中圖分類號：TP393.0文獻標識碼：ADOI:10.19358/j.issn.2097-1788.2024.03.003
引用格式：胡銳，徐芳，熊郁峰，等.基于遺傳算法和LightGBM的網絡安全態勢感知模型［J］.網絡安全與數據治理，2024，43（3）：14-20.

Network traffic anomaly identification and detection based on genetic algorithm and LightGBM

Abstract： This study proposes an improved LightGBM model based on genetic algorithm to avoid problems such as the connection between features and the loss of contextual information in the network traffic anomaly detection method in traditional tobacco industry systems. This model can avoid the model falling into local optimal situations. First, the data dimensionality is reduced by calculating and constructing a tree model, and key feature information that is important to the detection effect is mined from high dimensional data, and the proposed model is used to analyze this key feature information. To evaluate the effectiveness and superiority of the model, this paper uses accuracy and loss to evaluate the model and compares it with other network traffic anomaly detection models Tabular model, TabNet, LightGBM, and XGBoost. Experimental analysis was conducted using the public data set CIC.IDS.2018. The results show that under high-feature network security situational awareness, the recognition accuracy of multi class and two-class classification reaches 99.43% and 99.87% respectively. In the case of low features, the multi-class recognition accuracy is 99.43%. The recognition accuracy of classification and binary classification reaches 98.73% and 99.39% respectively, which has high accuracy and good flexibility and robustness.

Key words : anomaly detection; machine learning; genetic algorithm; LightGBM