Research On Machine Learning Based Intrusion Detection Schemes

With the rapid development of big data,cloud computing,Internet of Things and intelligent terminals,the way people live and work will be completely changed.However,the rapid development in various fields has also brought new security threats.Based on the idea of layered detection and overall coordination,this thesis designs a point-line-plane intrusion detection architecture,and conducts in-depth research on intrusion detection between a sin-gle target network,different local networks(time and space)and local networks and cloud platforms.The main research results obtained in this thesis are as follows.1.State-of-the-art intrusion detection schemes for unknown attacks employ machine learn-ing techniques to identify anomaly features within network traffic data.However,due to the lack of enough training set,the difficulty of selecting features quantitatively and the dynamic change of unknown attacks,the existing schemes cannot detect unknown attacks effectually.To address this issue,an intrusion detection scheme based on semi-supervised learning and information gain ratio is proposed.In order to overcome the limited problem of training set in the training period,the semi-supervised learning algorithm is used to obtain large-scale training set with a small amount of labelled data.In the detection period,the information gain ratio is introduced to determine the impact of different features and weight voting to infer the final output label to identify unknown attacks adaptively and quantitatively,which can not only retains the information of features at utmost,but also adjust the weight of single decision tree adaptively against dynamic attacks.2.Aiming at the problems such as high cost of ciphertext calculation,long training cycle and difficulty in privacy protection in the current outsourcing computing scheme of secure data sharing,this thesis designs a privacy-preserving multi-source transfer learning intrusion detection system.Firstly,we used the Paillier homomorphic to encrypt models which trained from different source domains and uploaded to the cloud.Then,based on privacy-preserving scheme,we first proposed a multi-source transfer learning IDS based on encrypted XGBoost(E-XGBoost).3.It is difficult to adaptively select the retraining period of attack interval and detection model for the existing scheme,which leads to the problem of poor detection performance.To solve above problems,a bidirectional long and short-term memory network with multi-feature layer is designed.Firstly,sequence and stage feature layers are introduced in the model training phase model which can learn the corresponding attack interval from historical data,so that the model can effectively detect attacks with different intervals.Then,a double-layer reverse unit is introduced to update the detection model.By collecting information from test data and making association analysis with historical data,the retraining period is adaptively selected to match the new attack interval.4.Aiming at the fact that the existing federated learning can only encrypt the model,so that the data privacy will not be disclosed,but the correctness of the uploading model itself cannot be guaranteed,an intrusion detection scheme based on federated learning is proposed.Firstly,an anti-poisoning attack algorithm based on encryption model is designed,and a complete anti-attack model is proposed.On this basis,the model defines the anti-attack strategy and the target function,and introduces the poisoning rate into the target function,so that the model gives consideration to the availability and concealment of the attack.While constructing the intrusion detection model based on knowledge sharing among islands,the privacy of local data sources is protected.