| 基于决策树的网络流量异常分析与检测 |
| |
| 引用本文: | 李强,严承华,朱瑶.基于决策树的网络流量异常分析与检测[J].计算机工程,2012,38(5):92-95. |
| |
| 作者姓名: | 李强 严承华 朱瑶 |
| |
| 作者单位: | 海军工程大学电子工程学院,武汉,430033 |
| |
| 基金项目: | 全军军事学研究生课题基金 |
| |
| 摘 要: | 针对现有网络流量异常检测方法准确率较低的问题,提出基于决策树的网络流量异常分析与检测方法。研究网络流量结构特征及流量异常的交叉熵表示方法。采用C4.5算法建立决策树模型,将具有连续性的属性值离散化,根据最大信息增益比逐层选取分类属性,依此规则对流量数据进行分类。实验结果表明,当该方法的检测准确率达90%以上时,误报率可控制在5%以内,与同类方法相比能更准确地发现网络流量异常并进行分类。
|
| 关 键 词: | 异常检测 异常分类 网络流量特征 交叉熵 决策树 C4.5算法 |
| 收稿时间: | 2011-06-03 |
Analysis and Detection of Network Traffic Anomaly Based on Decision Tree |
| |
| LI Qiang
,
YAN Cheng-hua
,
ZHU Yao.Analysis and Detection of Network Traffic Anomaly Based on Decision Tree[J].Computer Engineering,2012,38(5):92-95. |
| |
| Authors: | LI Qiang YAN Cheng-hua ZHU Yao |
| |
| Affiliation: | (School of Electronic Engineering,Naval University of Engineering,Wuhan 430033,China) |
| |
| Abstract: | Allusion to the problem that present network anomaly detection method based on traffic is still on the level with low accuracy,this paper proposes a new analysis and detection means on the base of decision tree.Network traffic structure feature and the method to describe network anomaly based on cross entropy are deeply researched then.C4.5 decision tree algorithm is used to establish decision model,attribute with continuous values are discreted,and attribute for classification layer by layer are selected on the base of maximum information gain ratio.Experimental results show that while the accuracy gets up to 90%,the misinformation rate can be controlled within 5%,which shows an obvious advantage compared with parallel method. |
| |
| Keywords: | anomaly detection anomaly classification network traffic feature cross entropy decision tree C4 5 algorithm |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
