Research On Abnormal Network Traffic Detection Based On Improved Fuzzy Clustering

Nowadays Internet technology brings convenience,but also brings a series of problems such as ransomware fraud,data leakage,and hacker attacks.In response to these problems,abnormal network traffic detection can detect abnormality in time and provide early warning.While existing supervised learning and semi-supervised learning network abnormal traffic detection technologies need to acquire data labels at a high cost,and cannot identify unknown attacks,while unsupervised methods are sensitive to the influence of noise,and the detection effect varies greatly with different application scenarios.Therefore,this thesis introduces fuzzy theory and combines it with unsupervised methods to improve the accuracy of network abnormal traffic detection and enhance its robustness.It provides a new idea for the field of unsupervised learning abnormal traffic detection,that is,using fuzzy theory to improve the accuracy from the characteristics of the data itself.The main research contents are as follows:(1)The traditional unsupervised method K-means is sensitive to outliers and noise points,which leads to the low accuracy of network abnormal traffic detection.Aiming at this problem,this thesis proposes a network abnormal traffic detection model based on K-means and fuzzy theory active learning method(ALM).The model first starts from the traffic characteristics,and uses variance,Pearson coefficient and LightGBM to extract features to obtain a concise but effective feature set.Then,the fuzzy theory ALM is introduced.The characteristics of the data itself,such as the distribution,density and shape,are taken into account into the model,to fuzzify the classification results of the traditional method K-means.Finally,a new detection result is obtained after defuzzification.This thesis selects the CICDDoS2019 dataset for experimental analysis,and compares the model with the other six methods,which proves that the model has higher accuracy and better generalization effect.(2)To further verify the effectiveness and generalization ability of the proposed model,this thesis applies it to an actual social network.In the detection of abnormal traffic in social networks,the influence of different users is diverse,which will lead to inconsistent scope of influence after user accounts become abnormal.In view of this characteristic,this thesis proposes a social network abnormal traffic detection model that combines K-means and weighted active learning methods.Firstly,the model applies principal component analysis and other methods to process feature;Next,the weighted active learning method is used to carry out fuzzy modeling.Starting from the characteristics of social network users,by quantifying their influence,and the method is applied in the fuzzy step of the active learning method,which is used as a weight value,so as to closer to reality;Finally,defuzzification is performed to detect abnormal traffic.This thesis conducts experiments on the collected microblog data and compares it with the other six methods,showing that the model has better detection effect.