Intrusion Detection Scheme Based On Improved Sampling Algorithm And Support Vector Data Description

Due to the continuous development of the Internet and computer network technology,network traffic analysis for detecting unauthorized access,misbehavior and abnormal attacks has received increasing attention from relevant researchers.Therefore,it is particularly important to study the intrusion detection system(IDS),which is the second advanced defense of network security after the firewall.With the in-depth study of network traffic and intrusion detection algorithms,related researchers have found that the single-class algorithm performs better than multi-class algorithms in detecting unknown attacks on the network,and it can handle network data imbalances.Therefore,IDS based on single-class algorithms has become a hot topic now.Among them,support vector data description(SVDD)has become one of the mainstream single classification algorithms with the advantages of accurate description of data sample space,simple classification and high accuracy.By analyzing and researching the current status of intrusion detection,this paper finds and summarizes two problems that still exist in current intrusion detection research,and proposes corresponding intrusion detection schemes.Therefore,the main research work of this paper includes:(1)Two problems are found in the current intrusion detection scheme.1)In the training detection classifier phase,the existing intrusion detection scheme based SVDD does not consider the addition of benign outliers,which reduces the accuracy of the classifier;and in the detection data phase,the existing SVDD detection classifier only makes judgments based on distance.This will cause the overall false positive rate of the detection classifier to increase.2)Some network attacks can effectively carry out network attacks without sending multiple attack packets,so their implementation will generally not cause sudden changes in network traffic,which will cause serious imbalances in the network training data set.In dealing with network data imbalance,existing intrusion detection schemes often ignore the mis-segmentation cost of a small number of attack categories and normal data categories,and thus cannot accurately detect data located at the intersection of the two types.(2)Aiming at the defects of the existing intrusion detection scheme based SVDD,we designed an improved SVDD intrusion detection scheme based on benign outliers.In the training detection model phase,in order to consider the addition of benign outliers,first train the SVDD detection model with normal data,and generate a self-detector for each benign outlier according to the obtained SVDD penalty parameters,avoiding reducing the SVDD classifies the accuracy of the data located in the "rejection area" after adding benign outliers.,strengthens the detection of data that is approximately equal to or equal to benign outliers in the data to be detected,and improves the accuracy of the overall detection model.At the detection stage,the existing intrusion detection model based SVDD is impossible to accurately detect the data problem in the "rejection area" based on the judgment based on distance.We improved the decision function of SVDD and designed a weighted decision function based on the combination of distance and density to strengthen Detection capability about the data in the "rejection area",thereby reducing the false alarm rate of the detection system.The experimental part verifies the effectiveness of the proposed scheme from the aspects of accuracy,detection rate and false alarm rate.(3)Aiming at the problem of network data imbalance and the fact that the current scheme does not consider the mis-segmentation cost of a small number of attack categories and normal data categories,and therefore cannot accurately detect data problems located at the intersection of the two types,an intrusion detection scheme based on an improved sampling algorithm is proposed.In the data processing stage,an improved K-means data compression and SMOTE oversampling algorithm was proposed to solve the problem of network data imbalance.First use the improved K-means to perform data compression on the Normal and Dos data categories on the KDDCUP99 dataset;use improved SMOTE to globally oversample U2 R and R2 L attack data to achieve a relative balance with the normal dataset,and then based on cost sensitivity Learning ideas to find suitable boundary data for local oversampling,thereby solving the problem of data imbalance.Finally,under the premise of considering the cost of U2 R,R2L and Normal mis-classification in data processing,in order to effectively detect U2 R and R2 L and ensure the overall detection performance,a multi-level hybrid SVM and improved SVDD detection model is proposed.The corresponding experiments on the network intrusion detection benchmark data set KDDCUP99 show that the scheme has the advantages of higher accuracy and lower false alarm rate.