随着大数据时代的到来,各种数据挖掘和机器学习方法被广泛地应用于异常流量检测。文中针对异常流量检测方法展开研究,提出了一种基于熵和改进的SVM多分类器的异常流量检测方法。该方法用熵值对网络流量的各个属性进行量化,将异常流量检测问题抽象为对不同类型流量的分类问题,并对传统的一对其余SVM多分类器进行改进。使用改进SVM多分类器对熵值量化后的流量进行分类判决,根据分类结果捕获异常。将该方法应用于实际的异常流量检测系统,并进行测试,结果表明,该方法对网络中常见的异常流量有很好的检测效果。%With the advent of the age of big data,data mining and machine learning methods have gradually replaced the traditional meth-ods of anomaly detection,which have gained more attention. In this paper,a new method of detecting the anomaly traffic based on the in-formation entropy and SVM is proposed. This method transfers anomaly detection problems into the classification of different types of traffic,and uses information entropy to quantify different attributes of network traffic. It puts forward an improved SVM multi-class clas-sifier to classify the entropy-quantified traffic and judges the anomalies accordingly. This method is implemented into a real system and function test is carried out. The results show that the method has a good detection effect for the abnormal traffic of the Internet.
展开▼
