Research On Web Abnormal Traffic Detection Method Based On Data Mining Technology

Web abnormal traffic detection is an important research direction in the field of network security.Analyzing web abnormal traffic data can realize network security warning,which is of great significance in resisting unknown attack behaviors and maintaining the normal operation of network systems.At present,data mining technology is widely used in network abnormal traffic detection,but there is still room for improvement in the following three issues:(1)Network abnormal traffic detection requires high real-time performance,and the traditional machine learning method is difficult to deal with quickly.(2)The normal and abnormal data in web traffic data,which are seriously unbalanced,cannot be effectively processed by traditional machine learning methods.(3)Network traffic data has inherent high-dimensional characteristics and cannot be directly used by traditional machine learning methods.It is necessary to find suitable low-dimensional representations of data.Therefore,the abnormal traffic detection model based on traditional machine learning has disadvantages of low detection accuracy and high false alarm rate.Aiming at the above problems,this paper takes web abnormal traffic as the research object and uses public network security traffic data sets as simulation experimental data.The main research contents are listed as follows:(1)A dynamic web abnormal traffic detection model based on model update is proposed according to the requirements of real-time detection.After data preprocessing,supervised learning is firstly used for training classification,then semi-supervised learning is used to verify and correct the results,and finally the KNN algorithm is improved to achieve model iterative update so that the detection model can adapt to the dynamically changing network environment.Experimental results show that the model has improved detection rate by 0.38% and reduced false alarm rate by 0.21% compared with traditional detection methods.So the model has better adaptability.(2)A web abnormal traffic detection model based on data generation is proposed according to the problem of data imbalance.The traditional data generation method only performs linear interpolation in space and cannot accurately belong to the category of the generated sample.The paper converts the original traffic data into traffic graph,uses the pre-trained VGG19 model to judge the traffic graph generated in the WGAN network,and adds the false alarm rate to the loss of the generator to optimize the unbalanced data.Experimental results show that the detection rate of normal and abnormal traffic has reached 99.15% and 99.14% with the image processing method.So the model has good detection effect.(3)A web abnormal traffic detection model based on high-dimensional feature is proposed according to the high-dimensional and sparse characteristics of data.There are similar and irrelevant features in the data.This paper uses heuristic algorithm(GA)to search for the optimal feature subset to achieve effective feature selection,uses DVAE algorithm to compress each feature subset to achieve the effect of feature enhancement and dimensionality reduction and combines with OCSVM algorithm for abnormal detection.Experimental results show that the model has a great improvement in each evaluation index.(4)On the basis of the abovementioned researsh,this paper designs and implements a web abnormal traffic detection platform based on data mining technology.The system mainly includes data collection,data analysis,data extraction and abnormal detection modules.Besides,this paper verifies the feasibility of abovementioned models by simulating DDo S attacks.Experimental results show that this system has good practical detection value.