| With the increasing improvement of network communication sensors and internet-related technologies in the era of the internet of Things,internet-based infrastructure services and applications are connected everywhere.Social network economic areas such as health care industry and science to produce huge amounts of data,combined with the disappearance of the network boundary and attack types of diversification,increase the risk of network intrusion.If there is no quick security infrastructure,based on the internet of things technology in the development of intelligent city will not be able to reliable operation.Network intrusion detection system(IDS)has become a monitoring network activity and detect intrusion important line of defense,to some extent,it can effectively detect and prevent complex attacks and threats,but the network intrusion detection system is still faced with many problems.The increasing data and attack types require us to develop more efficient intrusion detection model with high detection rate and low false positives rate.Problems such as large amount of data information,high dimension,serious imbalance of categories,and inconsistent distribution of training set and test set in feature space increase the computational complexity,time complexity,system learning complexity of intrusion detection system,and even occupy a large amounts of system resources,leading to alarm delay and other problems.These problems directly affect the performance of intrusion detection system,resulting in the system accuracy and detection rate is still very low,while the false alarm rate and missing alarm rate are very high,and it is difficult to detect new attacks in real time,need to constantly update the information of intrusion behavior.Aiming at the above problems,two network intrusion detection models are proposed in this paper.The main research contents are as follows:(1)An intrusion detection model based on Relief F and Borderline-SMOTE algorithm is proposed in this paper.In this model,first use the Relief F algorithm to select the characteristic that can better express the imbalance of data distribution,and then use the Borderline-SMOTE oversampling technique to oversample the minority class of the misclassified samples.The proposed two-level intrusion detection model contains two basic classifiers.Three different types of base classifiers,KNN C4.5 and NB,were combined in pairs.Experimental results show that the system can handle unbalanced network intrusion detection data sets well,and the detection accuracy of a few types of samples has been significantly improved.(2)A hierarchical network intrusion detection model based on core vector machine is proposed in this paper.The proposed model is composed of three classifiers.The first classifier and the second classifier classify the different features of the data set into normal category and attack category.The third classifier uses the output results of the first two classifiers and the characteristics of the initial data set as inputs.The model aims to correctly classify each attack and provide low false positives and high detection rates.Experimental results on NSL-KDD and UNSW-NB15 data sets show that the proposed model significantly improved the classification performance.Compared with traditional methods and recent models,the proposed model has competitive advantages in terms of accuracy,detection rate,false positive rate and time cost. |
PDF Full Text Request