Research On Network Intrusion Detection For Detecting Rare Attacks

Network intrusion detection,acting as an effective guarantee,has become an important research field.With the developing of traditional machine learning and deep learning,researchers introduce the techniques into network intrusion detection as a solution for classification of massive network data.In recent years,researchers have proposed many network intrusion detection approaches based on traditional machine learning with high performance,but most of them cannot recognize rare attacks accurately.In order to solve the problem of the poor classification performance for rare attacks in network intrusion detection,some researches are carried form the following aspects.There are lots of redundant information in network data.Rare attack patterns can be affected by redundant information in imbalanced attack data.A feature selection method based on genetic programming and random forest is proposed with the purpose of eliminating the influence of redundant information on rare attack data to improve the classification ability for rare attacks.In this method,first,a population of network data as a solution is initialized.Then,the population is evolved using selection and copy operations to generate new solutions.A random forest is applied to evaluate those solutions and compute their fitness value.Finally,the new dataset can be generated by selecting the solution with the biggest fitness value.Distribution imbalance between attack types leads to poor classification performance of attack classifier for rare attacks.To solve the problem,a new intrusion detection method splitting data and constructing a joint attack classifier is proposed.First,the method splits original network data,constructing common attack set and rare attack set respectively.Then,using the new datasets,common attack classifier and rare attack classifier based on deep learning and traditional machine learning respectively can be trained.During detecting process,those classifiers will be connected to generate a joint attack classifier.Accuracy,false-alarm and f-score are utilized as evaluation criteria.The classifier has been evaluated using a new dataset based on NSL-KDD dataset.The results show the joint attack classifier can improve the classification performance of rare attacks when compared with typical methods.After splitting attack data,the rare attack set include rare samples,which affects the training of rare attack classifier and hence leads to poor classification ability for rare attacks.In this paper,a joint attack classifier based on Convolutional Neural Network is proposed.First,common attack classifier is built based on common attack set.Based on transfer learning,adjusting different experiment parameters,the rare attack classifier obtains a suitable common attack classifier as initial model.Finally,the rare attack classifier is fine-tuned in rare attack set.The experimental results show that the joint attack classifier can learn effectively based on rare attack set and hence improve the detection performance for rare attacks without influence on detection performance for common attacks.