基于特征属性信息熵的网络异常流量检测方法

针对网络异常流量检测问题,文章提出一种基于网络流量特征属性信息熵的异常流量检测方法。该方法首先计算描述网络流量特征变化的源端口号、目的端口号、源IP地址和目的IP地址这4种特征属性信息熵,并进行归一化处理,降低异常样本数据对分类性能的影响;然后利用自适应遗传算法对支持向量机分类器的惩罚参数和核函数参数进行优化,提高分类器泛化能力,同时改进遗传算法的交叉算子和变异算子,减少支持向量机分类器的训练时间;最后通过训练好的支持向量机分类器识别4种流量特征属性信息熵的变化以实现网络异常流量检测。仿真实验表明,该方法提取的4种流量特征属性信息熵能够有效表征异常流量变化,在多种异常流量类型条件下,具有较高的异常流量识别率和较低的误判率,且检测方法的鲁棒性较好。

Network Abnormal Flow Detection Method Based on Feature Attribute Information Entropy

Aiming at the problem of network abnormal flow detection,this paper proposes an abnormal flow detection method based on network flow feature attribute information entropy.This method firstly calculates the four feature attribute information entropies of source port number,destination port number,source IP address and destination IP address which describe the change of network flow feature.At the same time,normalization is performed to reduce the impact of abnormal sample data on classification performance.Then,the adaptive genetic algorithm is used to optimize the penalty parameters and kernel function parameters of the support vector machine classifier to improve the generalization ability of the classifier.At the same time,the crossover operator and mutation operator of the genetic algorithm are improved to reduce the training time of the support vector machine classifier.Finally,the trained support vector machine classifier is used to recognize the change of the four flow feature attribute information entropies to realize the network abnormal flow detection.Simulation experiments show that the four flow feature attribute information entropies extracted by the method can effectively characterize abnormal flow change.Under a variety of abnormal flow types,the method has a high abnormal flow recognition rate and a low false positive rate,and the robustness of the detection method is better.