Research On The Application Of Machine Learning In Intrusion Detection Technology

The rapid growth of the Internet has had a significant impact on people's daily study,work and life,especially the boom of the mobile Internet,which greatly increased the consumption of Internet data traffic.Behind the prosperity of the online world,there are also threats and risks that cannot be underestimated and ignored,such as cyber-attacks and privacy leaks.Therefore,it is particularly important to use intrusion detection systems to provide early warning of risky behaviors.Traditional intrusion detection system(such as expert systems)are difficult to effectively detect new types of network traffic.Therefore,the field of intrusion detection urgently needs more intelligent technology to deal with the current problems.The machine learning algorithm can abstract the problem of network attack detection into the problem of network traffic data classification.It uses the known network traffic data to model machine learning algorithms and classify the unknown traffic,to achieve the purpose of identifying network attack behaviors,thus making the research and application of intelligent intrusion detection models possible.Based on the UNSW-NB15 data set,this paper proposes hybrid machine learning models for the binaryclassification and multi-classification tasks of network intrusion detection.For the binary-classification problem of intrusion detection,this paper focuses on improving the final performance of the model through data equalization technology.Therefore,the research proposed a hybrid intrusion detection method based on the ADASYN(Adaptive Synthetic)algorithm and the decision tree algorithm.The method uses the ADASYN algorithm to oversample the minority samples in the training data and apply the sampled data to the decision tree.During the modeling process of the algorithm,the optimization of the model is realized through the decision tree pruning operation.The training,verification and testing of the experiment were completed based on the UNSW-NB15 data set.After comparative analysis with K-nearest neighbors,logistic regression,support vector machines,Ada Boost,random forests,decision trees,and some other deep learning methods,the results show that the algorithm proposed in this paper has better performance in intrusion detection binary classification tasks.For the intrusion detection multi-classification,the purpose is to achieve accurate classification of multiple attack behaviors.This paper proposes an intrusion detection method based on a hierarchical structure,which divides the detection of network attacks into multiple layers,and each layer detects one or more attacks.In view of the problem of sample imbalance among multiple network attack types,ADASYN oversampling is performed on the train data at each layer.Simultaneously,to cut down the time consumption caused by the hierarchical structure,the experiment implemented feature selection technology for the samples of each attack types,thus improving the detection accuracy and detection efficiency of network attacks.