An optimized feature extraction algorithm for abnormal network traffic detection

Abstract

Abnormal network traffic detection is an important technology to guarantee cyberspace security, it detects malicious attack through identifying the behavior of network traffic. In the process of abnormal network traffic detection, feature extraction plays a very important role, and the quality of extracted features directly determine the effect of detection results. However, the existing feature extraction methods only process the features for one time, which causes these methods cannot provide efficient features; In addition, the heterogeneity of network traffic makes traditional abnormal network traffic detection methods unsuitable for the diverse and complex network traffic. To solve this problem, this paper proposes an optimized feature extraction algorithm called LD-KPCA based on Linear Discriminant Analysis (LDA) and Kernel Principal Component Analysis (KPCA). In the LD-KPCA, the KPCA is used firstly to project the original linearly inseparable data into a high-dimensional linearly separable space, thereby deleting the redundant and irrelevant features; And then, the LDA is used in the new feature space to perform secondary feature extraction. Compared to simply using KPCA, the additional use of LDA can solve the problem that KPCA only focuses on the performance of variance in the features but ignores the performance of mean in the features. Finally, we conduct a large amount of experiments to test the performance of the proposed LD-KPCA algorithm, and the experimental results show that the LD-KPCA algorithm can obtain high precision, recall as well as F1-measure in abnormal network traffic detection.