Research On The Key Technology Of Intrusion Detection Based On Deep Learning

As a proactive network security technology,intrusion detection plays a more and more important role in the rapid development of the internet.How to detect intrusion behavior from large amounts of data has become the core direction of the development of intrusion detection technology.The basic idea of intrusion detection is to analyze and extract the features of the data traffic to identify the intrusion.The traditional intrusion detection methods mostly adopt statistical or algorithm to extract features and establish the classification model to identify the intrusion behaviors.These method has the problems of low recognition rate and difficulty to identify rare intrusion and so on.In order to solve this problem,this thesis introduces deep learning to establish an active learning detection model.It can improve the detection accuracy and identify the rare intrusion mode.This thesis introduces the basic theories of intrusion detection and deep learning in the first place,and then some key problems of intrusion detection based on deep learning are mainly studied.The main work of the paper includes:(1)Aiming at the high dimension of traffic data,the method of data dimension reduction is studied.The feature dimension of standard intrusion detection data set is up to 122 after the digitalization and normalization.In this thesis,a dimension reduction method of intrusion detection based on Auto-encoder is proposed by introducing the idea of Auto-Encoder to the practical problem.The experimental results show that this method can provide a one-to-one mapping of input data and output data under the condition that the data reconstruction error is very low.On this basis,this paper proposes a novel optimization method for the depth structure of the above Auto-encoder.It takes the reconstructed error as a measure to adjust the number of neurons in the Auto-Encoder according to the step size progressively.Through the experimental analysis,when the structure of the Auto-Encoder is 122-90-80-30,the reconstruction error is very low and the convergence speed is fast with high stability.The effect of ReLU is proved to be better than the other two kinds of activation functions for the optimal network structure by the experiment in the last.(2)In order to solve the problem that the detection accuracy and the efficiency of detecting rare attacks is not high enough,this paper presents two intrusion detection models based on the above method of descending dimension in Auto-Encoder,which are AE-DNN and AE-nSVM model respectively.The AE-DNN model combines dimensionality reduction method in Auto-Encoder with DNN deep neural network and the traditional fully-connected layer and dropout layer are combined to prevent over fitting.It also uses mini-batch and Xavier initialization to speed up the convergence and an optimization method calling random gradient descent(SGD)is used to prevent the model from falling into local minimum.The experimental results of intrusion detection dataset KDD CUP99 show that the accuracy of AE-DNN model is as high as 93.07%,and the false alarm rate and false negative rate are better than those of other models.The AE-nSVM model is proposed aiming at the uneven data distribution of all types of datasets and the low detection accuracy of rare attacks U2R and R2L.The model makes use of the good dichotomization features of four classifier based on SVM.Firstly,it can determine whether the attack is rare or not and then classify it step by step.This method can almost double the detection accuracy of U2R attacks and raise the detection accuracy of R2L attacks to 43.2%.