Research On Intrusion Detection Technology Based On Convolutional Neural Network And SMOTE-Tomek

With the advent of the era of big data and the vigorous development of new network technology,the problem of network security has become increasingly serious.As a realtime monitoring system of network traffic transmission,intrusion detection system can identify abnormal traffic by analyzing the characteristics of network connection data,so as to protect the network environment from attack and intrusion.Traditional intrusion detection methods usually use rule matching to detect intrusion behavior,which can not effectively extract the feature information in data flow,and can not meet the needs of today's network environment in generalization ability,false alarm rate and detection efficiency.So it has important research value to introduce new technology into the field of intrusion detection.In recent years,with the rise of deep learning technology,it has been widely used in various fields.With its own advantages,it has made remarkable achievements in image processing,speech recognition and natural language processing.Convolutional neural network is one of the representative algorithms of deep learning.It can learn independently and extract data feature information effectively by using multi-layer neural network structure.Applying it to intrusion detection can improve the data feature analysis and generalization ability of the system.Therefore,this thesis proposes an intrusion detection model based on convolutional neural network,the specific work is as follows:First,according to the dimensional characteristics of data sets,using onedimensional convolution neural network structure,a convolution neural network model with two one-dimensional convolution layers and one-dimensional maximum pooling layer as the unit module is proposed.By using the Batch Normalization layer and Dropout layer,the convergence speed and anti over fitting ability of the model are accelerated.Then,aiming at the problem of sample imbalance,based on the SMOTE-Tomek method,the sample data is equalized by the way of combination sampling,and then the model is constructed by combining with convolutional neural network,so as to improve the two classification effect of the model and the detection ability of the class with less sample amount under multi classification,and increase the robustness of the model.Finally,aiming at the efficiency of the model in training and detection,this thesis introduces the wrapped recursive feature addition algorithm,uses the feature recursive addition algorithm based on greedy search strategy,combined with the convolution neural network model in this thesis,and finally selects the feature subset that makes the best model detection effect.Using feature subset and convolution neural network to model the data of network connection,the model can improve the efficiency of detection and reduce the consumption of computing resources on the premise of maintaining the detection effect as much as possible.In this thesis,UNSW-NB15 data set is used to verify the effect of the model on the two classification problem.The performance of intrusion detection model is analyzed by several evaluation indexes,including accuracy,detection rate and false alarm rate.The experimental results show that the intrusion detection model proposed in this thesis achieves 92.30% accuracy in the two classification,and the false alarm rate and the false negative rate are 13.32% and 3.12% respectively,which are better than other algorithms.At the same time,the multi classification verification model improves the detection ability for the categories with less samples.Finally,after optimizing the feature set,when the accuracy of the model is only reduced by 1.21%,the training time of the model is reduced by 89.06%,and the detection time is reduced by 16.89%,which greatly improves the detection efficiency of the model.