Research On Network Intrusion Detection Based On Ensemble Learning

The vigorous development of network not only facilitates people's life,but also brings many security problems:from invading personal computer to pry personal privacy,disclosing personal information,to attacking enterprise network service system,causing system paralysis,endangering social and economic activities.Therefore,it is urgent to adopt effective network security defense means to adapt to the increasingly rampant hacker technology today.In recent years,with the improvement of computing power,machine learning has been fully developed in the field of network intrusion detection Compared with the traditional network security defense technology,it has the advantages of intelligence and flexibility,especially the ensemble learning,which solves the lack of generalization ability of a single algorithm.This article includes(1)This paper expounds the research background and significance of network intrusion detection,analyzes the current situation of network development and the research status of network intrusion detection at home and abroad(2)The basic network intrusion detection methods and basic machine learning knowledge are summarized(3)Aiming at the problem of imbalanced data classification in network intrusion detection application scenarios,KIBSMOTE algorithm is proposed to solve the problem of low detection rate on minority samples such as U2R and R2L type data.By synthesizing minority samples artificially,the decision boundary of minority samples is enhanced,and the number of positive and negative classes is balanced by undersampling majority samples in K-means cluster.The comparative experiment is taken into account and the corresponding index analysis is carried out(4)Aiming at the problem of low detection rate and high false alarm rate of single machine learning algorithm,this paper proposes a network intrusion detection framework based on ensemble learning,which trains multiple learners,fully learns the sample information of data set,combines multiple learners through effective methods,and designs the experiment and the research comparison in the same fieldThe innovation of this paper lies in:(1)KIBSMOTE algorithm is proposed.This algorithm uses oversampling and undersampling technology to obtain the balanced data set,improves SMOTE algorithm,and integrates K-Means algorithm:first,it uses the boundary minority samples and their adjacent samples to synthesize the minority samples artificially,increases the number of boundary minority samples,improves the method of SMOTE algorithm to synthesize the minority samples,so that the synthesized minority samples evenly distributed.In addition,K-Means algorithm is used to undersampling majority samples in the cluster,so that the samples in the sparse area can also be sampled.Experiments show that KIBSMOTE algorithm can effectively improve the detection rate on U2R and R2L(2)A new ensemble learning framework for network intrusion detection is proposed Firstly,the framework adopts the training method of boosting for basic learners,which is initialized to give the same sampling weight to training samples.According to whether the classification of learner is correct or not,the sampling weight of the sample is reduced or increased.the voting weight of the learner is set according to the error of each learner Secondly,the framework will give each type a detection module,each detection module corresponding to a two-classification problem,and in R2L,U2R detection module using KIBSMOTE algorithm.Experiments show that the ensemble learning framework of network intrusion detection has better effect than single classifier.