基于集成学习的多特征网络流量检测

Multi-feature Network Traffic Detection Based on Ensemble Learning

由于单一特征分类方法难以满足当前高效率、准确的网络安全维护要求,提出了一种基于集成学习的多特网络流量分类方法,通过综合利用流量数据中的多特征来提高分类的准确性和效率。首先,分析了网络流量中的多种特征,包括流量统计特征和原始字节流特征等。其次,结合集成学习模型进行多特征流量分类,对LightGBM进行二分类和多分类的准确率分别达到99.3%和99.0%。与没有进行特征提取的模型效果相比,所提方法的效果有显著的提升。最后,选择效果好的特征进行融合检测,发现检测效果有所提升。

To address the problem that single-feature classification methods are difficult to meet the current requirements of efficient and accurate network security maintenance,a multi-feature network traffic classification method based on ensemble learning is proposed,which improves the accuracy and efficiency of the classification by comprehensively utilizing multiple features in the traffic data.First,a variety of features in network traffic are analyzed,including traffic statistics features and raw byte stream features.Then,multi-feature traffic classification is carried out in conjunction with ensemble learning model,and the accuracy of binary classification and multi-classification performed on LightGBM reached 99.3%and 99.0%,respectively.Compared to models without feature extraction,the proposed method showed a significant improvement in performance.Finally,by selecting the most effective features for fusion detection,an enhancement in detection performance is observed.