| With the rapid development of network technology and its applications,various network applications have sprung up,and the pattern characteristics of network traffic have become more and more complex.Traditional intrusion detection systems based on rule matching have been unable to effectively distinguish between normal traffic and attack traffic.The revival of machine learning has promoted the development of intrusion detection.Intrusion detection models based on deep learning can effectively extract complex traffic patterns.However,too many traffic features will reduce the training speed of the model,and as the attack methods become more concealed,people are finding a model with higher detection accuracy.This thesis introduces Deep Q-Network(DQN)to verify its effect on network intrusion detection,and hope to improve the detection accuracy and speed of network intrusion detection system.Since there are diverse types of feature selection algorithms,different algorithms have a greater impact on the training speed and detection result of the model.In order to select feature selection algorithms suitable for network intrusion detection scenarios,this thesis designs an evaluation scheme to analyze the impact of different feature selection algorithms on the intrusion detection model at two levels,i.e.,selection effect and time consumption.The scheme selects eight commonly used feature selection algorithms under different categories,such as chi-square test and mutual information,and evaluates and analyzes with the multi-layer perceptron model based on the KDD CUP99,NSL-KDD and Kyoto2006+ datasets.The experimental results show that the logistic regression recursive feature elimination algorithm based on L1 and L2 regular terms(LR_L1_L2)has better feature selection effect and lower time consumption.The DQN combines deep learning and reinforcement learning,and it has the ability to extract complex features and self-learning capabilities.This thesis proposes a DQN-based network intrusion detection model — LR_L1_L2_DQN.The model applies the LR_L1_L2 algorithm for feature selection,reducing the model training time while ensuring the detection accuracy and use DQN to realize the detection agent module for traffic detection which ensures the model’s ability to extract complex traffic features.The experimental results show that the detection rate and false alarm rate of the model on the NSL-KDD dataset reache 80.91% and6.83% respectively.Furthermore,its detection effect is better than that of convolutional neural networks,multilayer perceptron,random forest,na?ve bayes and some classic machine learning models and deep learning models.In general,through the comparative analysis of different feature selection algorithms,we can know more about the detection effect and performance of different feature selection algorithms in network intrusion detection,and provide a basis for following appropriate feature selection algorithms selection.In addition,the training speed of the model using the LR_L1_L2algorithm is increased by about 20% compared with the model without the pretreatment of feature selection,and it has higher detection accuracy on small sample dataset.Secondly,the LR_L1_L2_DQN model proposed in this thesis performs better than some classic machine learning models and deep learning models in detection accuracy and false alarm rate,which proves the feasibility and validity of deep reinforcement learning in the field of network intrusion detection. |
