| Today's Internet is being presented to us in a ubiquitous trend,and hackers use the ubiquitous connection of the Internet to launch cyber attacks,so intrusion detection plays an increasingly important role in contemporary Internet security.The traditional intrusion detection algorithm prevents the intrusion by establishing a detection rule base.This involves not only the rule base management problem but also a large amount of manual participation,which leads to problems such as low accuracy.The emergence of machine learning provides new ideas for solving intrusion detection problems.However,there are still two problems in machine learning algorithms.One is the identification of small samples in the case of uneven distribution of sample categories,and the other is how to identify new attacks that do not appear in training samples.In view of these two points,this thesis mainly does the following works:(1)A small sample intrusion detection algorithm based on data enhancement technology and convolution residual neural network is studied and implemented.The method comprehensively considers the advantages of each machine learning algorithm.On the basis of fully learning the distinctive distinguishing features of the convolutional neural network,the improved data enhancement technique is used to balance the proportions of each category in the sample and the residual network is used to solve the problems of network degradation and gradient disappearance when the number of layers of convolutional neural network increases.By comparing the intrusion detection algorithms similar to the evaluation criteria in this thesis,the algorithm used in this thesis improves the recognition rate of small samples in unbalanced samples.(2)An unknown attack detection algorithm based on zero-shot learning is proposed and implemented.A key point of zero-shot learning is to obtain the high-dimensional semantic features of the sample.This thesis uses word2 vec to transform the collected semantic description of these attacks into vectors to replace the high-dimensional semantic features of the samples.Then,the mapping relationship between attacking original features and attacking high-dimensional semantic features is generated by using the automatic encoder in deep learning.Finally,the feasibility of zero-shot learning in the field of unknown attack detection is verified by experiments.Based on the above two algorithms,this thesis designs and implements the intrusion detection system.The system fully considers the real network environment.Firstly,the data packet is captured by the acquisition script.Then,it analyses whether there is intrusion in data packets through pretreatment module and attack recognition module.Finally,it visualizes the results of system analysis through visual interface.The system can not only monitor the security status of the server in real time,but also detect whether there is a threat in the data packets uploaded by users. |
PDF Full Text Request