基于改进极端随机树的异常网络流量分类

Abnormal Network Traffic Classification Based on Improved Extremely Random Tree

为更有效地识别网络流量中少量的异常流量样本,提出一种基于改进极端随机树的异常流量分类方法。计算数据中每个特征的信息增益率,获得较低维度的特征集。在此基础上,使用随机训练方法训练分类模型,对一部分基分类器使用全部样本进行训练,对另一部分则使用经过重采样的数据进行训练,并使用加权统计的方法修改其最后的投票规则。实验结果表明,该方法在NSL-KDD数据集上可达到0. 995 6的精确率,与ET和RF集成分类算法相比,其在数据样本较少的类别上分类效果更好。

In order to identify a small number of abnormal traffic samples in network traffic more effectively,an abnormal traffic classification method based on improved extremely random trees is proposed in this paper.The information gain rate of each feature in the data is calculated and the feature set of lower dimensions is obtained.On this basis,the classification model is trained with the use of random training method.For parts of the base classifiers,all training samples are used,and for the others,they are trained with the resampling data.At the same time,the weighted statistical method is used to modify the final voting rules for those base classifiers using the resampling data.Experimental results show that the proposed method can achieve the accurate rate of 0.995 6 on the NSL-KDD data sets.Meanwhile,compared with other ensemble classification algorithms such as ET and RF,this method obtains better classification results when dealing with fewer data samples.