Application Research On Intrusion Detection Based On Machine Learning

The appearance and wide utilization of network have brought convenience topeople’s lives and works. But at the same time, they also introduced many securityproblems, such as various viruses, vulnerabilities, and attacks, which have causedhuge loss. How to protect the information from attacks and leakages, and maintain itsintegrity, availability, and confidentiality, are the focuses of researches. On the basisof current network security status, the protective measures primarily include accesscontrol, data encryption, authentication, firewall, and intrusion detection. Intrusiondetection techniques identify the behaviors which violate security policies or threatsystem security, by means of collecting the information of operation systems, systemprograms, application programs, or network traffic packages, which are effectivemeasures to protect systems.Machine learning methods simulate the human cognitive pattern by computers,study how to learn the existing knowledge, and discover new knowledge, meanwhile,it improve the learning performance by continuous optimization. Machine learningincludes numerous data preprocessing and classification methods, which haveassociations with Statistics, Artificial Intelligence, and Information Theory. Themethods construct learning machines by the existing experience, for furtherclassification and prediction of the unknown samples.In this research, the typical machine learning methods were applied in intrusiondetection, and we studied the effectiveness and feasibility of the data processingmethods used in the detection of network intrusion. The research of this paper under aproposed intrusion detection framework based on machine learning, focused on threeissues to explore the feasible solutions. For the first, against the high dimensions ofnetwork security data, feature selection was adopted to reduce dimensions. Secondly,since improve the detection accuracy is one of the key points of intrusion detection,an optimized neural network algorithms based Particle Swarm Optimization (PSO) was presented, to improve the accuracy. Thirdly, facing with the numerous falsepositives in the alerts, we adopted the clustering algorithms to eliminate falsepositives. The detailed contents include the following four aspects.(1) One intrusion detection system framework. According to the practicalrequirements of intrusion detection system, we referred to the existing networksecurity models and intrusion detection models, and proposed an intrusion detectionframework based on machine learning, which satisfies three conditions: the integrityof event dealing process, the versatility, the scalability and flexibility.(2) Two types of intrusion detection methods. Four typical filter feature selectionalgorithms were used to give the feature sequences by the features’ importance. Thenthe K-Nearest Neighbor (KNN) and Support Vector Machine (SVM) were adopted asclassifiers, to achieve the wrapper feature selection algorithms. Feature subsets wereevaluated by the classification algorithms, and the selected subset was used in thefollowing detection.(3) One optimized neural network algorithm. We adopted artificial neuralnetwork algorithms in intrusion detection. In order to improve the detectionperformance, an Radial Basis Function (RBF) algorithm optimized by PSO waspresented and implemented. Experiments showed the effectiveness of the optimizedalgorithm.(4) One false positives elimination method. The high proportion of falsepositives in IDS alerts result in the difficulties in analyzing. We used typical clusteringalgorithms in false positives elimination, to separate the real alerts and false positivesin IDS, and assessed the effectiveness and feasibility.The innovations of this research include four aspects. The first is the proposedIDS framework based on machine learning, and the following works are based on theframework. The second is realization of wrapper feature selection based on KNN andSVM. The third is presented the optimized RBF neural network algorithm based onPSO, which can be used in other fields. The last is used two clustering algorithms infalse positives elimination.In summary, the research in this paper is focus on the effectiveness and feasibility of adopting typical machine learning methods in intrusion detection,including one IDS system framework, two types of feature selection methods, oneoptimized RBF algorithm, and one false positives elimination method. They wereused to reduce the feature dimension, improve detection accuracy, and eliminate highfalse positives. Experiments in each sections evaluated the performance of proposedmethods and algorithms. For the research of this paper, we expect to providereferences for others, and hope them have practical meanings.