Research On Network Intrusion Detection Technology Based On Ensemble Learning And Deep Learning

In recent years,as network throughput and security threats continue to increase,network security continues to receive widespread attention.Network intrusion detection detects any intrusion attempts and network attacks by monitoring and analyzing network traffic,and provides real-time network security protection for computers.It is a hot area of cyberspace security,and it is of great significance to study network intrusion detection technology.This paper proposes two network intrusion detection models based on the fusion of ensemble learning and deep learning.The main work is as follows:(1)Aiming at the inadequacy of the existing shallow-structured machine learning algorithms to process network traffic big data and the problem of low detection accuracy,a network intrusion detection model FS-CRF based on feature segmentation and cascaded random forest is proposed.Introduce multi-granularity scanning to extract features,use a sliding window to fine-grain the original features into many small fragments,generate class probability vectors;draw on the idea of deep neural networks,use the re-represented features to train a multi-layer cascaded random forest;finally The classification of sample data is determined by voting strategy.The model has the characteristics of fewer hyperparameters and low manual training cost.At the same time,in view of the large sample size and low latency requirements of high-dimensional data in network intrusion detection and the parallel characteristics of random forest,the Spark distributed platform is used to optimize the parallel training of the model.(2)In order to resolve the issue of minority category detection accuracy being poor due to an unbalanced distribution of network intrusion detection data,a network intrusion detection model GAN-EWRF based on generative adversarial network and exponentially weighted random forest is proposed.Starting from both the data and the algorithm,the data level uses GAN to learn the target data samples,and continuously improves the generation quality of the imitation samples through confrontation,thereby generating imitation samples similar to the target data samples.At the classifier algorithm level,the calculation method based on the index weight re-quantifies the decision weight of the base classifier of the random forest,and reduces the slanting influence of the base classifier with lower prediction accuracy on the prediction results of the entire ensemble learning.(3)The experimental results on the four network security data sets of NSL-KDD,UNSW-NB15 and CICIDS2017 and CICIDS2018 show that the FS-CRF model in this paper is better than PRF,DSSVM,A-DNN,etc.in performance indicators such as F1 score and accuracy.Classic model,and can effectively reduce the execution time of intrusion detection tasks.The experimental results on the CICIDS2017 dataset show that the GAN-EWRF model has effectively improved the detection accuracy and recall rate of minority attacks,and has shown better performance in comparison with the resampling methods SMOTE and SMOTE-NCL.