Research On Fast Classification Technology For Network Intrusion Detection Based On Elm

With the rapid development of information technology,the security situation of cyberspace is becoming more and more complex,and the means of network intrusion are becoming more diversified,which brings great challenges to the network security environment.In recent years,machine learning-based intrusion detection technology is a hot topic of research.It can detect and identify abnormal network traffic and break the limitation of traditional feature-based knowledge base detection methods,but there are still some problems.On the one hand,the classifier models trained by these machine learning algorithms are too complicated,the training time is too long,and the time overhead is large;on the other hand,these methods are too low for a few types of attack samples to achieve fine-grained recognition detection.Aiming at the problems existing in the current network intrusion detection,this paper proposes a new fast classification detection method based on H-ELM for unbalanced data in network intrusion detection.Using the H-ELM algorithm which has fast learning classification characteristics and the CSMOTE algorithm which can better reduce the data imbalance,successfully solved: 1)the problem of low classification efficiency caused by complex classifier model and long training time 2)the problem of low classification efficiency caused by imbalance data.The main tasks completed are as follows:1)In terms of classifier training algorithm selection.This paper applies the H-ELM algorithm,which is an improved hierarchical structure based on ELM.The algorithm inherits the advantages of ELM and deep learning,with very fast learning speed and good generalization performance.In this paper,the algorithm is applied to network intrusion detection.The NSL-KDD data set is used for experiments.Compared with random forest,k-NN,ELM and other methods,the final H-ELM has an overall average detection rate of 72.72% and 2.04 s.The total time overhead proves the effectiveness and efficiency of the method,and can achieve the purpose of rapid classification detection.2)In terms of unbalanced data processing.Based on the original SMOTE method,this paper proposes the CSMOTE method based on the CSL technical idea.This method inherits the advantages of SMOTE,avoids the problem of overfitting by synthesizing a few samples,and at the same time filters and optimizes the newly synthesized data.Through experiments,the results show that the data processed by CSMOTE improves the detection rate of at least 20% in both U2 R and R2 L attacks.At the same time,the CSMOTE method proposed in this paper is better than the original SMOTE method in fine-grained detection and recognition.3)In terms of models for intrusion detection.This paper proposes an intrusion detection model based on H-ELM algorithm and CSMOTE technology for unbalanced data.It is successfully solved in the face of the fact that the traditional intrusion detection model faces the imbalance of network traffic data and the inefficiency of the general machine learning method.The problem of low classification efficiency and high time overhead caused by data imbalance in network intrusion detection leads to low classification efficiency.