Design And Implementation Of Intrusion Detection System Based On Deep Learning

With the rapid development of information technology,the network environment is also deteriorating rapidly,various forms of attacks emerge in endlessly,network security problems are increasingly prominent,strengthening the construction of network security defense is imperative.In order to solve all kinds of security problems,a lot of detection and defense methods are proposed,including firewall construction,network authentication mechanism,malicious code detection,intrusion detection and so on.As a kind of active defense,intrusion detection is an important means to discover potential network threats in time and formulate reasonable defense strategies.It is a common detection technology in network security,and plays an important role in network security.It is of great significance to strengthen the research on intrusion detection.Existing intrusion detection is based on feature matching and needs to extract features manually.With the advent of the era of big data,this kind of method can't play a good role in dealing with massive data.Therefore,more and more attention has been paid to the research of deep learning algorithm in the field of intrusion detection.It has the ad vantage of learning features from the original data and avoids manual extraction.However,in the process of model training,there are problems of slow training speed and difficult convergence,which may lead to low accuracy and high false alarm rate.And the existing data set has some problems such as data imbalance,which makes the existing intrusion detection methods not accurate when judging the categories with less data.To solve the above problems,this paper proposes a CNN-BiLSTM intrusion detection model based on convolutional neural network and bidirectional short-term memory network.In this model,the imbalance data set is oversampled,which reduces the data gap between data categories,improves the performance of intrusion detection model,improves the existing detection methods,and makes up for the shortcomings.The main work of this paper is as follows:1.The KDDCUP99 data set is analyzed and the data imbalance is found.The existing intrusion detection model has a great bias to most kinds of data,which will have a certain impact on the experimental results.This paper mainly deals with unbalanced data sets from two aspects.One is to use smote method to over sample data,so that the data distribution can reach a balance.The second is to use the optimized loss function to optimize the classifier at the algorithm level,so as to solve the problem of unreasonable data distribution,make the classifier pay more attention to the samples with higher cost of misclassification,and improve the detection performance of unbalanced intrusion data.2.In the field of intrusion detection,the research of using deep learning algorithm is more and more extensive.Compared with the traditional intrusion detection based on machine learning,the performance of deep learning based intrusion detection has been greatly improved.However,there are some shortcomings in the process of model training,such as slow training speed,difficult convergence,potential useful information easy to lose,no long-term dependence on information for learning,It may lead to low accuracy and high false alarm rate.In view of the above problems,this paper proposes a detection method which combines convolutional neural network and bidirectional short-term memory network.Firstly,the KDDCUP99 data set is preprocessed,including digitization,smote oversampling equalization and normalization to make it meet the input format requirements of the detection model;secondly,CNN is used to convolute the sample data to extract local features;then LSTM is used to learn the long-term dependency information from the front and back directions;finally,softmax is used to classify and focal is used in softmax layer Loss function optimizes the model.This method considers the temporal and spatial correlation of intrusion data,can mine the unknown features and internal dependence between data,improve the accuracy of network intrusion detection and reduce the false alarm rate.3.This paper studies and implements the proposed intrusion detection model,designs and implements the intrusion detection system based on the proposed intrusion detection model,and describes in detail the requirements analysis,overall architecture design,functional design and design and implementation of each module of the system.The experimental results show that the proposed CNN-BiLSTM intrusion detection model has a higher detection rate and a lower false positive rate,with an accuracy of94.27%and a value of93.77%compared with other existing models.