Network Abnormal Traffic Detection Method Based On Multi-class Support Vector Machine

Network abnormal traffic detection method is an important means to ensure network information security.Accurate and rapid detection of specific abnormal traffic types is essential for maintaining network security.SVM has become a commonly used tool in anomaly detection.However,SVM is mostly used to solve two types of classification problems and cannot identify the specific attack types of abnormal traffic.How to effectively extend it to multi-class classification and use SVM to detect abnormal traffic is an important research problem.Therefore,in view of the above problems,the main research work of this article is as follows.First,this paper specifically analyzes the network traffic generation process and its collection method,and carries out data preprocessing.On this basis,a Filter-Wrapper hybrid feature selection algorithm MIREF is proposed.First,the mutual information algorithm is used to calculate the mutual information coefficient of each feature,and the features that contribute to the classification are screened out.Then,a recursive feature selection algorithm based on random forest is used on the newly generated feature subset,and the features are screened twice,and a combination feature subset with strong discriminative power is selected.Secondly,this article improves the multi-layer classification model based on SVM.Find the center point of each category,calculate the similarity between different center points,and judge the difference of different categories,prioritize the classification of the distinguished categories,and determine the optimal classification order of each category in the multi-layer classification model.Third,based on the improved multi-class support vector machine,this paper constructs a suitable detection model for traffic anomaly detection,and proposes a network traffic anomaly detection algorithm to identify different types of abnormal traffic.This method can improve the classification accuracy of rare classes and provide a unified solution for different detection tasks.Finally,based on the NSL-KDD and UNSW-NB15 datasets,Check the influence of feature selection on detection accuracy and the classification performance of abnormal traffic detection model.At the same time,the method in this paper is compared with other classical methods,and the results are analyzed.