计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (6A): 230700051-5.doi: 10.11896/jsjkx.230700051

• 信息安全 • 上一篇    下一篇

基于机器学习的异常流量检测模型优化研究

陈向效, 崔鑫, 杜秦, 唐浩耀   

  1. 山东理工大学计算机科学与技术学院 山东 淄博 255000
  • 发布日期:2024-06-06
  • 通讯作者: 崔鑫(cx@sdut.cn)
  • 作者简介:(651477787@qq.com)
  • 基金资助:
    下一代互联网技术项目(NGII2019110)

Study on Optimization of Abnormal Traffic Detection Model Based on Machine Learning

CHEN Xiangxiao, CUI Xin, DU Qin, TANG Haoyao   

  1. College of Computer Science and Technology,Shandong University of Technology,Zibo,Shandong 255000,China
  • Published:2024-06-06
  • About author:CHEN Xiangxiao,born in 1983,postgraduate.His main research interests include network security and so on.
    CUI Xin,born in 1972,Ph.D,professor.Her main research interests include next-generation internet technology,network security,network big data and wireless sensor network.
  • Supported by:
    Next Generation Internet Technology Project (NGII2019110).

PDF (PC)

370

摘要: 在软件定义网络(Software Defined Network,SDN)中,异常流量检测方法在实践中存在一些问题,主要体现在误报率高和虚警频繁等方面。为了应对网络中的异常流量攻击,研究人员开始探索机器学习异常流量检测方法。然而,机器学习方法面临着数据集庞大和数据维度高等挑战,这些因素影响了机器学习的效率和准确率,因此需要进行数据降维处理。主成分分析算法(Principal Component Analysis,PCA)作为基于线性变换的降维算法,存在一定的局限性,无法有效估计主成分。为了解决该问题,文中提出了一种改进的降维算法,即聚类高斯核主成分分析(C-means Gaussian Kernel Principal Component Analysis,CGKPCA),它扩展了非线性变换的能力。同时,还针对分类模型进行了改进,提出了改进的堆叠分类模型(Support Vector Machine Stacking,SVMS)。为了验证所提方法的有效性,文中使用开源数据集KDDCPU99和UNSW-NB15进行了实验。实验结果表明,所提出的二分类检测模型在性能指标上明显领先于其他模型。

关键词: 软件定义网络, 机器学习, 堆叠模型, 异常流量检测, 聚类高斯核主成分分析

Abstract: Anomaly traffic detection methods in software defined network(SDN) have some problems in practice,such as high false alarm rate and frequent false alarms.In response to abnormal traffic attacks in the network,researchers have started to explore machine learning methods for abnormal traffic detection.However,machine learning methods face the challenges of large data sets and high data dimensionality,which affect the efficiency and accuracy of its performance,and thus require data reduction processing.Principal component analysis(PCA),as a linear transformation-based downscale algorithm,has certain limitations and cannot effectively estimate the principal components.To overcome this challenge,this paper proposes an improved dimensionality reduction algorithm,namely C-means Gaussian kernel principal component analysis(CGKPCA),which extend the capability of non-linear transformation.Also,this paper improves on the classification model by proposing an improved stacking model SVMS(support vector machine stacking).To validate the effectiveness of the proposed algorithms,experimental validation is conducted using the open source datasets KDDCPU99 and UNSW-NB15.The testing results indicate that the binary classification detection model proposed in this paper is significantly ahead of other models in terms of performance metrics.

Key words: Software defined network, Machine learning, Stacking model, Abnormal traffic detection, CGKPCA

中图分类号: 

  • TP393
[1]China Internet Network Information Center Releases the 51stStatistical Report on the Development Status of the Internet in China[J].National Library Journal,2023,32(2):39.
[2]ZHANG Y,CUI L,WANG W,et al.A survey on software defined networking with multiple controllers[J].Journal of Network and Computer Applications,2018,103:101-118.
[3]LU J,ZHANG Z,HU T,et al.A Survey of Controller Place-ment Problem in Software in Software-Defined Networking[J].IEEE Access,2019,7:24290-24307.
[4]LI H T,WANG R M,DONG W Y,et al.A GRU-based method for semi-supervised network traffic anomaly detection[J].Computer Science,2023,50(3):380-390.
[5]LI X,ZHANG X,ZHANG P,et al.Fault data detection of traffic detector based on wavelet packet in the residual subspace associated with PCA[J].Applied Sciences,2019,9(17):3491.
[6]WANG Y G,SHU Z Y,TIAN X.Incremental Kernel principle components subspace inference with mystrom approximation for Bayesian deep learning[J].IEEE Access,2021(9):36241-36251.
[7]ZHANG Z F,WANG L M.Research on network intrusion detection algorithms based on machine learning[J].Computer Applications and Software,2022,39(10):336-343.
[8]AL-FAWA’REH M,AL-FAYOUMI M,NASHWAN S,et al.Cyber threat intelligence using PCA-DNN model to detect abnormal network behavior[J].Egyptian Informatics Journal,2022,23(2):173-185.
[9]MOHAMMADI M,RASHID T A,KARIM S H T,et al.Acomprehensive survey and taxonomy of the SVM-based intrusion detection systems[J].Journal of Network and Computer Applications,2021,178:102983.
[10]KHOEI T T,AISSOU G,HU W C,et al.Ensemble learningmethods for anomaly intrusion detection system in smart grid[C]//2021 IEEE International Conference on Electro Information Technology(EIT).IEEE,2021:129-135.
[11]ISLAM F B,NWAKANMA C I,LEE J M,et al.Enhancing Malicious Activity Classification of IoT Network Traffic Characteristics using Stacked Ensemble Learning[C]//2021 26th IEEE International Conference on Emerging Technologies and Factory Automation(ETFA).IEEE,2021:1-4.
[12]LI Q Y,XINGH J.KPCA Anomaly Detection Method Based on Maximum Correlation Entropy[J].Computer Science,2022,49(8):267-272.
[13]PENG Y,FENG S,JIA S,et al.Research on satellite anomaly detection method based on PCA-DNMFSC[J].Computer Simulation,2023,40(1):48-52,142.
[14]ZHUANG H,WENG Z,HE R,et al.GKEAL:Gaussian Kernel Embedded Analytic Learning for Few-Shot Class Incremental Task[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition.2023:7746-7755.
[15]ZHAO Y,YI P,ZHANG Z,et al.Anomaly detection method for SDN network edge switch[J].Computer Science,2023,50(1):362-372.
[16]HONG S S,LEE E,KIM H.An Advanced Fitness Function Optimization Algorithm for Anomaly Intrusion Detection Using Feature Selection[J].Applied Sciences,2023,13(8):4958-4985.
[17]ALMAIAH M A,ALMOMANI O,ALSAAIDAH A,et al.Performance Investigation of Principal Component Analysis for Intrusion Detection System Using Different Support Vector Machine Kernels[J].Electronics,2022,11(21):3571-3586.
[18]SINGH C E,VIGILA S M C.Fuzzy based intrusion detectionsystem in MANET[J].Measurement:Sensors,2023,26:100578.
[19]RAJAGOPAL S,KUNDAPUR P P,HAREESHA K S.A stacking ensemble for network intrusion detection using heterogeneous datasets[J].Security and Communication Networks,2020,2020:1-9.
[20]DO XUAN C,THANH H,LAMN T.Optimization of network traffic anomaly detection using machine learning[J].International Journal of Electrical & Computer Engineering(2088-8708),2021,11(3):2360-2370.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发