Research On Network Intrusion And Malware Detection Mechanism Based On Machine Learning

With the explosive growth of the number of computer users and mobile smart terminal devices,the Internet has become a necessity in daily life,and network security in the era of big data has become more and more important.Compared with traditional network security protection methods such as firewalls and data encryption,intrusion detection and malware detection systems have irreplaceable advantages in information misreporting and software underreporting,and have become the main means of maintaining network security.An intrusion detection system is a network security device that monitors network data during transmission in real time,and prevents and executes alarms when abnormal transmission is found.The malware detection system detects benign software and malware by detecting application packages,analyzing their application program interfaces,permissions,and other content.With advanced technologies such as artificial intelligence and big data,the application of machine learning has developed rapidly in many research fields,but the existing intrusion detection and malware detection systems still have some shortcomings for the application of machine learning algorithms,such as computational overhead Large,long detection time,low detection accuracy,etc.Therefore,how to use machine learning technology to deal with the problems of intrusion detection and malware detection is the main research work of this thesis,which specifically includes the following three parts:(1)The current intrusion detection system has high computational overhead,long detection time and low accuracy.This thesis proposes a network traffic classification mechanism CPEL for intrusion detection systems.The mechanism first uses the correlation feature selection algorithm to select the best feature in the network traffic data,and then uses principal component analysis to reduce the dimensionality and denoise the selected features.For comparison,a variety of machine learning methods are used for classification,and the method with the best performance is selected and integrated learning technology is used for model fusion to improve the robustness of the overall model.Through experiments,compared with the existing methods,this method has high accuracy,fast detection speed and low computational overhead.At the same time,the influence of different feature selection and dimensionality reduction methods on the model was studied,and the most suitable feature selection method was found.(2)In wireless sensor networks,due to the limited resources of sensor nodes and the redundancy of network data,current intrusion detection systems under wireless sensor networks have disadvantages such as high computational overhead and high false alarm rate.This thesis proposes a wireless-oriented approach.SLGBM,an intrusion detection mechanism for sensor networks.The model uses sequence backward feature selection algorithm to perform feature selection on the flow data of sensor nodes.Then an efficient gradient boosting decision tree algorithm is used to classify the traffic data,which reduces the false alarm rate and computational overhead of model detection,and improves the efficiency of model detection.Experimental results show that the model has good detection performance and high real-time performance.(3)For malware detection,the feature engineering of the detection model requires a lot of time to build,and the model usually has problems such as low detection rate and high computational cost.In this thesis,the data processing uses a feature selection algorithm to find the most relevant features,and classifies the threat level of malware through the correlation of features.Then a neural network-based malware detection mechanism,DCEL,is proposed.This method will first use the original data to generate a model using a deep neural network,then convert the original data into a gray image using a convolutional neural network to generate the model,and finally use an ensemble learning method Fusion.Experiments have proved that this mechanism can efficiently and quickly detect potential malware.