在软件定义网络(Software Defined Network,SDN)中,异常流量检测方法在实践中存在一些问题,主要体现在误报率高和虚警频繁等方面.为了应对网络中的异常流量攻击,研究人员开始探索机器学习异常流量检测方法.然而,机器学习方法面临着数据集庞大和数据维度高等挑战,这些因素影响了机器学习的效率和准确率,因此需要进行数据降维处理.主成分分析算法(Principal Component Analysis,PCA)作为基于线性变换的降维算法,存在一定的局限性,无法有效估计主成分.为了解决该问题,文中提出了一种改进的降维算法,即聚类高斯核主成分分析(C-means Gaussian Kernel Principal Component Analysis,CGKPCA),它扩展了非线性变换的能力.同时,还针对分类模型进行了改进,提出了改进的堆叠分类模型(Support Vector Ma-chine Stacking,S VMS).为了验证所提方法的有效性,文中使用开源数据集KDDCPU99和UNSW-NB15进行了实验.实验结果表明,所提出的二分类检测模型在性能指标上明显领先于其他模型.
Study on Optimization of Abnormal Traffic Detection Model Based on Machine Learning
Anomaly traffic detection methods in software defined network(SDN)have some problems in practice,such as high false alarm rate and frequent false alarms.In response to abnormal traffic attacks in the network,researchers have started to ex-plore machine learning methods for abnormal traffic detection.However,machine learning methods face the challenges of large data sets and high data dimensionality,which affect the efficiency and accuracy of its performance,and thus require data reduction processing.Principal component analysis(PCA),as a linear transformation-based downscale algorithm,has certain limitations and cannot effectively estimate the principal components.To overcome this challenge,this paper proposes an improved dimensionality reduction algorithm,namely C-means Gaussian kernel principal component analysis(CGKPCA),which extend the capability of non-linear transformation.Also,this paper improves on the classification model by proposing an improved stacking model SVMS(support vector machine stacking).To validate the effectiveness of the proposed algorithms,experimental validation is conducted using the open source datasets KDDCPU99 and UNSW-NB15.The testing results indicate that the binary classification detection model proposed in this paper is significantly ahead of other models in terms of performance metrics.
Software defined networkMachine learningStacking modelAbnormal traffic detectionCGKPCA
NETL
NSTL
万方数据
