Traffic anomaly detection method based on iForest score extension
DOI:
CSTR:
Author:
Affiliation:

School of Communication and Information Engineering, Shanghai University,Shanghai 200444, China

Clc Number:

TP399

Fund Project:

  • Article
  • |
  • Figures
  • |
  • Metrics
  • |
  • Reference
  • |
  • Related
  • |
  • Cited by
  • |
  • Materials
  • |
  • Comments
    Abstract:

    Traffic anomaly detection is a technique used to identify network attacks effectively. In recent years, unsupervised methods have become prevalent in anomaly detection. Aiming at the demand of mining the temporal relationship between existing traffic data and the problem of randomly selecting feature attributes for sample division in iForest, this paper proposed a traffic anomaly detection method based on iForest score extension. Firstly, the paper used the sliding window mechanism and the information entropy property to design an entropic timeseries feature extraction method for network traffic, which was integrated into the feature set to perform significant feature screening. Secondly, the paper constructed an iForest score extension model that utilized the feature set iteration method with the feature importance matrix in the node sample division, integrated the isolated tree features in the set, marked the integrated path length between nodes instead of the original path length, and calculated the anomaly score that better characterized the sample distribution. Finally, by setting the anomaly score threshold, the paper discriminated whether the samples were abnormal. The experimental results on the public dataset show that the anomaly detection model proposed in the paper has obvious advantages over other methods, with good real-time detection performance and lower false alarm rate, which can be effectively used in the anomaly detection of network traffic, and is of great significance for the identification of attack events in real network activities.

    Reference
    Related
    Cited by
Get Citation
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:
  • Revised:
  • Adopted:
  • Online: July 15,2024
  • Published:
Article QR Code