Research On Network Intrusion Detection Technology Based On Machine Learning

After decades of development,the Internet has penetrated into all fields of society.Along with it are all kinds of cyber intrusions,which happen almost every day.As a branch of computer security,intrusion detection aims at automatically and effectively detecting the intrusion traffic in the network and timely warning.Network intrusion detection based on machine learning is to model the problem of network intrusion detection into a classification problem for network traffic,so as to use some machine learning methods to train the classification model,make classification prediction,and then identify the intrusion traffic.The training of machine learning first needs to learn the features of the network flow,but the network flow has many dimensional features.Using too many features will not only affect the learning efficiency,but also may cause dimensional disaster and seriously affect the effect of training the classifier.Therefore,this paper proposes a feature selection method called CFS-BSFLA,which uses the measure based on feature correlation to evaluate the feature subset,and uses the improved shuffled frog leaping algorithm to search,so as to screen out a better feature subset.By the simulation on the dataset called CIC-IDS 2017,the feature subset filtered out is used in the common machine learning classification algorithms such as naive bayes,decision tree,KNN and random forest.CFS-BSFLA is compared with other commonly used feature selection algorithms,such as information gain and information gain rate,and the result show that the method has good effect in decision tree,random forest,and KNN.Because most of the network flow is normal flow and only a small part is intrusion traffic,data imbalance is a serious problem in network intrusion detection.In order to solve this problem,this paper proposes a dual boundary based sampling method,combining with clustering analysis and the analysis of category boundaries.Finally,simulation verification was carried out on the CIC-IDS 2017 dataset and compared with the random sampling method to verify the effectiveness of the sampling algorithm.