Research On Abnormal Network Traffic Detection Methods Based On Machine Learning

Network traffic is an important carrier of network information,and by detecting abnormalities in network traffic,attacks can be effectively identified to provide information support for subsequent defense.Nowadays,network traffic is characterized by large data scale and high feature dimensionality with the complexity of applications and scenarios.To improve the accuracy of detection and reduce time overhead,feature selection of network traffic is a necessary task,and traditional feature selection methods require traversing feasible solutions or random search,which is difficult to guarantee both time overhead and quality of solution.Machine learning techniques are widely used in network traffic anomaly detection problems,but each classifier has its own characteristics,and detection models based on individual classifiers are prone to the problem of poor classification capability.This thesis proposes a improved feature selection algorithm based on CSA to solve these problems,which uses heuristic search instead of random search to select the optimal subset of features.An traffic anomaly detection framework is designed in this thesis based on dynamic weight voting,which utilizes the idea of ensemble learning and combines the results of multiple classifiers to form a classifier with better detection effect.The feature selection algorithm is proposed in this thesis based on improved crow search(ICSA)which introduces the concept of population in CSA to better simulate the process of crow foraging.The algorithm searches through the crow in the feature space,where each position can be mapped to a subset of features by a transfer function,and the search process evaluates the performance of the features of current position using the fitness function.The fitness which is determined by the performance of classification models such as SVM and decision trees and the number of features selected.This search algorithm balances the global and local search process by simulating the search of crows inside and outside the group.CSA is easy to fall into local optimum,proposed method overcomes this problem and improves the quality of feature subsets.The anomaly detection framework based on dynamic weight voting proposed in this thesis combines several different classifiers,trains the classifiers with the dataset after feature selection and assigns them weights,adjusts the weights of each classifier by combining the dataset obtained by Borderline SMOTE sampling of Tomek Links,and finally combines the outputs of the classifiers according to the different weights.Experimental results of the anomalous traffic detection framework with Improved Crow Search-Dynamic Weight Voting(ICSA-DWV)on the UNSW-NB15 and CIC-IDS2017 datasets show that the proposed FS method reduces the feature dimensionality and the time overhead of detection effectively,and the ensemble classifier classifies better than a single classifier,which effectively improves the detection accuracy.