Open AccessMulti Feature Selection based Network Traffic Anomaly Detection Method
Author(s) -
Rui Wang,
Jiabin Fang,
Zhiye Yang,
Haiwei Li
Publication year - 2019
Publication title -
journal of physics. conference series
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.21
H-Index - 85
eISSN - 1742-6596
pISSN - 1742-6588
DOI - 10.1088/1742-6596/1288/1/012003
Subject(s) - computer science , anomaly detection , support vector machine , artificial intelligence , constant false alarm rate , feature selection , pattern recognition (psychology) , data mining , classifier (uml) , software deployment , operating system
In this paper, a method is proposed to solve the difficult problem of the training model and the dynamic variability of the deployment environment. Firstly, the network traffic data is converted into numerical value and projected onto histograms of different dimensions to construct detection vectors. Based on the detection vector, some kinds of classifiers are compared. SVDD, which can handle high-dimensional data and has strong generalization ability, is chosen for anomaly detection. Secondly, in order to improve the true positive rate of detection and reduce training time, the classifier is trained continuously and trying various different combinations of features. Finally, a multi-step correlation detection algorithm is adopted to optimize the detection accuracy, and obvious abnormal samples are eliminated from the newly added samples, reducing the training cost and improving the classification accuracy. Through experiments based on a large amount of real network traffic data, the result demonstrate that the proposed method has higher accuracy and lower false alarm rate, and can effectively reduce the training cost.