Research On Intrusion Detection Technology Based On Evolutionary Computation And Deep Learning

The rapid development of Internet technology has brought convenience to people's production and lifestyle,and it has also increased the security threats and security risks of the network.Intrusion detection technology is an effective network security protection method.It uses machine learning and evolutionary calculation methods to analyze and process system log data or information obtained from the network to discover the network behavior of the monitored entity that violates security.This facilitates effective protection of the network or computer.This paper relies on the national key research and development project “Research on Management and Control Technology for Network Public Service and XX”(2017YFB0803201).In view of the network security problem in the current complex network environment,the intrusion detection technology is used to protect the network.This paper studies three aspects that affect the performance of the Intrusion Detection System(IDS).Firstly,the intrusion detection has high dimensional feature data which greatly affects the speed at which IDS identifies abnormal traffic.Secondly,the accuracy of IDS for detecting abnormal traffic is low under massive network data.Lastly,there are a large number of false positives in the intrusion detection alarm data.Thus,the deep belief network model in deep learning and some typical methods of evolutionary computation are applied to intrusion detection,aiming to improve the performance and efficiency of IDS to identify network anomaly data.Specifically,the main research results of this paper are as follows:1.Focused on the problem of high data feature dimension in intrusion detection,we propose a feature selection method based on improved particle swarm combined tabu search(IPSO-TS).The genetic algorithm is used to improve the search mechanism of particle swarm optimization algorithm,which is beneficial to increase the search mode of particle swarm optimization and obtain the initial optimal solution of feature selection.The domain function of tabu search is designed based on double random position transform,and the global optimal solution of feature subset is obtained by performing a tabu search on the initial optimal solution.The experimental results based on the KDD CUP 99 dataset show that compared with Particle Swarm Optimization(PSO),genetic operator optimization PSO(CMPSO)and PSO union Tabu Algorithm,IPSO-TS reduces features by at least 29.2%,shortens the average detection time by at least 15%,and improves the average classification accuracy by at least 2.96%.2.For the problem of low classification accuracy of intrusion detection under massive network data,we design an evaluation standard combining intrusion detection performance index and Deep Belief Network(DBN)model structure.Based on this standard,we propose DBN classification model construction and optimization algorithm for intrusion detection.Firstly,we design a PSO algorithm based on adaptive inertia weight and learning factor.Secondly,the PSO algorithm is optimized by clustering behavior and foraging behavior of fish swarm to find the initial optimal solution.Then,based on the initial optimal solution,the sliding window optimization PSO algorithm is used to search the global optimal solution.The experimental results show that compared with other DBN classification model optimization algorithms,the proposed optimization algorithm shortens the average detection time by at least 7.5%,increases the average classification accuracy by at least 0.93% and reduces the average false positive rate by at least 0.23% on the premise of increasing the average training time by up to 5.0%,which proves that it is an efficient and feasible intrusion detection model optimization algorithm.3.Aiming at the problem of a large number of false positives in intrusion detection,we propose an improved PSO algorithm based on DBN-based false positives elimination model.The PSO search method is improved by gradient descent method.The fitness evaluation standard combining the false alarm elimination index and the DBN network structure is used in the intrusion detection to improve the performance of the intrusion detection system.The experimental results show that the elimination rate of the algorithm is 16.78% and 11.61% higher than the improved fuzzy C-means(FCM)and improved K-means(K-means)algorithms respectively.The error elimination rate is 6.475% and 3.142% lower than the improved FCM and the improved K-means algorithm respectively,which proves that it has good false positive elimination effect.