Unbalanced Intrusion Detection Based On Deep Learning

Nowadays,people's lives have become more and more inseparable from the Internet,and the Internet with a penetration rate of more than 64.5% is becoming an important part of today's society.It is precisely because of the benefits brought by such a large network that network attacks are becoming more frequent and the security of the network system is greatly threatened.Moreover,the security report shows that the attackers of these attacks are gradually upgraded from individuals to gangs,and the targets and scale of the attacks are also expanding,which seriously endangers the network security needs of individuals,companies,and society.In this context,intrusion detection systems have received more and more attention.Traditional anomaly-based intrusion detection technology analyzes through port matching or payload.However,this method can not face increasingly complex attack response methods such as random ports and encrypted traffic.Intrusion detection technology based on machine learning also requires manual design of features,which has problems such as being outdated,cumbersome and complicated.At the same time,the current system traffic data often has the problem of unbalanced categories,which brings great challenges to the research of intrusion detection technology.In order to solve these problems,this paper proposes an intrusion detection scheme based on deep learning.This article first cleans and filters the collected traffic data,and uses a vectorization algorithm to obtain fixed-length session data.Then,based on the generative model,this paper proposes a SACGAN structure that combines the characteristics of network traffic,and expands the data of a few categories through the trained generator,which solves the problem of category imbalance to a certain extent.Then this paper proposes a hierarchical detection model conforming to the traffic structure.Through the CNN network based on the Inception structure,the packet-level features are extracted,and the BiLSTM network is used to further mine the timing relationship between the packet features.Then,this paper introduces the attention mechanism to obtain the session features,and uses the session features to complete the classification and detection.Such a detection process does not require manual design features,and is more in line with the characteristics of system flow.Finally,this paper uses the test data composed of the IDS2017,IDS2018 data set and the laboratory captured traffic to conduct related experiments.This article first conducts an experiment on session segmentation parameters,determines the best form of session segmentation,and analyzes the influence of parameter changes on the experimental results.Then this paper compares the effects of commonly used data imbalance algorithms and the SACGAN model in this paper,and verifies that the method proposed in this paper has the best performance in accuracy,F1-Score and other parameters.Finally,this article compares the model structure using CNN or BiLSTM alone,the detection structure based on traditional machine learning and the hierarchical model of this article.Compared with other methods,the hierarchical model in this article has the best effect.And after the data expansion of SACGAN,the average accuracy of the hierarchical model proposed in this paper reached 99.6%,and the average F1-Score reached 0.962.It proves that the intrusion detection scheme in this paper can meet today's security requirements.