Research On Intrusion Detection Technology Based On Machine Learning

In accordance with the rapid development and ubiquitous using of the Internet,the types and amounts of network intrusion are soaring too.As a significant component of computer system and internet security,intrusion detection technology has already become a research hotspot in contemporary information era.However,traditional intrusion detection technology has inept on tackling the more and more complex intrusion detection mission,such as firewall,user authentication and data encryption technology,to a certain extent,not only lack of intrusion detection intelligence,but also have low detection efficiency.Given the above discussion we need more intelligent and effective technology on intrusion detection.As the core of artificial intelligence,machine learning is the fundamental method to endow the computer intelligence.Machine learning mimic the learning behavior of human,and continuously improve its learning ability by learning existing knowledge and reorganizing existing knowledge structure,so as the computer will learn the new knowledge more efficiently.In big data era,machine learning have already been used in plural fields of artificial intelligence,computer security field is nonexclusive.As the essence of intrusion detection is a classification problem,machine learning can accomplish various classification tasks well.This paper applies machine learning to intrusion detection technology and evaluates the performance of various machine learning algorithms used on intrusion detection.Based on the assessment,we proposed the improved model and the optimized method in respect to the pro and con demonstrated by variety of machine learning algorithms used on intrusion detection.Finally,we make a comprehensive and in-depth study on malware,a widespread and universal specific existence mode of intrusion.The main research contents and innovative achievements of this paper are summarized as follows:(1)By analyzing the provenance and trait of intrusion data,we contrive an intrusion detection model based on machine learning detection algorithm which is divided into four stages: data generation,data extraction,data classification,performance metric computation.Firstly,this paper studies supervised and unsupervised learning algorithms including nearest neighbors,support vector machines,naive Bayes,decision trees,neural network,and K-means algorithms,etc.Based on the characteristics of benchmark intrusion datasets this paper proposes corresponding improved algorithms.Then,the paper use the benchmark intrusion detection dataset NSL-KDD to train the two types of algorithms,and select appropriate parameters for different algorithms to establish the learning model.Thus the task of dichotomy intrusion detection and multi-classification intrusion detection were completed.Finally,the intrusion detection effects of supervised and unsupervised learning algorithms are evaluated according to the performance indexes.(2)Aiming at the feature redundancy problem of NSL-KDD data set,this paper proposes an intrusion detection algorithm with different granularity based on gradient descent tree.This algorithm uses GBDT for feature combination and KNN for classification.Experimental results show that the GBDT-KNN algorithm is significantly better than a single KNN algorithm,and this algorithm also has better performance than other single machine learning algorithms.(3)Aiming at the adaptability and generalization ability of intrusion detection technology,this paper proposes a deep learning network model for intrusion detection.The convolutional neural network model is used to extract data features.Then the data set input to the neural network model is transformed into a two-dimensional data set,and the feature map is extracted by the CNN model.This paper using the thinking mode of image processing in CNN and combining with SVM classifier,test the intrusion detection effect of CNN-SVM algorithm.Experimental results show that the CNN-SVM algorithm has better classification accuracy than traditional machine learning algorithm,and has better adaptability and generalization ability than the algorithm based on feature engineering.(4)This paper studies intrusion detection technology based on ensemble learning method.In order to conquer the hardship of generating model on ensemble learning,this paper proposes an ensemble learning optimization method based on multi-layer perceptron neural network and AMGA2 algorithm.Firstly,based on the machine learning algorithm intrusion detection effect evaluation obtained by experiments above,this paper selects the multi-layer perceptron neural network with good performance as the weak classifier in ensemble learning,and constructs an ensemble learning model for intrusion detection using MLP.Then compare the experimental results which are taking the MLP,Boosted-MLP and Bagged-MLP as benchmark algorithm separately.Finally evaluate the effect of intrusion detection based on ensemble learning optimization method according to the performance metrics.Experimental results show that the proposed ensemble learning optimization method works better than Boosted-MLP ensemble method,Bagged-MLP ensemble method and the original MLP.In contrast to the present ensemble method,the proposed method could optimize the weight of weak classifier better and be helpful to advance the detection effect of smaller class in dataset.The proposed method could become a general method which can be used to solve the multi-target strife problem of ensemble learning and to train better ensemble learning models.(5)Based on the research technology proposed above,this paper studies the application of malware detection.This paper constructs a complete malware detection process based on cuckoo sandbox and WEKA machine learning software,uses more types of machine learning algorithms for malware detection in the real environment.Experimental results show that IBk and J48 algorithms have good detection effect,so they can be used as candidate technologies to detect unknown malware when constructing dynamic malware detection systems.They can also be the weak classifier for constructing malware detection systems based on ensemble learning.The experimental results of this paper have a certain guiding role and practical value for the application of malware detection in the future.