Abstract: This paper exploits distinctive flow characteristics of attacks when they communicate on a network, and proposes a semi-supervised classification method that can accommodate both known and unknown attacks. In training the classifier, it employs Sequential Forward Selection(SFS) to get the best feature subset. Meanwhile, it proposes weighted sampling techniques to obtain training flows. Performance evaluation using KDD CUP1999 data shows that high flow and byte classification accuracy can be achieved.

Key words: network traffic classification, semi-supervised learning, Fuzzy C-Means(FCM), intrusion detection

摘要： 利用攻击在网络通信中独特的流特征，给出一个可以适应已知和未知攻击的半监督分类方法。在训练分类器中，提出使用加权采样技术得到训练流，同时采用顺序前向选择算法得到最佳的特征子集。使用KDD CUP1999性能评估数据，可以得到较高的流和字节分类准确度。

关键词: 网络流量分类, 半监督学习, 模糊C均值, 入侵检测

CLC Number: 

• TP393