### Anomaly detection in network traffic based on online feature selection

MO Xiaoyong, PAN Zhisong*, QIU Junyang, YU Yajun, JIANG Mingchu

1. College of Command Information System, PLA University of Science and Technology, Nanjing 210007, Jiangsu, China
• Received:2016-03-01 Online:2016-08-20 Published:2016-03-01

Abstract: Traditional batch feature selection methods had the limitations in time and space when dealing large-scale backbone network traffic. A method based on online feature selection detection was proposed to address the limitations, which integrated the idea of online learning into the linear classification model. When selecting the features, the classifier was first updated by online gradient descent and projected to a L1 ball to ensure that the norm of the classifier is bounded, and then the truncate function was used to control the quantity of features. The analysis results showed that the proposed method could make a good use of the time-sequence property of traffic, reduce the time of anomaly detection and hold the similar accuracy when comparing with the batch methods, and meet the real-time demand of network traffic anomaly detection. The proposed method provided a new idea for the network traffic anomaly detection.

CLC Number:

• TP181