Network Traffic Anomaly Detection Based on Information Gain and Deep Learning

Abstract

With the rapid development of the Internet, the network traffic shows an explosive growth trend. Although the Internet facilitates people's lives, it also brings a lot of security threats. Thus, the analysis of abnormal behavior of network traffic becomes a crucial factor for ensuring the quality of Internet services and preventing network intrusion. This paper proposes a deep learning method that combines CNN and LSTM to detect abnormal network traffic, especially unknown intrusions. In the field of machine learning, the choice of features is the key ingredient to the effect and accuracy of the model. Therefore, this paper also proposes a feature selection method based on Information Gain (IG), extracting more valuable features, which are fed into the model. We use CNN to extract the higher dimensional features of the input data, and then use LSTM to learn the timing characteristics of the network traffic. We applied our model on the KDD99 dataset and assessed its accuracy. When the epoch greater than 4, the training accuracy reaches 0.99 and testing accuracy reaches 0.925, which showed a certain improvement compared with the traditional model. In the era when information volume is becoming more and more dense, the analysis of network traffic will become more and more necessary, which also proves broader application prospects.