Research On Network Intrusion Detection Method Based On Bi-LSTM

With the advent of the Internet age,information integration plays a very important role in today's Internet age,greatly improving people's daily lives,and at the same time bringing huge security risks to people's lives.Important information about people can be potentially jeopardized by hackers,viruses or malware,which can seriously threaten the security of personal information and property.In order to protect people's information and property security,try to avoid illegal intrusion attacks causing various harm to people's information.More and more researchers are working on cybersecurity systems research.So far,the most popular and widely used network security system is IDS(Network Intrusion Detection System),which has achieved good results in preventing,blocking attacks and illegal intrusion.The system is based on existing Set a security policy by detecting the required software installation,purifying the computer's working environment,and detecting the external network environment.To protect your computer,try your best to discover and destroy them before they are attacked and intruded to ensure the security of your computer system.There are still many security flaws in the IDS system.The research objectives of this paper are twofold: 1 to improve the accuracy of network intrusion detection;2 to reduce the false positive rate of network intrusion detection.In order to achieve these two goals,the advanced technology in deep learning is used in the field of network intrusion detection,and an optimization model combining convolutional neural network and bidirectional long-term and short-term memory network is designed for network intrusion detection system.In addition,in order to improve the detection performance of the convolutional neural network in the model,the attention mechanism in deep learning needs to be applied to the model.By using the advantages of convolutional neural network in deep learning to extract local features,and integrating the two-way long-term and short-term memory network with memory ability on the basis of the network,the intrusion behavior is better detected,and a feasible method for intrusion detection is proposed.The experimental results show that the network model combined with the convolutional neural network and the two-way long-term and short-term memory network can detect the network intrusion behavior,which provides a better idea for the network intrusion field.Secondly,the advantages of convolutional neural network algorithm and two-way long-term and short-term memory network in processing data and their respective defects are analyzed respectively: the problem of incomplete feature extraction and long-distance dependence of network data traffic nodes,and the problem of low classification accuracy Detect high false positives.An intrusion detection method combining convolutional neural network and bidirectional long-term memory network is proposed,and the attention mechanism is introduced.The method firstly preprocesses the KDDcup99 data set to make the data meet the input format requirements of the convolutional neural network model.Secondly,it uses the convolutional neural network to extract the local features and parallel features.Then the long-distance memory is used for long distances.Dependent feature extraction;then use the attention mechanism to calculate the importance of each feature;finally input to the softmax classifier to obtain the classification results.In order to test the performance of the model designed in this paper and other classical models,comparative experiments were performed in the same experimental environment using the recognized KDD CUP99 data set.In addition,the experiment also selected the input dimension,the convolution kernel size and the number of memory modules in the bidirectional long-term and short-term memory algorithm,so as to train the best experimental parameters and compare them with other methods.By comparing the detection rate and false positive rate of five types in KDD CUP99,according to the analysis and comparison experiment results,the model not only has faster convergence rate than the CNN and LSTM models,but also the average false detection rate is reduced by 1.5%.The rate is increased by an average of 1%.Therefore,the network intrusion detection method proposed in this paper provides a better idea for the field of network intrusion detection systems.