| With the development of network technology and popularity of internet,network security issues have became more and more severe,while intrusion detection system(IDS)can identify attack behavior by analyzing the characteristics of network connection data to meet the security requirements when network information transmitted.Traditional intrusion detection algorithms identified intrusion behaviors by mining association rules manually,which usually led to insufficient extraction of features in user behavior,as well as high false detection rate,poor generalization ability and poor timeliness.Therefore,research on using new technology to improve intrusion detection algorithm made great significance.Convolutional neural network(CNN),a deep learning algorithm,simulatting the multi-layer neural network of the human brain possesses the ability to understand complex information.Applying the structure to IDS promoted understanding complex relationships in network connection data characterization,and made it possible to extract more valuable information for identifying abnormal data by autonomous learning.Based on above principles,this dissertation proposed an IDS model based on LeNet-5,which used for network audit data.The model could exploit potential relationship between data traffic characteristics and network attacks and calculate the bias caused by complex behaviors for feature extraction in intrusion detection systems,thus to correct intrusion detection results.The main contributions of this thesis are as follow:Firstly,we proposed an improved LeNet-5 structure with double convolutional layer and one pooling layer as a small unit,which strengthen the ability of learning the characteristics of intrusion behavior.Secondly,we constructed a LeNet-5 detection model based on optimized effective feature sets.Information entropy was used to calculate the correlation between feature attributes and intrusion behavior,what is more chi-square hypothesis testing was used to calculate the significance of impact on intrusion detection results,and are used after removing redundant features.After removing the redundant features,the convolutional neural network was used to model the network audit data,which made more accurate features extracting,less computational complexity and higher detection efficiency.At the same time,the reduced-dimension sampling algorithm in the LeNet-5 intrusion detection model was improved,while a dynamic adaptive pooling algorithm was adopted.When the characteristics of network connection data are reduced in dimension,the optimal value could be obtained in a dynamically adaptive manner according to the current operation domain.Compared to traditional max-pooling,loss of intrusion behavior information caused by reduced-dimension sampling process was reduced considerably.Finally,groups of experiments were made based on KDD CUP99 data set to test and verify models proposed in this paper,covering IDS based on LeNet-5 and series of improved models.Evaluation indicators including detection rate,false alarm rate,recall rate and detection accuracy demonstrated the result.As it shown,detection rate of the final model was 99.35%,and the false detection rate was 0.64%. |
PDF Full Text Request