Research And Implementation Of Network Intrusion Detection Technology Based On Machine Learning

With the popularity of network applications,network security issues have followed? Network attacks have also evolved toward diversification,complexity,and distribution.The intrusion detection system is the second line of defense discover attacks.It can monitor events in the network in real time and is an active defense technology that compensates for the lack of firewalls.Recently,with the development of machine learning,the existing intrusion detection and processing has a more effective mechanism.In the face of large-scale network data,there are still problems such as low detection accuracy and high false positive rate,and low detection efficiency due to the defects and instability of the machine learning algorithm itself.It is of great theoretical significance and application value to study network intrusion detection technology based on machine learning.The main research works of this paper include:(1)This paper introduces the research background and research significance of network intrusion detection technology,reviews the research status at home and abroad,summarizes the theoretical knowledge related to intrusion detection and machine learning and the common intrusion detection technology,and analyzes the commonly used machine learning algorithms for intrusion detection.(2)In order to solve the problem that network data has a large number of redundant features,which leads to reduce the detection algorithm's efficiency and accuracy,studying the improved random forest(IRF)feature selection algorithm and the support vector machine(SVM)intrusion detection method.The two feature importance measures based on the OOB data classification correctness and the area under the curve replacement are used by the weight voting and adopting sequence backward search strategy to search for the optimal feature subset,which solves the redundancy problem of the data in the experiment.The simulation experiments were designed on the KDD CUP99 dataset,and the experimental results of the detection efficiency and detection accuracy were compared and analyzed.(3)In order to solve the problem that the existing intrusion detection algorithm is not adaptable and the detection accuracy is low,studying based on deep learning multi-model ensemble method.Using stacking technology to ensemble SVM,NB,KNN,DT the four classifiers,solving the ensemble learning technology of weight voting can only learn the linear relationship between classifiers,and overcoming the defects of single classification algorithm.The simulation experiment of five-layer neural network was designed and the experimental results were compared and analyzed.The innovations in this paper include the following:(1)An improved IRF-SVM intrusion detection method is proposed.By improving the random forest feature selection algorithm,the weight voting method is used to combine the two types of feature importance measure based on OOB data classification correctness and area under the curve replacement.Solving the problem of redundant features in network data.The experimental results show that the detection accuracy of Normal,DOS,Probe,R2 L and U2 R is 98.35%,98.72%,97.63%,93.64% and 96.85% on the KDD CUP99 dataset respectively,which is better than the classic SVM model of the detection accuracy.(2)An intrusion detection method based on deep learning multi-model ensemble is proposed.This method integrates four classifiers SVM,NB,KNN and DT through deep learning algorithm,which enhances the stability of the detection algorithm.The experimental results show that the detection accuracy of Normal,DOS,Probe,R2 L and U2 Rd is 99.76%,99.88%,99.42%,98,63% and 98.52%,which is significantly higher than the classification accuracy based on weight voting algorithm.