The exponential growth of services in the internet with rapid development of technologies results produces huge growth in the traffic, which maximizes the possibility of increase in attacks by the attackers in the network. Several researchers have developed various techniques to defend these attacks and most of them are machine learning based approaches. The machine learning based techniques relay on features to extract the knowledge from the traffic and the performance is dependent on the characteristics of features extracted at packet level. The increase in the volume of traffic in the networks results deviation of feature characteristics with the diversified behavior. Hence, it is required to defined the traffic characteristics at flow level rather than packet or request, because the flow features are independent to the network behavior and doesn’t not influenced the performance of the detection process. In this paper a set of unique flow features are defined to extract the traffic from the network at flow level and train the system with diversity of the flow characteristics identified using Kolmogorov–Smirnov Test (K–S Test). The diversity of each flow characteristic defines a unique behavior and it is addressed with ensemble classifiers by evaluating the meta-heuristic scale for each attack class and normal flow. The experimentation is carried out on bench mark dataset and analyzed the performance. The proposed model exhibits better detection accuracy and low false alarm rate with low processing time compared to the contemporary models described in the literature.

随着技术的快速发展，互联网服务的指数级增长导致流量的巨大增长，这最大程度地增加了网络中攻击者发起攻击的可能性。几位研究人员开发了各种技术来防御这些攻击，其中大多数是基于机器学习的方法。基于机器学习的技术依赖于特征以从流量中提取知识，而性能取决于在数据包级别提取的特征的特征。网络中通信量的增加导致特征特性随着行为的多样化而偏离。因此，需要在流级别而不是数据包或请求中定义流量特性，因为流量特征独立于网络行为，并且不会影响检测过程的性能。在本文中，定义了一组独特的流量特征，以从流量级别的网络中提取流量，并使用Kolmogorov-Smirnov检验（KS检验）识别具有多种流量特征的系统。每个流量特征的多样性定义了一个独特的行为，并且通过评估每个攻击类别和正常流量的元启发式规模，使用集成分类器解决了该多样性。在基准数据集上进行了实验，并分析了性能。与文献中描述的现代模型相比，所提出的模型具有更好的检测精度和较低的误报率以及较低的处理时间。