电子测量与仪器学报

陈万志,任鹏江,王天元.因素空间背景基的流量异常检测基点分类方法[J].电子测量与仪器学报,2024,38(6):84-94

因素空间背景基的流量异常检测基点分类方法

Traffic anomaly detection method based on fundamental pointclassification by factor space background basis

DOI：

英文关键词:factor space background basis fundamental point classification anomaly detection

基金项目:国家重点研发计划（2018YFB1403303）、辽宁省教育厅高校科研基金（2021LJKZ0327）项目资助

作者	单位
陈万志	辽宁工程技术大学软件学院葫芦岛125105
任鹏江	辽宁工程技术大学软件学院葫芦岛125105
王天元	国网辽宁省电力有限公司营口115005

Author	Institution
Chen Wanzhi	College of Software, Liaoning Technical University, Huludao 125105, China
Ren Pengjiang	College of Software, Liaoning Technical University, Huludao 125105, China
Wang Tianyuan	State Grid YingkouElectric Power Company of Liaoning Electric Power Supply CO, Yingkou 115005, China

摘要点击次数: 34

全文下载次数: 1271

中文摘要:

针对机器学习在流量异常检测中存在特征选择依赖经验、易受离群点影响导致鲁棒性差等问题，基于因素空间理论的“背景关系背景分布背景基”体系提出一种流量异常检测的基点分类方法。首先，数据预处理阶段使用KNN离群点检测算法去除数据中的离群点，降低异常点对后续背景基提取的影响。其次，使用mRMR算法对数据特征进行排序，选择对分类最具影响力的特征标注为类别区分特征。然后，以内点判别法为理论基础优化背景基提取算法，提取训练数据中不同类别数据的背景基，得到各类别的单位认知包。最后，以单位认知包为核心构造基点分类算法(fundamental point classification algorithm, FPCA)实现异常流量的精准二分类。在NSL-KDD数据集上对所提方法的二分类实验准确率和F1-score分别达到92.48%和92.18%，检测性能优于同类型的其他机器学习方法。在CICIDS2017场景数据集上的测试进一步验证了所提方法在实际应用中的可行性。

英文摘要:

In order to solve the problems of feature selection dependent on experience and poor robustness caused by outliers in machine learning traffic anomaly detection, a fundamental point classification method for traffic anomaly detection based on the “background relation-background distribution-background basis” system by factor space theory is proposed. Firstly, the KNN outlier detection algorithm is used to remove outliers in the data in the data preprocessing stage to reduce the influence of outliers on the subsequent background basis extraction. Secondly, the mRMR algorithm is used to sort the data features and select the most influential features for classification as category distinguishing features. Then, the background basis extraction algorithm is optimized based on the internal point discriminant method, and the background basis of different types of data in the training data is extracted, and the unit cognition package of each type is obtained. Finally, a fundamental point classification algorithm (FPCA) based on the unit cognitive packet is constructed to achieve accurate two-class classification of abnormal traffic. The proposed method attains accuracy rate of 92.48% and F1-score of 92.18% in a two-class classification task on the NSL-KDD dataset, which detection performance superior to the same type machine learning method. The test on CICIDS2017 scene data set further verifies the feasibility of the proposed method.

查看全文查看/发表评论下载PDF阅读器