Research And Application Of Hybrid Intrusion Detection Method Under The Background Of High-speed Network

In recent years,with the rapid development of internet technology,it has greatly promoted the development of society in the economic,cultural and educational fields.However,as various social activities become more dependent on computer networks,Computer networks have become the main target of hacker attacks,and cybercrime is increasing.In this case,various kinds of network security technologies have emerged to maintain the safe operation of modern networks.Intrusion detection technology has become a hot topic in the field of network security because it can implement active network security protection measures and has the characteristics of monitoring network status in real time.Snort is a network intrusion detection system based on misuse detection technology,which can effectively protect computer systems from intrusion attacks.Because of its advantages of open source and modular architecture,it has been highly valued by researchers in the field of network security,there are a large number of experts and scholars to carry out research work on it.However,with the continuous improvement of network transmission bandwidth and the variety of network intrusion attacks,in the face of the new challenges,Snort has a high packet loss rate and cannot detect new types of network attacks,which poses a serious hidden danger to the security of computer systems.Based on the above background,the main research work done in this paper includes the following three aspects:(1)Aiming at the phenomenon of high packet loss rate in Snort during packet capture in high-speed network environment,the high-speed packet capture technology PF?RING has been used to optimize the packet capture module in Snort.The experimental results show that the optimized Snort packet capture module has greatly improved the detection efficiency compared to the previous module,which greatly reduces the occurrence of packet loss.(2)In view of the problem that Snort cannot detect new intrusion attacks,an anomaly intrusion detection method based on improved PSO and BP neural network is proposed.To reduce the impact of the high-dimensional training dataset on the detection effect of the classification model,a feature selection algorithm is designed by improving the particle updating formula and fitness function of particle swarm optimization algorithm.The BP neural network is used to construct a classification model to implement the anomaly detection function,by designing the BP neural network with different structures to determine the classification model with the best detection performance.Using the CICIDS2017 dataset to evaluate the detection effect of the proposed anomaly intrusion method,the experimental results show that the method can provide accurate detection results on the basis of lower detection time consumption.(3)Finally,based on the research of Snort and anomaly detection methods,a hybrid intrusion detection model is designed.The misuse detection module in this model is implemented by the optimized Snort,and the anomaly detection module is implemented by the BP neural network classification model constructed in the proposed anomaly intrusion detection method.The effectiveness of the hybrid intrusion detection model in a high-speed network environment is verified through experiments,the experimental results show that the hybrid intrusion detection model has good performance in highspeed network environments and has the ability to detect new types of attack behaviors.