Research On Intrusion Detection Of U2R And R2L Type Based On Log Data

It leads to an increase in the demand for data security that a large amount of important data is published on the internet.It is the key to data security that data should be prevented from being accessed illegally.Unauthorized access attacks are the main channel for illegal access.The way to detecting unauthorized access has aroused wide concern.The U2 R and R2 L types account for a relatively small proportion of the original network log data traffic because of their low frequency of occurrence.The detection accuracies of the U2 R and R2 L types are both relatively low under existing conditions.This thesis takes U2 R and R2 L intrusion types as detection targets and proposes a solution based on machine learning to improve the detection accuracy of the two intrusion types.It is the reason for a two-step detection model proposed in this solution that the network log has the characteristics of time series and the proportion of U2 R and R2 L types is relatively small.First,the solution increases the proportion of target data in the data set.Second,the model proposes an HMM-based detection algorithm to distinguish between U2 R and R2 L types.(1)Dealing with data imbalances.This thesis proposes a feature selection method based on the SCM integration strategy for feature selection.The data is subjected to an integrated learning detection algorithm based on the K-medoids algorithm and the DNN algorithm to eliminate most of the non-Target data.(2)U2R and R2 L type detection.This thesis selects features based on the feature selection method of the RCM integration strategy,and proposes two different detection algorithms: one is to classify the data using the SVM algorithm after HMM processing.The other is to integrate the Logistic Regression algorithm into the HMM to form an new algorithm to classify the data.These two algorithms are used to process the data respectively,and the results are integrated using integrated learning methods to improve detection accuracy.This thesis verifies the proposed solution using the public data set NSL-KDD.Although the overall accuracy of the solution proposed in this thesis is slightly lower than related research,the accuracy for U2 R and R2 L types is higher than that in related research.The experimental results proves the effectiveness of the proposed solution.