Research On Intrusion Detection Technology Based On Machine Learning In Cloud Environment

Today is an era of "Internet+",people are influenced by the Internet in many aspects such as learning,office and entertainment.And when people are more inseparable from the Internet,network security issues are more pervasive.Especially in the cloud computing environment with the characteristics of virtualization and boundlessness,hacker attacks,malicious data,disclosure,information tampering and other attacks are increasingly rampant,causing incalculable economic losses to enterprises and individuals.Network security has become the most prominent problem in today's network technology.However,the traditional security defense technology is mostly passive defense mechanism,which can not be monitored in real time,and can not meet the complex and changeable network environment,so the active intrusion detection technology has been widely concerned by the industry.With the rapid development of machine learning technology in recent years,the shortcomings of traditional intrusion detection technology,which has poor detection performance and low detection rate,are effectively solved when facing the massive data in the cloud environment.Therefore,machine learning method provides an excellent solution for the intrusion detection system in the cloud environment.Based on the requirements of intrusion detection in cloud environment and the framework of Intrusion Detection based on machine learning,this paper proposes a classification scheme of anomaly detection,which combines random forest with clustering algorithm,and simulates it on PyCharm platform,this scheme solves the problem of poor performance of K-means in Windows audit log of cloud host.The main research contents are as follows:(1)This paper studied the basic concept and classification of intrusion detection,general framework and detection process,and the model of intrusion detection in cloud computing environment.And also studied the framework of Intrusion Detection based on machine learning,the application of common machine learning methods such as data mining,decision tree,principal component analysis in intrusion detection,as well as the principle of clustering algorithm and the algorithm requirements in intrusion detection.(2)This paper focuses on the research and analysis of the algorithm principle and defects of the partitional clustering K-means and hierarchical clustering BRICH.At the same time,K-means algorithm which is based on the maximum and minimum distance selected to overcome the defects of traditional K-means due to the random selection of initial clustering center.Then,based on the feature modeling of real Windows audit log data,three intrusion detection solutions are proposed according to different data processing methods:maximum and minimum K-means classification scheme based on PCA,BIRCH classification scheme,and the maximum and minimum K-means classification scheme based on random forest designed in this paper.(3)Based on PyCharm platform,three intrusion detection schemes are simulated and evaluated from two aspects of classifier and clustering model.The experimental results show that the maximum and minimum K-means classification scheme of random forest has 93%accuracy rate of intrusion detection,96%recall rate of abnormal behavior,and fast detection speed,which meets the requirements of good scalability,insensitivity of input data and high-dimensional data processing ability of intrusion detection in cloud environment.