摘要
传统网络流量异常检测方法受数据规模、处理能力的限制,存在准确率低、实时监测困难等问题,为此提出一种基于多模型融合的流式并行异常检测方法。首先,对多个单一模型进行训练并融合,然后利用分布式架构实现融合模型的流式并行计算;其次,对识别结果进行验证,从而建立异常流量黑名单,利用黑名单对实时网络流量进行精准的匹配检测;最后,基于Hadoop大数据平台,采用KDD CUP99作为实例数据集进行实验,实验结果表明,与典型的异常检测方法相比,该方法能够实现实时流数据的异常检测,提高了检测准确率和计算效率。
Aiming at the low accuracy and difficulties of real-time detection resulting from the limitation of the data scale and the processing capacity of the traditional network traffic anomaly detection methods, a parallel anomaly detection method based on multi-model fusion is proposed. The first step of the method is to train the multiple single models, and then fuse them together. The fused model using distributed architecture can realize streaming parallel calculation of the algorithm and ultimately verify the recognition results so that it can form a blacklist of abnormal network traffic, and accurately detect the real-time network traffic by the blacklist. Experiments conducted on Hadoop platform with KDD CUP99 as data sets show that the proposed method complete the anomaly detection of real-time stream data, but also improve the accuracy and efficiency compared with other typical methods.
作者
韩萍
张寒
方澄
牛勇钢
HAN Ping;ZHANG Han;FANG Cheng;NIU Yonggang(College of Electronic Information and Automation,CAUC,Tianjin 300300,China)
出处
《中国民航大学学报》
CAS
2022年第1期13-20,共8页
Journal of Civil Aviation University of China
基金
民航安全能力建设资金项目(20600827)。
关键词
网络流量
异常检测
模型融合
流式并行计算
黑名单
network traffic
anomaly detection
model fusion
streaming parallel calculation
blacklist
