Research On Analysis Method For Anomaly Network Traffic Based On Statistical Learning Theory

With the expansion of network size and the increase of application and services provided, the rapid development of the Internet brings us a lot of convenience, and meanwhile it also takes various kinds of security incidents inescapable and presents a great challenge to the network management. Network traffic data analysis, which is the key to determine whether it is normal of the network, can keep the network running well by finding the abnormal network traffic. Therefore, the research on analysis method for anomaly network traffic is very important and significative for the network’s availability, reliability, and quality of service.In this paper, we studied the anomaly network traffic analysis, which is based on statistical learning theory, according to characteristic of the network traffic data. First, the contents and trends of current network study are discussed. We proposed anomaly network traffic classification, identification, analysis method that is based on support vector machine theory. By comparing the advantages and disadvantages of existing traffic analytical technology, the support vector machine has the advantage of good generalization ability and highly accuracy classification for the small sample set. It can solve the difficulties in handling high-dimensional data, the great sample flow demand, and network characteristics of high algorithm complexity issues in the original approach. We expatiated on the principle of the support vector machine theory, discoursed upon the applicability of it in the abnormal flow analysis. Second, we obtained the network traffic by using sniffer technology and solved the problem, such as great impact on the network equipment, storage problems and other issues in the traffic collection process. Third, as flow characteristics, the principle of entropy was demonstrated, as well as the pretreatment method of feature vector. At last, support vector machine was applied to classify the P2P and general network traffic flow, and achieved a good result. By training classifier with cross-combination method, rational kernel parameter was obtained, and discussed affect of adjusting the parameters to the performance of support vector machines.Based on the above-mentioned study, this paper designed the anomaly network traffic analysis system. The overall structure was modular design for achieving network data processing, feature extraction, data training, classification and other functions. It provided an important basis for decision making in network management.