Research On Intrusion Detection Algorithm Based On Network Anomaly

With the rapid development of Internet technology,Internet has been an important part of people's lives and brings us great convenience with its rich information resources.However,because of the opening of network,the network security problems have become increasingly severe.As an active security defence technique,intrusion detection offers realtime protection against interior or exterior attack and mistaken operation.After introducing the basic concept,structure,classification and detection methods of intrusion detection system,the dissertation analyzes the domestic and overseas research status in quo of the intrusion detection technology,deep learning theory,data pretreatment methods and clustering algorithms.Afterwards,this dissertation detailedly expatiates on some methods of deep neural networks and convolutional neural networks,principal component analysis,and some clustering.The main work and contributions of this dissertation are summarized as follows:(1)Before conducting the intrusion detection model,this dissertation studies the data pretreatment method based on principal component analysis(PCA)and proposes a fast multiple principle components extraction algorithm.The proposed algorithm can extract multiple principal components from the input signal in parallel and do not need the additional normalization operation.Simulation results show that the proposed algorithm not only has faster convergence speed,but also has higher estimation accuracy compared with some existing algorithms.(2)This dissertation establishes two deep learning models.The first one is the model of deep neural network(DNN),in which the following methods are used,e.g.,the traditional BP neural network is applied and the dropout layer is added to prevent the overfitting,and also the mini-batch and batch-normalization are used to improve convergence speed,and the improved stochastic gradient descent(SGD)optimization method is further used to prevent algorithm trapped in local extreme value point.The second one is the model of convolutional neural network(CNN),in which the convolution kernel is altered and the validity and efficiency of feature extraction are improved.Through multiple "convolution-downsampling" layers,collected features could represent the normal and abnormal user behavior deeply.Finally,the multi-layer perception is used to classify these features.The experiment on the KDD 99 data set shows that,compared with the classical intrusion detection algorithms,e.g.BP neural networks,and SVM algorihm,the proposed DNN and CNN model can improve the classification accuracy in the intrusion detection and recognition tasks.(3)In order to further improve the detection rate of rare attacks,a hybrid intrusion detection framework is put forward in this dissertation.In this framework,the data is first conducted on the feature selection based on k-means clustering model to judge the rare attacks,and then it is put into the deep neural network model including the multiple principal component extraction algorithm to pretreat the data set.This method can make the data,which enter into the deep neural network model,more accurate.This hybrid intrusion detection framework not only guarantee the total higher detection rate of networks attacks,but also effectively improve the detection rate of rare attacks including U2R and R2L.