Research On Network Traffic Classification Based On Machine Learning

With the rapid development of the Internet and the increase in the number of users,the amount of network traffic continues to increase,and the Internet environment is becoming increasingly complex.To meet the needs of network management and network security,the importance of researching network traffic classification technology has become more and more prominent.However,traditional traffic classification methods can no longer adapt to the development trend of the modern Internet.With the vigorous development of the field of artificial intelligence,more and more researchers have begun to apply machine learning techniques to the research of network traffic classification methods.Although many studies have made valuable contributions to the field of network traf-fic classification,there are still certain problems.In a real network environment,it is very time-consuming and expensive to obtain a large number of correct data labels,and algo-rithms based on supervised learning rely on labeled training sets.Once the labeled data is insufficient or the samples are migrated,the classification performance will decrease.In addition,when faced with the challenging network traffic classification problem of in-trusion detection,misuse-based intrusion detection methods cannot detect new types of attacks,and anomaly-based intrusion detection methods have a high false detection rate.And many intrusion detection researches only classify traffic,but not classify specific at-tack types.In order to solve these network traffic classification problems,the main works of this article are as follows:(1)Aiming at the problem of insufficient labeled data or Covariate Shift in network traffic,this paper proposes a hierarchical classification algorithm based on FCM(HCA-FCM),and designs a two-layer classification mechanism that combines the basic classi-fication layer and the decision-making layer.The base classification layer builds base classifiers with the FCM algorithm,and improves the classification performance by inte-grating a series of weak base classifiers,and avoids the dependence of supervised learning on training data;the decision layer uses a small amount of labeled data to make the final decision,Which reduces the cost of model training while realizing fast and effective clas-sification.Experimental results show that this algorithm performs well on imbalanced data sets,especially in the classification effect of small classes.Moreover,this algorithm has the characteristics of modularization,free expansion,and fast retraining,which is suitable for processing this generation of traffic.(2)Aiming at the respective problems of misuse detection and anomaly detection,this paper proposes a network traffic intrusion detection framework based on HCA-FCM and update mechanism.This framework combines misuse-based and anomaly-based detec-tion ideas.First,this paper uses the misuse detection idea to detect known attacks,which uses the HCA-FCM algorithm to classify the attacks in detail.Then,combined with the Calinski-Harabasz coefficient,an update mechanism based on the idea of anomaly de-tection is proposed,so that this framework has the ability to detect unknown attacks.In addition,an improved cluster-based tag propagation algorithm is designed to automate tag propagation,saving data tag costs and assisting the system to update the learning of existing network traffic.Finally,by using the data set reflecting the current network envi-ronment trend to conduct simulation experiments,it proves that the framework proposed in this paper has higher credibility and accuracy than other studies.