Research On Network Intrusion Detection Technology Based On Machine Learning Method

Nowadays,the Internet application has been popularized.In the large-scale and complex network session access,all kinds of attack means emerge in endlessly,and the traditional intrusion detection system usually gives the alarm that is original and isolated.It is difficult to get some possible connections between the attacks.It is not difficult to meet the security performance of the network environment.Requirement.In recent years,with the development of machine learning methods and deep learning technology,the network security management has introduced more effective response mechanism in the existing network intrusion detection and processing,so this paper has done the following work:1)According to the traditional detection rate is low and easy to cause false alarm of single step attack recognition problem,the gradient of machine learning based on lifting tree(GBDT)integrated detection algorithm with decision tree ensemble algorithm as the base learner,detection and identification of single attack,the algorithm is greatly improved on traditional detection the algorithm generalization ability,in conditions of limited training sample set,to ensure that the test set is relatively independent,to keep a small error.The experiment compares and analyzes the results of GBDT and classical machine learning algorithm and KDDCup99 winner detection rate,and verifies the feasibility of integration algorithm in single step attack recognition.2)For the integrated algorithm based on machine learning on the rare attack detection and recognition step in attack recognition because of the number of categories in the sample gap caused by the attack rate is low and the alarm devices generate a lot of problems of lower influence on the efficiency of the alarm detection system,based on predefined rules and comprehensive correlation model based on attribute similarity based on alarm information fusion the attack,solve the rare low recognition rate and make up a single rule related knowledge base is not perfect or sustained attack caused some alarm scene due to the missing...