A Classification Approach Based on Divergence for Network Traffic in Presence of Concept Drift

Cheng Guang; Qian Dexin; Guo Jianwei; Shi Haibin; Hua; Zhao Yuyu

doi:10.7544/issn1000-1239.2020.20190691

Journal of Computer Research and Development > 2020 > 57(12): 2673-2682. > DOI: 10.7544/issn1000-1239.2020.20190691

Cheng Guang, Qian Dexin, Guo Jianwei, Shi Haibin, Hua, Zhao Yuyu. A Classification Approach Based on Divergence for Network Traffic in Presence of Concept Drift[J]. Journal of Computer Research and Development, 2020, 57(12): 2673-2682. DOI: 10.7544/issn1000-1239.2020.20190691

Citation:

PDF (1249 KB)

A Classification Approach Based on Divergence for Network Traffic in Presence of Concept Drift

Cheng Guang^1,2,3,
Qian Dexin^1,2,3,
Guo Jianwei⁴,
Shi Haibin^1,2,3,
Hua^1,2,3,
Zhao Yuyu^1,2,3

¹(School of Cyber Science and Engineering, Southeast University, Nanjing 211189)
²(Key Laboratory of Computer Network and Information Integration (Southeast University), Ministry of Education, Nanjing 211189)
³(Jiangsu Provincial Key Laboratory of Computer Network Technology (Southeast University), Nanjing 211189)
⁴(Xi’an Research Institute, Huawei Technologies Co., Ltd., Xi’an 710075)

Funds: This work was supported by the National Key Research and Development Program of China (2018YFB1800602, 2017YFB0801703), the Ministry of Education-China Mobile Research Fund Project (MCM20180506), the National Natural Science Foundation of China (61602114), and the CERNET Innovation Project (NGIICS20190101, NGII20170406).

More Information

Published Date: November 30, 2020

Graphical Abstract

Abstract

Abstract

Due to the high dynamic variability, suddenness and irreversibility of network traffic, the statistical characteristics and distribution of traffic may change dynamically, resulting in a concept drift problem based on the flow-based machine learning method. The problem of concept drift makes the classification model based on the original data set worse on the new sample, which causes the classification accuracy to decrease. Based on this, a classification approach based on divergence for network traffic in presence of concept drift, named ECDD (ensemble classification based on divergence detection) is proposed. The method uses a double-layer window mechanism to track the concept drift. From the perspective of information entropy, the Jensen-Shannon divergence is used to measure the difference of data distribution between old and new windows, so as to effectively detect the concept drift. This paper draws on the idea of incremental ensemble learning, trains a new classifier on the concept drift traffic based on the pre-retention classifier, and replaces the classifier with the original performance degradation according to the classifier weight, so that the ensemble classifier is effectively updated. For common network application traffic, this paper constructs a concept drift data set according to different application feature distributions. This paper compares the method with common concept drift detection methods and the experimental results show that the method can effectively detect concept drift and update the classifier, showing better classification performance.
- concept drift,
- machine learning,
- Jensen-Shannon divergence,
- incremental ensemble learning,
- traffic classification

FullText(HTML)

References (0)

[1]	Fu Hao, Long Chun, Gong Liangyi, Wei Jinxia, Huang Pan, Lin Yanzhong, Sun Degang. Malicious Domain Detection Technology Based on Semantic Graph Learning[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202440375
[2]	Liu Qixu, Liu Jiaxi, Jin Ze, Liu Xinyu, Xiao Juxin, Chen Yanhui, Zhu Hongwen, Tan Yaokang. Survey of Artificial Intelligence Based IoT Malware Detection[J]. Journal of Computer Research and Development, 2023, 60(10): 2234-2254. DOI: 10.7544/issn1000-1239.202330450
[3]	Pan Jianwen, Cui Zhanqi, Lin Gaoyi, Chen Xiang, Zheng Liwei. A Review of Static Detection Methods for Android Malicious Application[J]. Journal of Computer Research and Development, 2023, 60(8): 1875-1894. DOI: 10.7544/issn1000-1239.202220297
[4]	Fan Zhaoshan, Wang Qing, Liu Junrong, Cui Zelin, Liu Yuling, Liu Song. Survey on Domain Name Abuse Detection Technology[J]. Journal of Computer Research and Development, 2022, 59(11): 2581-2605. DOI: 10.7544/issn1000-1239.20210121
[5]	Yang Zheng, Yin Qilei, Li Haoran, Miao Yuanli, Yuan Dong, Wang Qian, Shen Chao, Li Qi. Study of Wechat Sybil Detection[J]. Journal of Computer Research and Development, 2021, 58(11): 2319-2332. DOI: 10.7544/issn1000-1239.2021.20210461
[6]	Yang Wang, Gao Mingzhe, Jiang Ting. A Malicious Code Static Detection Framework Based on Multi-Feature Ensemble Learning[J]. Journal of Computer Research and Development, 2021, 58(5): 1021-1034. DOI: 10.7544/issn1000-1239.2021.20200912
[7]	Wang Jialai, Zhang Chao, Qi Xuyan, Rong Yi. A Survey of Intelligent Malware Detection on Windows Platform[J]. Journal of Computer Research and Development, 2021, 58(5): 977-994. DOI: 10.7544/issn1000-1239.2021.20200964
[8]	Wang Lina, Tan Cheng, Yu Rongwei, Yin Zhengguang. The Malware Detection Based on Data Breach Actions[J]. Journal of Computer Research and Development, 2017, 54(7): 1537-1548. DOI: 10.7544/issn1000-1239.2017.20160436
[9]	Li Peng, Wang Ruchuan, Wu Ning. Research on Unknown Malicious Code Automatic Detection Based on Space Relevance Features[J]. Journal of Computer Research and Development, 2012, 49(5): 949-957.
[10]	Dai Hua, Qin Xiaolin, and Bai Chuanjie. A Malicious Transaction Detection Method Based on Transaction Template[J]. Journal of Computer Research and Development, 2010, 47(5): 921-929.