Network Traffic Classification Based on SD Sampling and Hierarchical Ensemble Learning-Reference-Cited by-同舟云学术

Network Traffic Classification Based on SD Sampling and Hierarchical Ensemble Learning

Published:2023-05-17 Issue: Volume:2023 Page:1-16
ISSN:1939-0122
Container-title:Security and Communication Networks
language:en
Short-container-title:Security and Communication Networks

Author:

Qin Jian¹²^ORCID,Han Xueying¹²,Wang Chonghua³^ORCID,Hu Qing⁴,Jiang Bo¹²,Zhang Chen¹²^ORCID,Lu Zhigang¹²

Affiliation:

1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China

2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China

3. China Industrial Control Systems Cyber Emergency Response Team, Beijing 100040, China

4. Information Center of China North Industries Group Corporation, Beijing, China

Abstract

With the increase in cyber threats in recent years, there have been more forms of demand for network security protection measures. Network traffic classification technology is used to adapt to the dynamic threat environment. However, network traffic has a natural unbalanced class distribution problem, and the single model leads to the low accuracy and high false-positive rate of the traditional detection model. Given the above two problems, this paper proposes a new dataset balancing method named SD sampling based on the SMOTE algorithm. Different from the SMOTE algorithm, this method divides the sample into two types that are easy and difficult to classify and only balances the difficult-to-classify sample, which not only overcomes the SMOTE’s overgeneralization but also combines the idea of oversampling and undersampling. In addition, a two-layer structure combined with XGBoost and the random forest is proposed for multiclassification of anomalous traffic, since using a hierarchical structure can better classify minority abnormal traffic. This paper conducts experiments on the CICIDS2017 dataset. The results show that the classification accuracy of the proposed model is more than 99.70% and that the false-positive rate is less than 0.34%, indicating that the proposed model is better than traditional models.

Funder

National Basic Research Program of China

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Link

http://downloads.hindawi.com/journals/scn/2023/4374385.pdf

Reference41 articles.

1. A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection

2. Common Knowledge Based and One-Shot Learning Enabled Multi-Task Traffic Classification

3. Traffic classification using cost based decision tree;L. Wang

4. Multi class SVM algorithm with active learning for network traffic classification

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. HSS: enhancing IoT malicious traffic classification leveraging hybrid sampling strategy;Cybersecurity;2024-06-01

2. Comparison of Random Forest, K-Nearest Neighbor, and Support Vector Machine Classifiers for Intrusion Detection System;2024 International Conference on Science, Engineering and Business for Driving Sustainable Development Goals (SEB4SDG);2024-04-02

3. Cloud Network Traffic Classification and Intrusion Detection System Using Deep Learning;2023 International Conference on Integrated Intelligence and Communication Systems (ICIICS);2023-11-24

4. Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis;Sensors;2023-10-10