Unknown protocol identification based on improved K-Means++ algorithm

Abstract

In recent years, the gradual popularization of mobile terminals and the vigorous development of the network have spawned the birth of a new Internet structure and promoted the growth of network traffic. Behind such a large network, effective supervision of network traffic is the cornerstone of network security protection. At present, many studies on the direction of network supervision focus on the analysis of unknown network protocol types. The protocol identification method combined with machine learning is a hot topic in this kind of research. This method extracts data stream features and builds data sets, using machine learning algorithms. The model analyzes unknown network traffic and can obtain better recognition results than traditional network protocol analysis methods. Aiming at the problem of unknown traffic identification, this paper proposes a reasonable unknown traffic identification algorithm. The feature normalization preprocessing, feature selection, LOF outlier analysis, etc. are introduced. The clustering process uses the K-Means++ algorithm, and the maximum local reachable density point in the outlier analysis is used to realize the initial cluster center point. Accurate positioning.