信息网络安全 ›› 2024, Vol. 24 ›› Issue (11): 1655-1664.doi: 10.3969/j.issn.1671-1122.2024.11.005

• 入选论文 • 上一篇    下一篇

融合RF和CNN的异常流量检测算法

张志强(), 暴亚东   

  1. 山西警察学院网络安全保卫系,太原 030401
  • 收稿日期:2024-06-16 出版日期:2024-11-10 发布日期:2024-11-21
  • 通讯作者: 张志强 3162130437@qq.com
  • 作者简介:张志强(1974—),男,山西,副教授,博士,CCF 会员,主要研究方向为网络安全|暴亚东(2002—),男,山西,本科,主要研究方向为网络安全
  • 基金资助:
    教育部产学合作协同育人项目(231005115272053);山西省高等学校教学改革创新项目(J20221297)

Anomaly Traffic Detection Algorithm Integrating RF and CNN

ZHANG Zhiqiang(), BAO Yadong   

  1. Department of Network Security, Shanxi Police College, Taiyuan 030401, China
  • Received:2024-06-16 Online:2024-11-10 Published:2024-11-21

摘要:

异常流量检测作为网络安全的关键技术之一,对于及时发现网络攻击、溯源取证、防止数据泄露等具有重要意义。针对现有网络异常流量检测方法在准确性方面存在的不足,文章提出一种融合随机森林(RF)和卷积神经网络(CNN)的异常流量检测算法,该算法利用RF进行特征选择和初步分类,有效地减少了输入维度并提高了模型的泛化能力;通过CNN对选定特征进行深层次的模式识别,进一步提升了异常检测的精度。实验结果表明,文章算法相比于传统的检测方法在检测准确率、召回率等方面均有显著提升。

关键词: 异常流量检测, 融合模型, 特征提取, 随机森林, CNN

Abstract:

Abnormal traffic detection is one of the key technologies in cybersecurity, playing a crucial role in promptly identifying network attacks, tracing evidence, and preventing data leaks. To address the shortcomings in accuracy of existing abnormal traffic detection methods, this paper proposed an anomaly traffic detection algorithm that integrates Random Forest (RF) and Convolutional Neural Network (CNN). This algorithm utilized RF for feature selection and preliminary classification, effectively reducing the input dimensionality and enhancing the model’s generalization capability; it further improved the precision of anomaly detection through deep pattern recognition by CNN on selected features. Experimental results demonstrate that, compared to traditional detection methods, this algorithm significantly enhances performance metrics such as detection accuracy and recall rate.

Key words: abnormal traffic detection, fusion model, feature extraction, random forest, CNN

中图分类号: