Abnormal Network Traffic Detection based on Leaf Node Density Ratio

Abstract

As the network evolves, cyber-attacks become more and more diverse. In the process of detecting network traffic, the most complicated but also the most important task is to find unknown abnormal network traffic data in time. In the existing abnormal network traffic detection method based on Extended Isolation Forest, there are limitations such as unbalanced detection accuracy and insufficient generalization ability. An improved abnormal network traffic detection method EIF-LNDR is proposed for the above problems. Based on the leaf node density ratio, the anomaly score of the instance can be calculated differently for each iTree. The experiments show that EIF-LNDR has significant improvement in precision, false negative rate, and detector efficiency compared with Extended Isolation Forest and LOF methods.