With the increasing development of the industrial Internet, network security has attracted more and more attention. Among the numerous network security technologies, anomaly detection technology based on network traffic has become an important research field. At present, a large number of methods for network anomaly detection have been proposed. Most of the better performance detection methods are based on supervised machine learning algorithms, which require a large number of labelled data for model training. However, in a real network, it is impossible to manually filter and label large-scale traffic data. Network administrators can only use unsupervised machine learning algorithms for actual detection, and the detection effects are much worse than supervised learning algorithms. To improve the accuracy of the unsupervised detection methods, this study proposes a network anomaly detection model based on multiple classifier fusion technology, which applies different fusion techniques (such as Majority Vote, Weighted Majority Vote, and Naive Bayes) to fuse the detection results of the five best performing unsupervised anomaly detection algorithms. Comparative experiments are carried out on three public datasets. Experimental results show that, in terms of RECALL and AUC score, the fusion model proposed in this study achieves better performance than the five separate anomaly detection baseline algorithms, and it has better robustness and stability, which can be effectively applied to a wide range of network anomaly detection scenarios.

中文翻译：

---

基于多分类器融合技术的网络入侵异常检测模型

随着工业互联网的日益发展，网络安全越来越受到人们的关注。在众多的网络安全技术中，基于网络流量的异常检测技术已经成为一个重要的研究领域。目前，已经提出了大量的网络异常检测方法。大多数性能较好的检测方法都是基于有监督的机器学习算法，需要大量的标记数据进行模型训练。然而，在真实的网络中，人工过滤和标记大规模的流量数据是不可能的。网络管理员只能使用无监督机器学习算法进行实际检测，检测效果比有监督学习算法差很多。为了提高无监督检测方法的准确性，本研究提出了一种基于多分类器融合技术的网络异常检测模型，该模型应用不同的融合技术（如多数投票、加权多数投票和朴素贝叶斯）来融合五种性能最佳的无监督异常检测算法的检测结果。在三个公共数据集上进行了比较实验。实验结果表明，在RECALL和AUC得分方面，本研究提出的融合模型比5种独立的异常检测基线算法取得了更好的性能，具有更好的鲁棒性和稳定性，可以有效应用于广泛的网络异常检测场景。它应用不同的融合技术（例如多数投票、加权多数投票和朴素贝叶斯）来融合五种表现最佳的无监督异常检测算法的检测结果。在三个公共数据集上进行了比较实验。实验结果表明，在RECALL和AUC得分方面，本研究提出的融合模型比5种独立的异常检测基线算法取得了更好的性能，具有更好的鲁棒性和稳定性，可以有效应用于广泛的网络异常检测场景。它应用不同的融合技术（例如多数投票、加权多数投票和朴素贝叶斯）来融合五种表现最佳的无监督异常检测算法的检测结果。在三个公共数据集上进行了比较实验。实验结果表明，在RECALL和AUC得分方面，本研究提出的融合模型比5种独立的异常检测基线算法取得了更好的性能，具有更好的鲁棒性和稳定性，可以有效应用于广泛的网络异常检测场景。