ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2020, Vol. 57 ›› Issue (12): 2673-2682.doi: 10.7544/issn1000-1239.2020.20190691

• 网络技术 • 上一篇    下一篇

基于散度的网络流概念漂移分类方法

程光1,2,3,钱德鑫1,2,3,郭建伟4,史海滨1,2,3,吴桦1,2,3,赵玉宇1,2,3   

  1. 1(东南大学网络空间安全学院 南京 211189);2(教育部计算机网络和信息集成重点实验室(东南大学) 南京 211189);3(江苏省计算机网络技术重点实验室(东南大学) 南京 211189);4(华为技术有限公司西安研究所 西安 710075) (gcheng@njnet.edu.cn)
  • 出版日期: 2020-12-01
  • 基金资助: 
    国家重点研发计划项目(2018YFB1800602,2017YFB0801703);教育部-中国移动科研基金项目(MCM20180506);国家自然科学基金项目(61602114);赛尔网络下一代互联网技术创新项目(NGIICS20190101,NGII20170406)

A Classification Approach Based on Divergence for Network Traffic in Presence of Concept Drift

Cheng Guang1,2,3, Qian Dexin1,2,3, Guo Jianwei4, Shi Haibin1,2,3, Hua1,2,3, Zhao Yuyu1,2,3   

  1. 1(School of Cyber Science and Engineering, Southeast University, Nanjing 211189);2(Key Laboratory of Computer Network and Information Integration (Southeast University), Ministry of Education, Nanjing 211189);3(Jiangsu Provincial Key Laboratory of Computer Network Technology (Southeast University), Nanjing 211189);4(Xi’an Research Institute, Huawei Technologies Co., Ltd., Xi’an 710075)
  • Online: 2020-12-01
  • Supported by: 
    This work was supported by the National Key Research and Development Program of China (2018YFB1800602, 2017YFB0801703), the Ministry of Education-China Mobile Research Fund Project (MCM20180506), the National Natural Science Foundation of China (61602114), and the CERNET Innovation Project (NGIICS20190101, NGII20170406).

摘要: 网络流量特征分布的动态变化产生概念漂移问题,造成基于机器学习的网络流量分类模型精度下降.定期更新分类模型耗时且无法保证分类模型的泛化能力.基于此,提出一种基于散度的网络流概念漂移分类方法(ensemble classification based on divergence detection, ECDD),采用双层窗口机制,从信息熵的角度出发,根据流量特征分布的JS散度,记为JSD(Jensen-Shannon divergence)来度量滑动窗口内数据分布的差异,从而检测概念漂移.借鉴增量集成学习的思想,检测到漂移时对于新样本重新训练出新的分类器,之后通过分类器权值排序,保留性能较高的分类器,加权集成分类结果对样本进行分类.抓取常见的网络应用流量,根据应用特征分布的不同构建概念漂移数据集,将该方法与常见的概念漂移检测方法进行实验对比,实验结果表明:该方法可以有效地检测概念漂移和更新分类器,表现出较好的分类性能.

关键词: 概念漂移, 机器学习, JS散度, 增量集成学习, 流量分类

Abstract: Due to the high dynamic variability, suddenness and irreversibility of network traffic, the statistical characteristics and distribution of traffic may change dynamically, resulting in a concept drift problem based on the flow-based machine learning method. The problem of concept drift makes the classification model based on the original data set worse on the new sample, which causes the classification accuracy to decrease. Based on this, a classification approach based on divergence for network traffic in presence of concept drift, named ECDD (ensemble classification based on divergence detection) is proposed. The method uses a double-layer window mechanism to track the concept drift. From the perspective of information entropy, the Jensen-Shannon divergence is used to measure the difference of data distribution between old and new windows, so as to effectively detect the concept drift. This paper draws on the idea of incremental ensemble learning, trains a new classifier on the concept drift traffic based on the pre-retention classifier, and replaces the classifier with the original performance degradation according to the classifier weight, so that the ensemble classifier is effectively updated. For common network application traffic, this paper constructs a concept drift data set according to different application feature distributions. This paper compares the method with common concept drift detection methods and the experimental results show that the method can effectively detect concept drift and update the classifier, showing better classification performance.

Key words: concept drift, machine learning, Jensen-Shannon divergence, incremental ensemble learning, traffic classification

中图分类号: