Research On Network Traffic Anomaly Detection Method Based On Online Feedback

With the rapid development of the Internet,network attack activities are becoming increasingly frequent.Network attacks can seriously affect user experience and network availability,causing significant impacts on network operators and users.Network abnormal traffic refers to network traffic that adversely affects normal network usage.Rapid and efficient detection of abnormal traffic is important for network and security management personnel to investigate network anomalies,maintain normal network operations,and ensure network security.However,traditional machine learning-based network traffic anomaly detection techniques still have many limitations in high-speed and realtime network scenarios,Current network traffic anomaly detection methods rely on expert-designed feature sets.Due to the varied types of attacks,irrelevant features will inevitably be introduced,affecting detection accuracy.At the same time,existing network traffic anomaly detection algorithms can only guarantee high detection accuracy on static datasets and cannot maintain their detection effectiveness in changing network environments.To address these issues,this study proposes a feedback-based online anomaly detection algorithm,which includes two parts:a self-supervised network traffic feature extraction algorithm and a feedback-based online isolation forest.The self-supervised network traffic feature extraction algorithm can extract representative network traffic representations without relying on expert-designed features.The feedbackbased online isolation forest algorithm can use administrator feedback to continuously update the model parameters,allowing the detection system to continuously adapt to changing environments.This study proves that the proposed algorithm can theoretically converge to the optimal solution.Based on the above method,this study implements a prototype system of the proposed algorithm and applies it to the SD-WAN network scenario.It fully utilizes the centralized management concept and edge device programmability of SD-WAN,reducing system management costs.At the same time,the system can also use administrator feedback to update the detection system parameters in real-time,making the system able to adapt to constantly changing network environments.The system is divided into two parts:the controller and the edge device,and can use administrator feedback to update the detection model in real-time.Test results in real network environments show that the system proposed in this study can accurately detect abnormal traffic in the network and improve the recognition accuracy by about 60%compared to existing methods.