Research On Network Intrusion Detection Method Based On Deep Learning

As an effective security protection technology,intrusion detection technology has been widely used in traditional network environments.In recent years,with the rapid development of network technology and network applications,network data traffic has also grown rapidly.More types of viruses and attacks followed.Faced with large-scale traffic and feature information,traditional machine learning-based intrusion detection systems(IDS)will suffer from low detection accuracy,high false negative rates,and reliance on dimensionality reduction algorithms.Therefore,it is particularly important to establish fast and efficient IDS to cope with the current complex network environment.In view of the above problems,this thesis mainly uses deep learning models,multivariate correlation analysis methods,information gain feature selection algorithms,and C5.0 decision tree classifiers to study several key technologies of network IDS.The specific research work is as follows:1.For the sake of improving the problem of low detection performance caused by high-dimensional data in network intrusion detection models,based on the time correlation characteristics of intrusion detection datasets,a network intrusion detection based on multivariate correlation analysis-long short-time memory networks is proposed.The model first selects the optimal feature subset through the information gain feature selection module;then uses a multivariate correlation analysis algorithm to convert the feature subset into a TAM matrix;finally,the TAM matrix is input into the long-short time memory network module for training and testing.In order to better show the performance of the model,the performance of existing convolutional neural networks,recurrent neural networks,deep forests,support vector machines,and K nearest neighbors is compared and analyzed.Experimental results show that the model has better classification detection performance than traditional machine learning and existing deep learning models.2.In light of the problem that traditional IDS often needs to use the design feature selection method to reduce the dimensionality of the dataset when processing highdimensional intrusion detection data,a convolutional neural network-bidirectional long and short-term memory network and C5.0 classifier IDS.This model does not need to design feature selection methods,and directly uses deep learning models to learn the representative features of high-dimensional data.The representative features learned by the deep learning model are input to the C5.0 classifier for classification.Experimental results show that the test accuracy of the model on the NSL-KDD and WSN datasets reached 94.1% and 99.8%,respectively,and the FPR values were 5.9% and 0.3%,respectively.3.Aiming at the problems of low detection accuracy and high false positive rate during the intrusion detection process of traditional network IDS based on machine learning,a network intrusion detection model combining bidirection long-short time memory network and C5.0 classifier.The model first uses the hidden layers of the bidirectional long-short time memory network to extract the features of the intrusion detection dataset,and finally inputs the extracted features to the C5.0 classifier for training and classification.For purpose of illustrating the applicability of this model,KDDcup 99,NSL-KDD,and UNSW-NB15 were selected as experimental datasets.Experimental results show that the model has good classification performance,and the classification accuracy can reach 99.9%,99.7%,and 95.0%.