM algorithm.Finally,based on the optimized anomaly detection model of the two methods,an anomaly detection system is designed to provide a strong guarantee for the network communication security.The main work of this paper is as follows:1.Through the investigation and analysis of the format and characteristics of network traffic,multi-dimensional features are extracted from the statistical attribute level of traffic packets for anomaly detection.Through the study of existing dimensionality reduction methods,the random projection method is used to preprocess and dimensionality reduction of the measured data,so as to optimize the detection ability of the algorithm.Finally,the experiment results show that the method can improve the accuracy of the detection algorithm.2.Through the research of abnormal traffic detection of clustering algorithm,aiming at the problem of poor detection efficiency when the existing algorithm is faced with large amount of data missing information,an improved expectation-maximization algorithm is proposed,which can improve the stability of detection and optimize the performance of detection model.By selecting the parameters and setting the experiment,we get the conclusion that the improved algorithm has higher accuracy,lower false alarm rate and better detection performance.3.Having designed and implemented the abnormal flow detection system,applying the improved detection method to the abnormal flow detection system,and realize the static detection based on blacklist test and model detection for the measured flow.At last,the performance and function of the system are tested by selecting parameters and setting experiments.Through the test of the system,it is verified that the detection scheme in this paper can effectively improve the detection rate of abnormal traffic,and provide the protection ability for the network environment.