Open AccessMulti Feature Selection based Network Traffic Anomaly Detection MethodOpen Access
journal of physics
In this paper, a method is proposed to solve the difficult problem of the training model and the dynamic variability of the deployment environment. Firstly, the network traffic data is converted into numerical value and projected onto histograms of different dimensions to construct detection vectors. Based on the detection vector, some kinds of classifiers are compared. SVDD, which can handle high-dimensional data and has strong generalization ability, is chosen for anomaly detection. Secondly, in order to improve the true positive rate of detection and reduce training time, the classifier is trained continuously and trying various different combinations of features. Finally, a multi-step correlation detection algorithm is adopted to optimize the detection accuracy, and obvious abnormal samples are eliminated from the newly added samples, reducing the training cost and improving the classification accuracy. Through experiments based on a large amount of real network traffic data, the result demonstrate that the proposed method has higher accuracy and lower false alarm rate, and can effectively reduce the training cost.
Subject(s)anomaly detection , artificial intelligence , classifier (uml) , computer science , constant false alarm rate , data mining , feature selection , pattern recognition (psychology) , support vector machine
SCImago Journal Rank0.21
Seeing content that should not be on Zendy? Contact us.