Research On The Timeliness And Multi-class Classification Performance Of Network Intrusion Detection Based On Machine Learning

The rapid development and penetration of network has brought a lot of convenience to people's life.At the same time network security incidents occur frequently,which poses a great challenge to the network security technologies.However,traditional technologies such as firewall,encryption and authentication are commonly regarded as static and passive defense.They are not sufficient to secure the operation of networks or systems.In order to make up for the shortage of these traditional technologies,intrusion detection system emerges at the right moment.It helps the system to deal with the intrusive behaviors through active defense and improves the integrity of information security infrastructure.In recent studies of intrusion detection,machine learning algorithms have been adopted due to their advantages of reducing the dependence on human experts and being good at learning hidden rules from traffic data.And machine learning algorithms have opened up a new research direction for intrusion detection.In this study we intend to expand the application range of machine learning algorithms,so as to further optimize the timeliness,effectiveness and reliability of network intrusion detection.The main research work in this dissertation is as follows.Firstly,we aims to solve the problem that it is difficult for most of the existing network intrusion detection systems to timely analyze the mass traffic data produced by high-speed networks.We designed an intrusion detection system with high accuracy and low false alarm rate.Especially,it is capable of analyzing the large-scale traffic data in a short time.To achieve this goal,we proposed and applied two approaches.One approach is to reduce the time consumption of data preprocessing and decision-making phases of the intrusion detection cycle by taking advantage of the light gradient boosting machine(Light GBM).The other is make the intrusion detection cycles of traffic data arriving in different time windows work in parallel.The essence of the former approach is to locally consider reducing the time consumption of certain phases.The latter,however,is considered from the global perspective,which avoids the delay caused by waiting for the end of the previous intrusion detection cycle through parallelism.And we conducted offline experiments on three popular datasets to verify the satisfactory detection performance of the system.In addition,the near-real-time experiment is also carried out to further demonstrates the its real-time performance.Secondly,existing machine learning algorithms are prone to perform poorly in the multiclass intrusion detection task when the traffic data is imbalanced.Against this background,we proposed a multi-layer hybrid intrusion detection algorithm named KC-IDS.The main idea of KC-IDS is to decompose the multi-classification intrusion detection task into several binary classification tasks,in which multiple machine learning algorithms are utilized.In this way,the classification advantages of various machine learning algorithms are combined to enhance the performance of multi-classification intrusion detection.The basic machine learning algorithms used in this research work including K-Nearest Neighbor(KNN)and Categorical Boosting(Cat Boost).The experimental results compared with some existing researches verified the advantages of KC-IDS in multi-class intrusion detection task.