计算机工程 ›› 2018, Vol. 44 ›› Issue (11): 33-39.doi: 10.19678/j.issn.1000-3428.0048489

• 先进计算与数据处理 • 上一篇    下一篇

基于改进极端随机树的异常网络流量分类

韦海宇a,王勇a,b,c,d,柯文龙b,俸皓c,d   

  1. 桂林电子科技大学 a.计算机与信息安全学院; b.信息与通信学院; c.广西高校云计算与复杂系统重点实验室; d.广西可信软件重点实验室,广西 桂林 541004
  • 收稿日期:2017-08-31 出版日期:2018-11-15 发布日期:2018-11-15
  • 作者简介:韦海宇(1992—),男,硕士研究生,主研方向为大数据、机器学习;王勇,教授、博士生导师;柯文龙(通信作者),博士研究生;俸皓,副教授、博士。
  • 基金项目:

    国家自然科学基金(61662018,61163058);广西自然科学基金(2016GXNSFAA380153);广西高校云计算与复杂系统重点实验室研究课题(14103,15208);广西云计算与大数据协同创新中心研究课题(YD16303)。

Abnormal Network Traffic Classification Based on Improved Extremely Random Tree

WEI Haiyu a,WANG Yong a,b,c,d,KE Wenlong b,FENG Hao c,d   

  1. a.School of Computer Science and Information Security; b.School of Information and Communication; c.Guangxi Colleges and Universities Key Laboratory of Cloud Computing and Complex Systems; d.Guangxi Key Laboratory of Trusted Software,Guilin University of Electronic Technology,Guilin,Guangxi 541004,China
  • Received:2017-08-31 Online:2018-11-15 Published:2018-11-15

摘要: 为更有效地识别网络流量中少量的异常流量样本,提出一种基于改进极端随机树的异常流量分类方法。计算数据中每个特征的信息增益率,获得较低维度的特征集。在此基础上,使用随机训练方法训练分类模型,对一部分基分类器使用全部样本进行训练,对另一部分则使用经过重采样的数据进行训练,并使用加权统计的方法修改其最后的投票规则。实验结果表明,该方法在NSL-KDD数据集上可达到0.995 6的精确率,与ET和RF集成分类算法相比,其在数据样本较少的类别上分类效果更好。

关键词: 异常网络流量, 流量分类, 特征选择, 随机训练, 极端随机树

Abstract: In order to identify a small number of abnormal traffic samples in network traffic more effectively,an abnormal traffic classification method based on improved extremely random trees is proposed in this paper.The information gain rate of each feature in the data is calculated and the feature set of lower dimensions is obtained.On this basis,the classification model is trained with the use of random training method.For parts of the base classifiers,all training samples are used,and for the others,they are trained with the resampling data.At the same time,the weighted statistical method is used to modify the final voting rules for those base classifiers using the resampling data.Experimental results show that the proposed method can achieve the accurate rate of 0.995 6 on the NSL-KDD data sets.Meanwhile,compared with other ensemble classification algorithms such as ET and RF,this method obtains better classification results when dealing with fewer data samples.

Key words: abnormal network traffic, traffic classification, feature selection, random training, extremely random tree

中图分类号: