An Intrusion Detection Method Based On Deep Learning

The rapid development of computer networks not only facilitates people's work,study and life,but also becomes one of the important characters of the era of artificial intelligence.This is because the realization of the world's interconnection has long been a dream of people,and people are trying to achieve this dream.However,due to the inherent defects of computer systems,security issues are constantly emerging.Various security vulnerabilities,viruses,and illegal intrusions against computer systems have caused more or less damage.The arrival of the era of big data will increase the possibility of computer system intrusion,and the intrusion methods are also extremely diverse,which increases the difficulty of protecting computer systems.Introducing machine learning methods into the field of intrusion detection is an ongoing topic of innovation.In recent years,with the popularity of deep learning,not only artificial intelligence has been pushed to the climax,but also the intrusion detection method based on machine learning has been expanded.Compared with the traditional shallow learning method,the most important character of feature extraction using the deep learning method is that it does not need to manually select features,which is both an advantage and a disadvantage.The advantage is that the deep learning can automatically extract features,but the potential disadvantage is that the feature extraction mode of the deep learning method is similar to a "black box",and it is difficult for people to understand the structure.Therefore,complementing the deep learning method with the traditional shallow learning method in feature extraction can help improve the classification performance of the classifier.The finished work of this thesis are as follows:Firstly,A piecewise kernel function P-RBF is proposed.The kernel function is still based on the RBF kernel,but the piecewise transformation is performed according to whether the deviation in the sample of the feature is zero: when the deviation in the sample of the feature is not zero,the feature embedding the mean and the deviation are normalized,and such a transform is performed;when the deviation of the feature is zero,the feature is directly valued to 0 to make the character converge.In the intrusion detection method based on support vector machine,the P-RBF kernel and the RBF kernel are selected,and their detection rate,accuracy and false positive rate are compared.Experiments show that the piecewise kernel function is selected in the intrusion detection method based on support vector machine,which can help to overcome the excessive difference of feature values through piecewise transformation,and can improve the accuracy,detection rate and false positive rate.Secondly,based on the SVM-based intrusion detection method,stacked autoencoder(SAE)is introduced as the feature extractor,and the feasibility of the SAE-SVM method is explored.In the SAE-SVM method,two different kernel functions,the piecewise kernel function P-RBF and RBF,are still selected.Experiments show that for the SAE-SVM method,although SAE is used as the feature extractor to improve the detection performance by dimension reduction,the piecewise transformation mechanism of the piecewise kernel function also reduces the magnitude difference interior of the features and between features.The SAE-SVM-P-RBF method works best in the SAE-SVM method.Lastly,in order to explore the feasibility of the hybrid feature extraction method,the random forest(RF)is used to sort the 41 original features by importance and remove the feature with the lowest importance.Considering that the piecewise kernel function P-RBF has good effect in the SAE-SVM classification method,the features of the preliminary processing are extracted by stacked autoencoder and classified by support vector machine,and the piecewise kernel function P-RBF is selected in the support vector machine.Experiments show that after removing the least important features,the hybrid classification method RF-SAE-SVM-P-RBF can reach the best accuracy,detection rate and lowest false positive rate compared to four methods above.