Research On Network Intrusion Detection Technology Base On Deep Leaening

The rapid development of the Internet has brought great convenience to the work of individuals,enterprises and governments,and it has become an extremely important part of people's lives and work.However,with the development of the Internet,the problem of network security has become increasingly serious,which has brought many threats to people's lives.Network intrusion detection can detect attack information in the network to reduce losses.As an active detection technology,network intrusion detection is an important part of maintaining network security.Network intrusion detection mainly analyzes traffic data generated by network users to discover attack traffic.Network intrusion detection based on traditional machine learning algorithms requires artificially constructed complex feature engineering,which has been unable to meet the current intrusion detection requirements in the big data environment.In this paper,deep learning is used to construct an algorithm model and the original information of the traffic data is used as the input of the algorithm model for network intrusion detection.The main work of this article are as follows:In order to solve the problem of low overall accuracy of network intrusion detection,this paper proposes a deep hierarchical network model,which cascaded the convolutional neural network and the Long Short-Term Memory network,and could extract the spatial and temporal features of traffic data at the same time to enhance the representation ability of traffic data.Overall accuracy in CICIDS2017 and CTU datasets can reach 99.8%and 98.8%,respectively.In order to solve the problem of unbalanced attack samples in network intrusion detection,a parallel cross network model is proposed in this paper.The upper and lower branches of the model adopt full convolutional neural network and convolutional neural network respectively and feature channel cascade to perform three feature fusion operations in the network.In addition,multiple evaluation metrics are used for each category of attack samples,and the evaluation of each category of attack refers to the introduction of corresponding high-level evaluation metrics to better evaluate the performance of the model.The high-level metric G-Mean on the CICIIDS2017 dataset can reach 99.6%.In order to solve the problem of detecting unknown attacks in network intrusion detection,this paper proposes an algorithm model based on metric learning to detect traffic samples of unknown attack categories.The model outputs a feature embedding vector to represent the distribution of traffic data of different categories,and uses triplet loss function and center loss function to optimize the output feature embedding vector,so that traffic data samples of the same category are closer and traffic data samples of different categories are farther apart.Distinguish between known and unknown attack traffic by setting distance thresholds.The accuracy of the unknown attack detection based on the CICIDS2017 dataset can reach 94.8%.