摘要
随着网络空间安全风险的日益严峻,基于流量的网络异常检测技术的研究逐渐得到重视。针对网络流量模式多样、工况多变、相关性复杂等诸多挑战,本文提出一种基于SVM对网络流量异常检测方法。首先将多维网络流量数据的多个维度按照重要程度排序,取重要程度大的前20位维度重构数据集,其次取部分数据通过网格搜索函数选取SVM的最优参数,最后根据最优参数建立异常检测模型,通过公开数据集对模型的性能进行测试。基于公开数据集实验,与多种不同方法进行比较的结果表明本文提出的方法检测精读达到98%,取得优异的检测性能。
With the increasingly serious security risks in cyberspace,the research of network anomaly detection technology based on traffic has gained more concern.In view of various network traffic modes,variable working conditions,complex correlation and other challenges,this paper proposes an SVM-based abnormal detection method for network traffic.Firstly,multiple dimensions of multidimensional network traffic data are sorted according to their importance,and the top 20 dimensions with the greatest importance are selected to reconstruct the data set.Secondly,part of the data is selected to select the optimal parameters of SVM through grid search function.Finally,an anomaly detection model is established according to the optimal parameters,and the performance of the model is tested through the open data set.The results of comparison with many different methods show that both 98%precision and excellent detection performance are achieved.
作者
戚永军
刘晓硕
贾正正
宋媛萌
Qi Yongjun;Liu Xiaoshuo;Jia Zhengzheng;Song Yuanmeng(Information Technology Center,North China Institute of Aerospace Engineering;School of Computer Science and Engineering,North China Institute of Aerospace Engineering,Langfang 065000,China)
出处
《北华航天工业学院学报》
CAS
2024年第2期1-4,共4页
Journal of North China Institute of Aerospace Engineering
基金
北华航天工业学院博士基金项目(BKY-2022-09)
北华航天工业学院硕士研究生创新资助项目(YKY-2022-37)。
关键词
网络流量
支持向量机
异常检测
network traffic
support vector machine
anomaly detection
