Deep Learning Based Intrusion Detection Method And Model

With the development of the network technologies and complicated network environments,network security becomes even more important.The increasing complexity and concealment of Cyberattacks have caused losses to the state and society,and intensified the users' distrust in Cyberspace.Intrusion Detection System(IDS),as one of the effective means of network security defense,has been the focus of the related research.The deep learning based on deep neural networks(DNNs)can help extract the essential features of things and establish the complex mapping relationship between the low-level features and high-level semantics,as well as the accomplishment of the final prediction and recognition through layer-by-layer transformation of the features.The above features contribute to the solution of the problem that manual intervention is needed to select features in intrusion detection and the defect that the traditional method cannot induce and identify the similar behavior which may occur in the future from the behavior observed before to identify more unknown attack types.In view of this situation,this thesis,aiming at solving the lower accuracy of abnormal network intrusion detections,utilizes the deep learning technologies to model the network traffics to make a probe into the more accurate network intrusion detection methods based on the possibility of the implicit correlation of different attributes in the network traffics.Three aspects are discussed as follows:1)Aiming at the problem that the attributes in the network traffic data have implicit,complex and nonlinear correlations with each other,Long Short-Term Memory(LSTM)neural network is used to model the complex dependencies,to design a hierarchical LSTM(HLSTM)neural network for the traffic data and to extract the time series characteristics across multiple time-level structures of the network traffics.And finally,combining proper input data format design and network structure design,the long-term dependence between extracted features can be preserved and better detection performance can be obtained.2)The implicit correlation of different attributes in the network traffics is studied.Based on the HLSTM network intrusion detection method,this thesis proposed an intrusion detection method on the basis of HLSTM network and Attention Mechanism(AM)because of the large traffic data dimension of network intrusion detection and different contributions from different traffic units to network traffic classifications.After extracting the time series features across multiple time hierarchies in the network traffic through the HLSTM,the correlation among the time series features is captured through the attention layer,and the weight of the time series features is redistributed,the time series features are adaptively mapped to the process of network learning for the different importance of different network attack types.3)Aiming at the problem that temporal feature modeling is not conducive to parallelization,an improved Transformer model,Denseformer,is proposed to explore the feasibility of using attention mechanism to model the implicit correlation of network traffic to improve the accuracy of intrusion detection.And the Weighted Cross Entropy is used to train the model in order to reduce the influence of sample imbalance.The experimental results show that the proposed Denseformer method achieves 85.65%accuracy on the NSL-KDDTest+dataset and very competitive results on the UNSW-NB15 dataset.