计算机工程2012,Vol.38Issue(5):92-95,4.
基于决策树的网络流量异常分析与检测
Analysis and Detection of Network Traffic Anomaly Based on Decision Tree
摘要
Abstract
Allusion to the problem that present network anomaly detection method based on traffic is still on the level with low accuracy, this paper proposes a new analysis and detection means on the base of decision tree. Network traffic structure feature and the method to describe network anomaly based on cross entropy are deeply researched then. C4.5 decision tree algorithm is used to establish decision model, attribute with continuous values are discreted, and attribute for classification layer by layer are selected on the base of maximum information gain ratio. Experimental results show that while the accuracy gets up to 90%, the misinformation rate can be controlled within 5%, which shows an obvious advantage compared with parallel method.关键词
异常检测/异常分类/网络流量特征/交叉熵/决策树/C4.5算法Key words
anomaly detection/anomaly classification/network traffic feature/cross entropy/decision tree/C4.5 algorithm分类
信息技术与安全科学引用本文复制引用
李强,严承华,朱瑶..基于决策树的网络流量异常分析与检测[J].计算机工程,2012,38(5):92-95,4.基金项目
全军军事学研究生课题基金资助项目(2010JY0698-403) (2010JY0698-403)
