Research Of Network Intrusion Detection Method Based On Deep Learning

As the network scope and scale continue to expand,the threat of network intrusion has become far more serious than ever before.Network intrusion detection system is a security tool deployed on computer to prevent malicious attacks.Due to the increasing complexity of attack methods and the emergence of new attacks,traditional intrusion detection can no longer meet the detection requirements,so it is necessary to explore new methods to detect intrusions in the network.In recent years,due to the rapid development of deep learning and its advantages in big data analysis and processing.Based on the deep neural network and convolutional neural network in deep learning,this paper establishes a detection model that can learn independently,which can not only improve the detection accuracy,but also identify rare intrusions.The main work of this paper includes:(1)Due to the existing network intrusion detection system has low efficiency in detecting malicious behaviors,and cannot effectively detect the types of attacks in largetraffic networks.To solve the problem,this paper proposed a multi-path learning method in intrusion detection.The model based on deep neural network and comprises two stages.The main idea is to divide the large flow data into several small data flows according to the network protocol,and then detect the divided data flow.In the first stage,a large network traffic is divided into TCP,UDP and ICMP protocol subset.Each subset then classifies into normal or abnormal.In the second stage,the pre-trained multi-classification model is used to classify the abnormal traffic detected in the first stage to identify the type of attack.(2)Due to distribution imbalance between attack types leads to poor classification performance of attack classifier for rare attacks.To solve the problem,an intrusion detection method based on data enhancement and cascaded classifiers is proposed.First,the method splits original network data,constructing common attack set and rare attack set respectively.Then,the rare attack set is processed by using data enhancement technology in order to increase the number of rare attack sets.Finally,a cascade classifier was introduced to each of these two small training datasets for learning,each classifier handles common attacks and rare attacks respectively to improve the detection ability of rare attacks.The main idea of this method is to separate the rare category from other attack categories in the data set,and increase the sample size of the rare category to improve the detection ability of rare attacks.