The Research On Network Intrusion Detection Technique Based On Ensemble Learning And Semi-Supervised Learning Methods

Network intrusion detection system(NIDS)is considered as an important part to ensure the network security.Meanwhile,the technology attracts more and more attention.In recent years,many Machine Learning-based(ML-based)approaches are applied in NIDS to construct a data-driven model.This kind of approaches is helpful to reduce the cost of artificial identification.However,there still exists some problems.First,the quality of raw data is uneven.The most common data in the network is traffic data and the amount of traffic data is huge.Since the traffic data contains most redundant terms and noises,the performance of detection model becomes worse with the training by the raw data.Second,when the detection model is built,the training model can merely detect the unknown attack pattern.This is because the distribution of data is always imbalance,and there is lack of attacks in the raw traffic data.Due to this reason,the generalization ability of detection model will become weak and the detection performance will become worse.Third,most of ML-based methods adopt either supervised learning or unsupervised learning approaches to generate model.However,merely using unsupervised learning method will cause the lower accuracy and higher false alarm rate due to the lack of labeled data.Meanwhile,using the supervised learning method also brings some problems,like the weak ability to detect novel attack.Besides,when the labeled data is rare,the performance of supervised learning approach also becomes worse.In order to solve the problems above,this paper firstly proposed a data processing method for the traffic data.In this method,the PCA is used to compress the data and the clustering algorithm is adopted to sample the data.In this way,the redundant terms and noise will be removed and the training process will be more efficient.Next,this paper presents a broaden learning-based ensemble model,namely Broaden Learning-based Ensemble Tree(BLET).In order to refine the imbalance of traffic data,the BLET algorithm employs the weighted decision tree as the basic classifier.Then it integrates all the basic classifiers with the broaden learning method.This method will improve the generalization ability of the detection model.To further improve the detection performance,this paper proposed a semi-supervised learning approach,namely Fuzziness-based Semi-Supervised Learning Tree(FSSLT).FSSLT algorithm can solve the problem brought by the supervised learning and unsupervised learning approaches,and also the lack of labeled data.Finally,through a series of comparison experiments,the proposed methods deliver a promising result.Besides,the proposed methods are outperformed in comparison with the other new intrusion detection methods.