Research On Intrusion Detection Technology Based On Machine Learning

With the continuous development of computer and network information systems,the business based on Internet has shown an explosive growth trend.The protection of network information systems,especially the protection of sensitive information systems,has become a major bottleneck restricting its further development.The technologies such as anti-virus software,firewalls,and intrusion detection technologies protect the security of network information systems from multiple dimensions namely the system,network boundaries,and behavior detection.However,the uncertainty and complexity of user and system behavior have made the using of traditional intrusion detection methods a challenging task.In recent years,with the continuous evolution of artificial intelligence technology,intrusion detection research on data mining and machine learning has achieved remarkable results.Although these research progress has improved the intrusion detection technology in performance,accuracy and false positive rate,bottleneck period in this area is on the corner.As a result,the research emphasis on intrusion detection has turn to extract more representative features for normal connections and effective detection of attacks.In view of the above problems,this paper designs a feature-oriented intrusion detection system based on machine learning.At first,the system based on CANN architecture makes use of the cluster center and the nearest neighbor sample method,which uses the clustering algorithm based on the fast search density peak to extract the cluster center of the data set,and redefines the cluster center,thus determines the nearest neighbor for each data in the training set.Note that the given data sample and its nearest neighbor must belong to the same cluster.Next,two distances are measured and summed,the first one based on the distance between each data sample and its cluster center(dist1),and the second distance is between the data and its nearest neighbor in the same cluster(dist2).Finally,the original multi-dimensional feature dataset is transformed into a new one-dimensional distance-based feature dataset.This method makes use of the cluster center and the nearest sample to classify and analyze the test data.It also reduces the dimension of the data and improves the detection efficiency.Based on the NSL-KDD data set,a series of experiments were performed using the KNN classification method.Experimental results show that the CANN architecture-based intrusion detection system proposed in this paper has good performance indicators in terms of accuracy,detection rate and false alarm rate assessment indicators.Compared with the traditional K-nearest neighbor algorithm and the simulation experiment of the support vector machine reference classifier,the proposed method has obvious advantages in the detection rate and accuracy of frequent data Normal,Do S and Probe.