Design And Implementation Of Intrusion Detection Algorithm Based On Machine Learning

Intrusion detection system(IDS)is a kind of network security equipment which can monitor the network transmission in real time,give an alarm or take active measures when finding suspicious transmission.The difference between IDs and other network security devices is that IDS is an active security protection technology.In many large and mediumsized enterprises and government agencies,intrusion detection systems will be deployed.Intrusion detection system monitors the operation of the network and system,and tries to find all kinds of attack attempts,actions or results,so as to ensure the confidentiality,integrity and availability of network system resources.The key problem is how to deal with and defend the attack behavior through effective and efficient analysis of these alerts.This thesis studies the network intrusion detection algorithm based on machine learning.Firstly,this thesis reviews the literature of intrusion detection and machine learning at home and abroad.Secondly,this thesis analyzes the commonly used machine learning algorithm and intrusion detection KDDCUP99 data,and constructs an intrusion detection algorithm framework based on machine learning,which mainly includes three parts: data preprocessing and feature selection,intrusion detection algorithm and false alarm elimination.Thirdly,this thesis uses chi square test,mutual information and random forest to select features,and proposes a feature processing method based on autoencoder.The first layer is composed of random forest model,the second layer is composed of gbdt and BP neural network,the third layer is composed of support vector machine,and genetic algorithm is used to optimize the model parameters.Fifthly,this thesis makes an empirical analysis on different models and characteristic data sets to study the effectiveness of the proposed model.Finally,based on kmeans and FCM clustering algorithm,false positives are eliminated.The conclusions are as follows:(1)The accuracy rate of the proposed three-layer stacking model is 95.36%,the false alarm rate is 8.07%,the false alarm rate is 0.56%,and the AUC value of the model is0.784.It can be seen that the three-layer stacking model has the highest accuracy rate,the lowest false positive rate and false negative rate,and the AUC value of the model is the highest,which indicates that the three-layer stacking model has the best intrusion detection performance.Meanwhile,the first mock exam has improved the performance of any model compared with any single model.(2)Compared with chi square method,mutual information method and random forest method,the model has higher accuracy,lower false positive rate and false negative rate,and higher AUC value.(3)In the aspect of false alarm elimination,the elimination rate of kmeans algorithm is 77.95%,the error elimination rate is 5.62%,and the leakage elimination rate is 3.45%.The elimination rate of FCM algorithm is 79.15%,the error elimination rate is 5.492%,and the leakage elimination rate is 3.36%.