| The continuous popularization of Internet technology brings convenience to people as well as challenges.Due to the frequent occurrence of network security incidents,it is urgent to build an efficient traffic anomaly detection model and apply it to the network security field to solve network intrusion problems.The samples of network traffic data are not only diverse in variety and huge amount of data,but also suffer from data imbalance and high feature dimensions.In order to solve the above problems,the work of the paper is as follows.First of all,this paper adopts the Boderline-SMOTE minority data synthesis method to solve the problem of data imbalance in the network traffic data set.In the network traffic data,the number of various network attack categories is very different,and it is easy to cause over-fitting problems in the training process of the model.The Boderline-SMOTE method synthesizes the data of the minority at the boundary of the minority to realize the balance of the data.Secondly,this paper integrates Relief F algorithm and genetic algorithm(GA)algorithm,and proposes a dual feature selection method based on Relief F-GA to solve the problem of high feature dimension of network traffic data.In this method,Relief F algorithm is used to assign different weights to features according to the correlation of each feature and category.The features are sorted according to the weights,and the top K features in the ranking of weight values are selected as feature subsets.However,Relief F algorithm only considers the correlation between features and categories,but does not consider the redundancy between features.In order to solve the redundancy problem between features,a feature selection method based on genetic algorithm is used to screen out the optimal feature subset for each network behavior.Third,this paper proposes the network traffic anomaly detection model BRG-FLGBM,using the light GBM algorithm FL-light GBM optimized by the focus loss function(Focalloss)as a multi-classifier,so that the model BRG-FLGBM continuously adjusts the weight of the network traffic data during the training process,so that The model pays more attention to difficult samples during the training process.At the same time,the Bayesian optimization algorithm is used to automatically adjust the parameters of the light GBM model to improve the accuracy of the model.Finally,a network traffic anomaly detection simulation experiment was performed on the NSL-KDD data set,and the experimental results were compared with the existing network traffic anomaly detection model.The experimental results proved the efficiency of the proposed model in network traffic anomaly detection. |
PDF Full Text Request