Research On Network Traffic Anomaly Detection Technology Based On Machine Learning

In recent years,network attacks are becoming more and more complex and diverse.The existing network attack detection methods face many challenges.The application of machine learning provides the possibility to improve the effect of network attack detection.Therefore,the research on network anomaly detection technology based on machine learning is of great significance.Based on the research of machine learning,this paper proposes two different network traffic anomaly detection algorithms according to different scenarios,using supervised learning and unsupervised learning respectively.The main work and achievements are as follows:(1)For the application scenarios that can collect a large amount of network traffic data and mark it,this paper proposes a network traffic anomaly detection algorithm based on classifier selection weighted voting ensemble learning(cs-wv ensemble learning)model.Firstly,the model improves the difference measurement method,and proposes a classifier selection algorithm according to the improved difference measurement method.The algorithm selects the base classifier suitable for ensemble learning from the candidate classifiers according to the prediction accuracy of each base classifier and the difference between base classifiers;Then the weighted voting algorithm is improved,the accuracy of each base classifier is taken as the weight,and the three base classifiers(logistic regression,K neighbors,decision tree)selected by the classifier selection algorithm are weighted voting integrated,and the category with the highest score is the final result of ensemble learning.The experimental results show that the accuracy,precision,recall and F1 score of cs-wv ensemble learning model proposed in this paper are 98.87%,98.69%,93.54% and 96.05% respectively,and the AUC value is 0.97.Compared with other algorithms,it significantly improves the accuracy of anomaly detection and reduces the false positive rate.(2)Aiming at the application scenario with a large number of unmarked network traffic data,this paper proposes an improved k-means network traffic anomaly detection model based on genetic algorithm.Firstly,the model improves the genetic algorithm,in which the selection algorithm uses the combination of elite retention strategy and secondary selection,and improves the crossover probability and mutation probability to make it change adaptively according to the fitness value;Then the genetic algorithm is combined with the k-means algorithm,so that the k-means algorithm can automatically determine the K value and the clustering center of each cluster in the iterative process,without determining the K value before training,and the output of the clustering result is taken as the result of anomaly detection.The experimental results show that the accuracy,precision,recall and F1 score of the improved k-means model based on genetic algorithm proposed in this paper on cic-ids-2017 data set are 93.522%,95.438%,97.548 and F1 score are 96.481% respectively.Compared with other unsupervised algorithms,it significantly improves the accuracy of anomaly detection and reduces the false positive rate.