Machine Learning Method And Application In Network Intrusion Detection

Since the end of last century,China's Internet industry has developed rapidly,and the number of netizens in China has approached an astonishing 900 million.However,the network security problems are emerging one after another.Virus software damages computer systems,Trojan Horse backdoor tampering with hosts,spam and mail flooding network mailboxes,distributed around the world,Dos attacks are countless.From individuals to countries,network security is an urgent problem to be solved.Network intrusion detection technology,which began to rise in the 1990s,has become an important means to resist network intrusion in recent years.NIDS network intrusion detection systems of various scales are widely used in enterprises and governments.However,there are many problems in NIDS,such as high false alarm rate,lack of accurate positioning and processing mechanism,and general inadequacy of performance.The wave of machine learning that has emerged in recent years has brought new vitality to more traditional industries,especially the Internet industry.Machine learning has been explored and applied to more fields.Based on this research background,this paper proposes the possibility of adding machine learning algorithms in all aspects of network intrusion detection.The specific research content includes the following three aspects:(1)In view of the high data dimension and difficult processing in network intrusion detection,the feature engineering in machine learning is applied to the event collection of network intrusion detection,reducing the intrusion detection data dimension,and comparing the characteristics of various feature selection methods.Subset.(2)For the current situation of fixed rule matching for event detection,some classical machine learning classification methods are added in the event analysis stage,combined with the feature subsets obtained by feature engineering,and experimental analysis of different feature subsets and classification methods is used to reduce the running time.And to ensure the effect of the detection rate within a certain range.(3)For the problem of high false positive rate of network intrusion detection,the clustering method is used to eliminate false positives in the event processing stage,and the effectiveness of the clustering method in the elimination of false positives is experimentally demonstrated.In summary,the purpose of this paper is to explore the effectiveness and feasibility of applying typical machine learning methods to network intrusion detection.The research is carried out in three stages:event collection,event analysis and event response of network intrusion detection.It corresponds to the preprocessing and feature engineering,classification method and clustering method in machine learning,and each part is demonstrated by simulation experiment.The effect of the method provides a useful reference for practical applications.