Research On Router Intrusion Detection Based On Deep Learning

With the rapid expansion of the Internet,the network has gradually become an indispensable part of human society.As basic tools for building a network,network routers play a key role in supporting the stability of the Internet.Therefore,the security of the router is directly related to the security of the entire Internet.By attacking the routing protocols and leaked security holes in the IOS,some attackers control the routers and cause crash.Then the entire network will be attacked easily,which poses a severe threat to Internet security.However,there are few current researches on router intrusion detection,and most of them are based on the traditional machine learning mode.The detection consequence depends on the traffic feature proposed by people,and feature engineering requires professional experience and skills.Therefore,it is very necessary to continue to follow up the research of router intrusion detection technologies and maintain the security and stability of the Internet under big data environment.At present,deep learning has made great progress in image recognition,natural language recognition,speech recognition,and other fields,and it also brings inspiration to network security and traffic intrusion detection.This paper aims at the security problems faced by routers currently,and studies the router intrusion detection technology from the perspective of deep learning.Based on the study of router attack methods and related intrusion detection theories,this paper proposes a router intrusion detection model and summarizes the key features of detecting attack traffic.For the payload data,a load detection method based on CNN is proposed.A state detection method based on EDLSTM is proposed for the state of session flow.According to above methods,a hybrid neural network detection model based on CNN-LSTM is designed and implemented,and the effectiveness of the proposed method is verified by experiments.The main work of this paper includes:Firstly,an intrusion detection model for routers is depicted.The processes of network scanning attacks,routing management protocol attacks,spoofing attacks,routing protocol attacks,and denial of service attacks were studied and analyzed.The features of attack traffic based on payload data and session flow state were summarized and the attack processes were illustrated by pictures.Based on the above,a router intrusion detection model was built.Secondly,a CNN-based packet payload feature detection method is proposed.According to data payload feature in the attack traffic,the convolutional neural network related technology is studied.The image recognition technique is applied to the intrusion detection field,and the original flow is converted into the image as the input data,thereby simplifying the feature selection process.The data set IEUD2017 collected for router attacks in this paper is tested.The experiment result shows that the method meets the target in terms of detection rate and false alarm rate.Thirdly,an EDLSTM-based session flow state feature detection method is proposed.According to the session flow state feature in attack traffic,EDLSTM is applied to the detection of traffic state by studying the technology of recurrent neural network in the field of natural language recognition.This method combines the feature of intra-session data with the learning capabilities of LSTM sequence features to achieve more accurate traffic classification.The experiment result shows that this method has significantly improved the detection effect of router protocol attacks and has reached and surpassed the current level of research in this field.Finally,a router intrusion detection method based on CNN-LSTM hybrid neural network is designed and implemented.In view of the dual traffic features of router attack traffic,this paper combines CNN with LSTM to achieve the purpose that learning the data feature through CNN while learning the session flow feature through LSTM.Optimizing the input data in the experiment ensures accuracy and learning efficiency,and improves the practical value.The experiment result shows that this method not only reaches a more accurate level in detection rate and false alarm rate,but also doubles the learning efficiency,meets the design goal and is close to the practical use.