Intrusion Detection Technology Based On Feature Selection And Incremental Random Forest

The intrusion detection system can better protect network assets against the traditional network environment.However,with the emergence of emerging technologies such as DevOps,containers,and platforms,the topology in the network space is more complicated,business traffic is more onerous,and network service iterations are more frequent.Facing this new situation in cyberspace,several problems implicit in the traditional intrusion detection model are exposed.(1)The concurrency caused by big data environment and cloud environment is high,there are many types of protocols,many network attributes,and large amount of data.The traditional intrusion detection model is difficult to make full use of existing data resources to detect network threats;(2)The network environment change brought about by the DevOps delivery model changes due to the environment of the intrusion detection system.In the face of the rapidly changing network environment,how to ensure that the intrusion detection system can quickly adapt to the new environment and respond to the emerging network Threaten(3)There are contradictory differences in the number of attack behaviors relative to the normal behavior of users.How to train a classifier to detect intrusion behaviors when the difference between positive and negative samples is different.In order to realize an efficient and accurate intrusion detection system,this study carried out the following work:(1)Aiming at the problem of multiple network data attributes,the positive and negative samples and the difference between the old and new samples,a feature extraction method based on fusion features is proposed,which replaces the features extracted from multiple sizes,the features extracted from the flow path,and The original traffic attributes,these high-dimensional features,are merged into new features of low latitude expansion,which improves the adaptability of the intrusion detection system to imbalance problems from the data scale;(2)Aiming at the problem of overfitting in the classifier in intrusion detection,an improved forest-based intrusion detection method is proposed.The network traffic is constructed as a graph structure,and the NetClus clustering algorithm is used to cluster the graph structure.,Get clusters with similar behavior,and then train each cluster separately to get a high accuracy judgment result;(3)Based on the CIC IDS 2018 dataset,the effectiveness of the method proposed here is verified.