摘要： 针对现有网络流量异常检测方法准确率较低的问题，提出基于决策树的网络流量异常分析与检测方法。研究网络流量结构特征及流量异常的交叉熵表示方法。采用C4.5算法建立决策树模型，将具有连续性的属性值离散化，根据最大信息增益比逐层选取分类属性，依此规则对流量数据进行分类。实验结果表明，当该方法的检测准确率达90%以上时，误报率可控制在5%以内，与同类方法相比能更准确地发现网络流量异常并进行分类。

关键词: 异常检测, 异常分类, 网络流量特征, 交叉熵, 决策树, C4.5算法

Abstract: Allusion to the problem that present network anomaly detection method based on traffic is still on the level with low accuracy, this paper proposes a new analysis and detection means on the base of decision tree. Network traffic structure feature and the method to describe network anomaly based on cross entropy are deeply researched then. C4.5 decision tree algorithm is used to establish decision model, attribute with continuous values are discreted, and attribute for classification layer by layer are selected on the base of maximum information gain ratio. Experimental results show that while the accuracy gets up to 90%, the misinformation rate can be controlled within 5%, which shows an obvious advantage compared with parallel method.

Key words: anomaly detection, anomaly classification, network traffic feature, cross entropy, decision tree, C4.5 algorithm

中图分类号: 

• TP393