Study On Intrusion Detection Based On Deep Convolution Neural Network

Since the development of intrusion detection,many new technologies have emerged,but the traditional intrusion detection technology still has a lot of problems,such as low detection efficiency,high false positive rate,insufficient analysis ability,etc.,so it is still very important to continue to explore and improve the intrusion detection technology.In this paper,firstly,the status quo of network anomaly detection at home and abroad is deeply studied and analyzed,and the attack and principle of network traffic anomaly caused by the current mainstream are deeply analyzed.Then the mainstream traffic intrusion detection methods are deeply studied and compared,and their advantages and disadvantages are analyzed.Finally,an anomaly detection method based on the improved ISOMAP algorithm and the improved deep convolutional neural network is proposed.The key modules are studied as follows:In this paper,considering the characteristics of high dimension and large amount of intrusion detection data as well as the disadvantage of high time complexity of the original ISOMAP algorithm,the CL-ISOMAP algorithm is proposed by introducing the L-ISOMAP algorithm based on boundary points and replacing the Camberra distance with Euclidean distance.In order to reduce the noise caused by feature differences and improve the performance of SVM,an improved kernel function(M-RBF)was proposed.In order to solve the problem that the optimal parameters cannot be obtained when the SVM model is selected manually,GA algorithm is introduced to optimize the penalty factor C and the kernel parameters ?,? and ?.Experiments show that the model has good generalization ability and the improved feature dimension reduction algorithm has better dimension reduction effect.The improvement of ISOMAP algorithm in this stage also provides conditions for the next stage of classification detection.On the basis of improving ISOMAP algorithm,this paper proposes a lightweight network architecture to solve the problems of low efficiency and high false positive rate in intrusion detection field.Firstly,the standard convolution kernel of the 3×3part of the Expend layer is replaced with the improved deep separable deformation convolution.Then,the compression ratio and the strategy of layer by layer testing are introduced to finally determine the network model.The 3×3 convolution kernel of Expend layer is replaced by 1×3 and 3×1 deformation convolution to obtain Speed?v1,and all Expend layer is replaced by the improved depth separable deformation convolution to obtain Speed?v2.The experimental results show that,compared with the traditional CNN network architecture,Speed Net network architecture improves the detection efficiency and reduces the false alarm rate without reducing the accuracy.