Network Traffic Anomaly Detection Method Based On Combined Learning

Intrusion detection has always been a hot topic in the direction of network security,and abnormal network traffic detection is an important tool that constitutes an intrusion detection system.In order to solve the problems of high dimensionality of abnormal traffic and outliers easily causing over-fitting of the classification model and ignoring the rich semantic structure contained in the language text in the abnormal traffic,the main research of this paper is as follows:First,to solve the problem of too high network traffic dimension,a forward feature selection algorithm based on information gain rate is proposed.The greedy strategy is used to designate the solution to the problem of difficult selection of candidate feature subsets as calculating the information gain of each feature in the traffic record.It also contributed to improving the quality of data.Secondly,in view of the problem that outliers seriously affect the classification accuracy of the classification algorithm,an outlier detection based on the combination of spatial clustering and nearest neighbor density is proposed.The difference between outliers and normal sample points is comprehensively analyzed through Kmeans clustering and Vnearest neighbor distribution density to eliminate outliers and reduce the influence of outliers on the overfitting of the support vector machine.Then for the selection of classifier parameters,the GA-SVM classification algorithm is proposed.By encoding,initializing the population,calculating the fitness of individuals in the population,selection,crossover,and mutation,the optimal combination of parameter values is obtained to further improve the accuracy of detecting abnormal traffic classification.Thirdly,the data preprocessing method for all non-numerical features ignores the problem of implicit laws in text data,and proposes a PSO-DT classification algorithm based on text data feature extraction.In the feature selection stage,the text data is flattened using the ratio of vowel letters,the number of unique letters and the Jarcard coefficient,and then filtered and divided into blocks to obtain the most distinguishable features;the particle swarm algorithm is used to optimize the parameters of the decision tree in the training stage,And finally get the optimal parameter value.Finally,through the use of machine learning tool libraries such as Scikit-learn in the Python language,the NSL-KDD dataset and the 360 netlab open dataset are used to experiment with the proposed algorithm.The experimental results show that the combined learning network abnormal traffic detection algorithm can effectively complete the classification of network abnormal traffic.The decision tree parameter optimization algorithm based on text features can efficiently classify DNS traffic.