Network Intrusion Detection Based On Deep Learning

Intrusion detection is one of the most important parts for cyber security to prevent computer systems from malicious attacks and being compromised.With the emergence of numerous sophisticated and new attacks in recent years,however,network intrusion detection techniques are facing several significant challenges.For example,traditional intrusion detection technologies still have high false negative rates and false alarm rates,and feature engineering-based machine learning algorithms would fail to work or inefficient facing the new types of attacks.In addition,deep learning techniques have shown extraordinary capabilities in various application fields.It is quite potential and promising to solve the problems existing in current network intrusion detection technologies and to apply deep learning methods in the large-scale and real-world network environments.The main work of this paper is as follows.(1)Due to the high cost of obtaining a large number of labeled network data and the problems existing in the hand-crafted features of network intrusion,this paper proposes an intrusion detection method based on session and stacked denoising autoencoders.First,aiming at the problem of intrusion detection benchmark datasets based on feature engineering,this paper proposes a data preprocessing approach based on session.This method extracts a small amount of information from the raw network packet header and selects the payload data of the network application layer of packets to construct the training samples based on the current attack characteristics.It has the advantages of simplicity and flexibility.Second,the stacked denoising autoencoders have a strong robustness to the lost data.This paper presents an intrusion detection method based on stacked denoising autoencoders.This method can automatically learn important hierarchical features from a large number of unlabeled raw network traffic to obtain high detection rates.Comparative experiments show that the method can achieve incredibly high performance to detect botnet network traffics.(2)Aiming at the problems of fully connected neural networks,this paper proposes an intrusion detection method based on the dilated convolutional autoencoders algorithm.The dilated convolutional autoencoders combine the advantages of unsupervised learning algorithms and convolution neural networks.Dilated convolution greatly improves the efficiency of training the neural network without increasing the cost of calculation and loss of information.The effectiveness of the dilated convolutional autoencoders is evaluated by two types of intrusion detection datasets.The results of Comparative experiments demonstrate that the method achieves considerably high performance.This paper studies the network intrusion detection method based on deep learning to solve many problems existing in the field of network intrusion.We find and solve the problems from the perspective of the practical application.We carry out our research from several aspects,including collection and analysis of raw network data traffics,the session-based data preprocessing approach,and the new deep learning algorithms.The remarkable experimental results prove the effectiveness of the proposed methods.This paper has great guiding significance and practical value for network intrusion detection systems in the large-scale and real network environment.