Anomaly Detection In Application Delivery Networks Based On Isolated Forest And Improved X-means

With the rapid development of technologies such as cloud computing and big data,the number of applications and the scale of network traffic data are growing,and more and more users are using Application Delivery Networking(ADN)technology to improve the availability and security of business applications.Network traffic anomaly detection,as an important functional module in ADN,can guarantee the security and stability of business applications.However,due to the explosive growth of data and the lack of sufficient labeled data,the current commonly used anomaly detection algorithms cannot be well integrated with ADN.Therefore,this paper proposes two unsupervised network traffic anomaly detection algorithms and constructs an ADN-based network traffic anomaly detection model for further improving the anomaly detection function of ADN.The main research work of this paper contains the following two aspects.First,the anomaly detection algorithm CFO-KM based on Central Force Optimization(CFO)and K-means is proposed.The algorithm improves the clustering center update of K-means algorithm by using the global optimization search capability of CFO algorithm,enhances the global search capability of K-means algorithm,and improves the performance of K-means algorithm in anomaly detection.Second,we propose CFO-XM-i Forest,an anomaly detection algorithm based on Isolation Forest(i Forest)and improved X-means.firstly,based on the CFO-KM algorithm proposed in the first stage,we optimize the X-means algorithm to further enhance the global search capability of the X-means algorithm.Then,for the problem of large data volume and insufficient data with labels,the i Forest algorithm is chosen to detect anomalies in network traffic data and calculate the standard Euclidean distance between the anomalies and the clustering centers corresponding to normal clusters based on the detection results.Finally,in order to reduce the impact of the anomaly ratio on the performance of the i Forest algorithm,the calculated standard Euclidean distance values are clustered by using the improved X-means algorithm to achieve further screening of the anomaly data.This paper also constructs an ADN-based network traffic anomaly detection model with the CFO-XM-i Forest algorithm as the core to ensure the high performance and high availability of the algorithm in the actual ADN-based network.In this paper,experiments on CFO-KM algorithm,K-means algorithm,CFO-XMi Forest algorithm and seven other mainstream anomaly detection algorithms are conducted on eight data sets.The experimental results show that the CFO-KM algorithm outperforms the traditional K-means algorithm in all metrics,the CFO-XM-i Forest algorithm has superior performance compared with all other algorithms including the CFO-KM algorithm,and can be better applied to ADN-based network traffic anomaly detection.