Research On Intrusion Detection Technology Based On Machine Learning

The rapid development of computer networks not only strengthened the modern society's dependence on the Internet,but also made the problem of network security more and more concerned by people.As a supplement to the traditional firewall technology,intrusion detection technology can proactively detect the malicious behavior in the network and provide real-time protection.It is one of the hot spots in the field of network security.With the complexity of the network structure,intrusion attacks become complicated and diverse,which makes traditional intrusion detection systems that rely on simple pattern recognition and feature selection fail to adapt well to today's network environment,resulting in the low accuracy and high false alarm rate of these intrusion detection systems.In recent years,machine learning technology and deep learning technology have drawn more and more attention in terms of its strong learning ability.According to this,we make an in-depth study of machine learning-based intrusion detection technology in this paper.We introduce the research status of intrusion detection technology based on machine learning at home and abroad based on the development process,basic structure and detection methods of intrusion detection technology,and elaborates on the characteristics of random forests,support vector machine,deep neural network and generative adversarial networks.The main work of this paper can be summarized into the following three aspects:(1)We first construct two intrusion detection classifiers using the classical machine learning algorithm of random forest and support vector machine.In the random forest classifier by adjusting the forest density and the use of principal component analysis of the data pretreatment to achieve a better fitting effect.In support vector machine classifier,kernel function is used to map data to higher dimension to facilitate classification and compare the performance between different kernel functions.(2)In order to further enhance the learning ability of data features,we construct a deep neural network model.Different activation functions and optimization algorithms are used to train the model,and regularization is added to prevent the over-fitting.We use NSL KDD dataset to test the proposed intrusion detection model.The experiment compares the influence of different activation functions and optimization algorithms on intrusion detection in deep neural networks,then compares the differences between deep neural networks and classical machine learning algorithms for random forests and support vector machines.Results show that the intrusion detection model based on deep structure can effectively improve the accuracy and reduce the false alarm rate compared with the classical machine learning algorithm.(3)In order to make up for the shortcomings of a small amount of data in NSL KDD datasets,we also construct a generative adversarial networks.Through the game between the generated model and the discriminant model in the network,the generated model can finally generate a data set that is similar to the training set,then we mix it with the original data set to construct a new data set that can be used for intrusion detection The validity of the data set is verified by experiments.