基于改进极端随机树的异常网络流量分类  被引量：28

作　　者：韦海宇 王勇 柯文龙[2] 俸皓[3,4] WEI Haiyu;WANG Yong;KE Wenlong;FENG Hao(School of Computer Science and Information Security,Guilin University of Electronic Technology,Guilin,Guangxi 541004,China;School of Information and Communication,Guilin University of Electronic Technology,Guilin,Guangxi 541004,China;Guangxi Colleges and Universities Key Laboratory of Cloud Computing and Complex Systems;Guilin University of Electronic Technology,Guilin,Guangxi 541004,China);Guangxi Key Laboratory of Trusted Software,Guilin University of Electronic Technology,Guilin,Guangxi 541004,China)

机构地区：[1]桂林电子科技大学计算机与信息安全学院,广西桂林541004 [2]桂林电子科技大学信息与通信学院,广西桂林541004 [3]桂林电子科技大学广西高校云计算与复杂系统重点实验室,广西桂林541004 [4]桂林电子科技大学广西可信软件重点实验室,广西桂林541004

出　　处：《计算机工程》2018年第11期33-39,共7页Computer Engineering

基　　金：国家自然科学基金(61662018;61163058);广西自然科学基金(2016GXNSFAA380153);广西高校云计算与复杂系统重点实验室研究课题(14103;15208);广西云计算与大数据协同创新中心研究课题(YD16303)

摘　　要：为更有效地识别网络流量中少量的异常流量样本,提出一种基于改进极端随机树的异常流量分类方法。计算数据中每个特征的信息增益率,获得较低维度的特征集。在此基础上,使用随机训练方法训练分类模型,对一部分基分类器使用全部样本进行训练,对另一部分则使用经过重采样的数据进行训练,并使用加权统计的方法修改其最后的投票规则。实验结果表明,该方法在NSL-KDD数据集上可达到0. 995 6的精确率,与ET和RF集成分类算法相比,其在数据样本较少的类别上分类效果更好。In order to identify a small number of abnormal traffic samples in network traffic more effectively,an abnormal traffic classification method based on improved extremely random trees is proposed in this paper.The information gain rate of each feature in the data is calculated and the feature set of lower dimensions is obtained.On this basis,the classification model is trained with the use of random training method.For parts of the base classifiers,all training samples are used,and for the others,they are trained with the resampling data.At the same time,the weighted statistical method is used to modify the final voting rules for those base classifiers using the resampling data.Experimental results show that the proposed method can achieve the accurate rate of 0.995 6 on the NSL-KDD data sets.Meanwhile,compared with other ensemble classification algorithms such as ET and RF,this method obtains better classification results when dealing with fewer data samples.

关 键 词：异常网络流量 流量分类 特征选择 随机训练 极端随机树 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]