A Research Of Intrusion Detection Based On Image Processing Within The Framework Of Deep Learning

With the development of the internet,users are facing many network threats while enjoying convenient network services.As a proactive security defense technology,intrusion detection is widely used in the field of network security.It has become the main technique in intrusion detection research that using machine learning method for network anomaly traffic detection.However,the current high-dimensional network data has been exploded and swelled,especially most systems rely heavily on experience to extract effective features,has severely limited the performance of the intrusion detection system.So this problem is worth studying.In recent years,image classification technology based on deep learning has performed well in the extraction of image features,data dimensionality reduction,and image recognition.Image classification technology has also brought new opportunities for the research of intrusion detection technology.This thesis explores the combination of image classification and end-to-end learning,attempts to transform the original traffic into image,and constructs a suitable deep learning model to directly learn the spatial features or temporal features of the network data from the images,avoiding the loss of original feature information caused by human factors,and the overall performance of the system could also be improved,too.The main work and innovation of this thesis are as follows:First of all,this thesis proposes a new method for intercepting raw traffic.This method directly splits the data packets in the original traffic into quintuples into streams,and vectorizes the stream data to extract the first 1600 bytes of data containing rich feature information in the stream.Because the original traffic contains rich features that can be classified and identified,compared with feature engineering,the method in this thesis can retain more useful feature information.Subsequent experiments show that the way which the model learns features from the original traffic can reduce the overall calculation amount of the model and improve the classification performance of the model.Secondly,this thesis explores the combination of image processing and the above traffic interception method.After preprocessing the original traffic data,the traffic data is converted into grayscale images through image processing technology,so that the problem of abnormal traffic recognition is transformed into image classification problem.Thirdly,the thesis try to input the original traffic images into the three new models: MD-CNN(Maxpooling and Dropout Convolutional Neural Network),TLS-LSTM(Three-layer Stacked Long Short-term Memory)and CNN-LSTM.Among them,the MD-CNN model learns the spatial features of the original traffic by optimizing the convolutional neural network(CNN);The TLS-LSTM model learns the temporal features of the original traffic by constructing a deep long short-term memory(LSTM);the CNNLSTM model uses MD-CNN and TLS-LSTM are cascaded to the same layered network,making full use of the structured information of the original traffic to learn the spatial features and temporal features of the original traffic at the same time.Finally,this thesis conducts experiments on the new CICIDS2017 dataset.The experimental comparison with typical deep learning models and traditional machine learning models shows that the three models in this thesis have greatly improved classification performance,and the models can quickly converge.Among them,the classification accuracy of the MD-CNN model reaches 91.8%,the classification accuracy of the TLS-LSTM reaches 91.5%,and the classification accuracy of the CNN-LSTM model is as high as 93.9%,which proves that the hierarchical network has a better effect on the characteristics of the original traffic.In addition,the impact of data packets on model performance is explored,the feasibility of the traffic interception scheme is verified,and the end-to-end learning of the original data traffic is reasonable in this thesis.