摘要
为提高细粒度网络流量异常检测准确率,提出一种基于特征选择的串并行相结合的网络流量异常检测方法。该方法提出异常流量粗粒度检测、异常流量类型细粒度检测两级结构,针对每类流量的特点分别选择最优特征集进行异常检测,以提高检测准确率。首先使用一个二分类器对网络流量进行粗粒度检测,以快速区分正常和异常流量;然后采用多个二分类器并行检测与单个多分类器检测相结合的方式识别异常流量所属类型,避免串行检测方式错误累积效应,在提高检测准确率的同时缩短检测时间;最后基于Storm平台使用NSL-KDD数据集进行实验验证。结果表明该方法检测准确率较高,有效提高了对各类异常流量的检测精准率、召回率。
In order to increase the detection accuracy of fine-grained network traffic anomaly detection,a network traffic anomaly detection method combining serial and parallel processing based on feature selection is proposed.To improve the detection accuracy,the method proposes a two-level structure of abnormal traffic coarse-grained detection and abnormal traffic type fine-grained detection,which could select the best feature set of each type of traffic for anomaly detection according to their characteristics.Firstly,it uses a binary classifier for coarse-grained detection to divide the traffic into normal and anomaly quickly.Then,to improve the detection accuracy and reduce the detection time,multiple binary classifier parallel detection and single multi-classifier detection are combined to identify the type of abnormal traffic,which could avoid the problem of error accumulation in serial detection method.Finally,NSL-KDD data set is used to verify the proposed method based on Storm platform.The results show that the proposed method has high detection accuracy and can effectively improve the precision rate and recall rate of each type of abnormal traffic.
作者
吴浩明
张斌
周奕涛
廖仁杰
WU Haoming;ZHANG Bin;ZHOU Yitao;LIAO Renjie(Information Engineering University,Zhengzhou 450001,China)
出处
《信息工程大学学报》
2020年第6期711-718,共8页
Journal of Information Engineering University
基金
河南省基础与前沿技术研究计划基金资助项目(142300413201)。
关键词
网络流量异常检测
特征选择
二分类器
Storm平台
network traffic anomaly detection
feature selection
binary classifier
Storm platform
