Netinfo Security ›› 2020, Vol. 20 ›› Issue (2): 66-74.doi: 10.3969/j.issn.1671-1122.2020.02.009

• 技术研究 • Previous Articles     Next Articles

Abnormal Traffic Detection Technology Based on Data Augmentation and Model Update

ZHANG Hao1,2(), CHEN Long1,2, WEI Zhiqiang1,2   

  1. 1. College of Mathematics and Computer Science, Fuzhou University, Fuzhou 350116, China
    2. Fujian Provincial Key Laboratory of Network Computing and Intelligent Information Processing, Fuzhou 350116, China
  • Received:2019-10-10 Online:2020-02-10 Published:2020-05-11

Abstract:

Due to the endless network attack means, the data samples are constantly changing, resulting in low accuracy of anomaly detection. The traditional network abnormal traffic detection method is detected by rule matching. The detection method is relatively simple, and it is difficult to adapt to a complex and flexible large-scale network environment. To this end, this paper proposes an abnormal traffic detection technology based on data augmentation and model update. In order to solve the problem of data imbalance, this paper introduces the SMOTE algorithm to oversample the minority samples, and removes the noise data with the ENN algorithm. The important features are extracted by the random forest algorithm, and the model update is implemented with the feature importance as the distance metric in the improved KNN algorithm. Finally, the CatBoost classification algorithm is used to classify network traffic data. In the model iterative update process, the detection of abnormal traffic is better. Compared with HCPTC-IDS, the detection accuracy and false positive rate are improved. The experimental results on the KDD 99 dataset show that the multi-classification detection accuracy of this model is as high as 96.52%, and the false positive rate is only 0.92%.

Key words: network abnormal traffic detection, data imbalance, character importance, model updating, KDD 99

CLC Number: