Research On Network Intrusion Detection System Based On LightGBM

A network intrusion detection system using machine learning algorithms can achieve good detection performance.With the increasing amount of data,the detection speed of network intrusion detection systems gets lower,so does the accuracy.In order to improve the overall performance and detection speed of the network intrusion detection system,this paper designs a Light GBM network intrusion detection system framework based on ADASYN data balancing and PCA feature dimensionality reduction.The main work of the paper is as follows.A framework for a universal network intrusion detection system is designed.The framework is divided into six layers: data layer,feature layer,feature building layer,data preprocessing layer,model training layer and strategy B layer.In order to improve the overall performance and detection speed of the system,a network intrusion detection system based on the light GBM model was designed and validated by experimental comparison on the KDD CUP 99,NSL-KDD and UNSW-NB data sets.The result shows that the overall performance of the network intrusion detection system based on the Light GBM model is better than other models.Among them,the accuracy on the KDD CUP99 training dataset is 99.99%,and the accuracy on the KDD CUP99 test dataset is 92.78%.On the other hand,the model training time is 74 s,and the detection time is 39 s.The detection speed is roughly 3 times faster than other models.The large amount of redundant data in the data set reduces the accuracy and detection time of the system,so feature dimensionality reduction techniques are needed to remove redundant feature data.Therefore,the Light GBM network intrusion detection system is designed based on the general network intrusion detection system framework and PCA feature dimension reduction.Through the experimental comparison and verification on the KDD CUP 99,NSL-KDD and UNSW-NB15 data sets,it is proved that the Light GBM network intrusion detection system based on PCA feature dimension reduction technique improves the overall performance of the system.Compared with other traditional feature dimensionality reduction technologies,PCA feature dimensionality reduction brings higher benefits,and can double the training time and detection time.There are imbalances in a large number of data sets,which leads the trained model to identify most types of data,while the accuracy of minority data is very low.Therefore,the Light GBM network intrusion detection system based on the generic network intrusion detection system framework is designed with adaptive integrated sampling ADASYN.By applying data equalization techniques to network intrusion detection and comparing experiments on KDD CUP 99,NSL-KDD and UNSW-NB datasets,the result shows that the Light GBM network intrusion detection system based on ADASYN data equalization gets higher overall performance against other data equalization techniques and effectively improves the accuracy of a small class of samples.