Research On Detection Technology Of Network Intrusion Behavior Based On Time Series Features

At present,most security organizations have conducted monthly security audits on the Internet in accordance with national security technology standards and confidentiality identification requirements.The role of information system auditing and financial auditing are very similar.Both are important means of finding problems,plugging loopholes,detecting cases,and deterring wrongdoing.Information auditing is an important means to ensure the visualization of the security and confidentiality of the entire industry and to promote the regulation and direction of supervision.However,the current network security and confidentiality audit work cannot effectively discover illegal operations,security events,abnormal events,especially leaks or hidden dangers.The main reasons are: first,the abnormal behavior of the network is hidden in massive data,which is not easy to find by manual review;second,the lack of the network The calculation model of security abnormal events cannot be automated detection.Third,the existing security operation center,network and host audit tools cannot cover the entire network of equipment and applications,and it is impossible to realize the correlation analysis of security events.This paper researches and summarizes the current network-oriented intrusion detection algorithms and network models,and studies the oversampling technology of a small number of classification use cases in order to solve the problem of uneven distribution of various samples in the data set.Taking advantage of the characteristics of network intrusion behaviors with time sequence characteristics,GRU memory technology was introduced into RNN network,and a network intrusion detection model based on coexistence of memory and time sequence was proposed-GRU-RNN model.The main body of the model is divided into two parts.The first part analyzes the traditional oversampling algorithm-SMOTE algorithm,and based on the classification boundary fuzzy problem caused by the oversampling of the SMOTE algorithm,a new oversampling algorithm-EE-SMOTE algorithm is proposed.The problem of blurred boundary of a few classified samples is solved,making the boundary of the oversampled dataset more clear.The second part analyzes the timing of attacks and the feasibility of applying GRU to intrusion detection in RNN networks,and proposes a GRU-RNN network model,which has better support for detecting attacks with timing characteristics.When the network model is constructed,the optimal loss function,classification function,and optimization function are analyzed and selected,so that the model's convergence is further enhanced.At the same time,the EE-SMOTE and GRU-RNN models are combined to propose an imbalanced learning intrusion detection algorithm based on time series.At the end of this article,the intrusion detection algorithm is applied to the KDD data set for testing and verification,focusing on the analysis of the algorithm's convergence and detection accuracy.The results show that compared with other imbalanced learning methods,this algorithm has a better recognition rate.Compared with other deep learning network algorithms,the training set required by this model is greatly reduced,that is,the convergence of the algorithm is better than other deep learning network algorithms,and it has better application advantages in network security protection and auditing.