Research And Implementation Of Key Technologies Of Intrusion Detection Based On Dpi And GAN

With the development of communication network technology,network traffic has shown an explosive growth,followed by frequent network attacks,and the forms of attacks have shown complex and changeable characteristics.The network-based intrusion detection system(NIDS)can monitor the network environment in real time and protect the security of the terminal equipment under the entire network segment for the first time.This system has become an important part of network security.Rule-based intrusion detection technology needs to frequently update the rule base to deal with the emergence of new attacks,while intrusion detection technology based on shallow machine learning requires manual selection and extraction of features,which greatly relies on expert experience,both of which are time-consuming and labor-intensive.Intrusion detection technology based on deep learning can automatically model according to the current network environment,which has become a new hot spot in the field of intrusion detection.Although deep learning algorithms can automatically learn the characteristics of malicious traffic,there are three major problems with deep learning algorithms in a real network environment: First,supervised deep learning algorithms cannot identify unknown malicious attacks,and unknown malicious attacks are often the most common.Destructive power;second,supervised deep learning algorithms require huge labeled data sets,and labeled malicious traffic data sets are more difficult to obtain;third,although unsupervised deep learning algorithms can detect unknown malicious attacks that do not require tags,they cannot identify specific malicious attacks.This paper proposes a solution based on the fusion of unsupervised NIDS deep anomaly detection technology and deep packet detection technology.This program uses unsupervised NIDS deep anomaly detection technology to solve the problem that the supervised deep learning algorithm cannot identify unknown attacks and the labelled data sets.It also uses the deep packet inspection technology to solve the problem that unsupervised algorithms cannot detect specific malicious attacks and improve the NIDS ability to detect unknown malicious attacks.The main contributions of this article are as follows:(1)A new type of intrusion detection system framework is proposed,which is a solution based on the integration of unsupervised NIDS anomaly detection technology and deep packet inspection technology to improve the intrusion detection system's ability to detect unknown malicious attacks.(2)A NIDS anomaly detection algorithm CE-SAE based on stacked autoencoders is proposed,mainly used to distinguish regular network traffic from malicious network traffic.The CESAE algorithm improves performance by adding sparsity constraints to the model and modifying the loss function.Experimental results prove that the algorithm is better than the SAE algorithm with the same network structure.(3)A NIDS anomaly detection algorithm COD-VAE based on a variational autoencoder is proposed,and a one-dimensional convolutional network is introduced to improve the algorithm's ability to extract serialized network stream features.COD-VAE distinguishes malicious traffic in network flows by learning the distribution of expected network flows.Experimental results show that the performance of this algorithm is better than the CE-SAE algorithm.(4)The NIDS anomaly detection algorithm Packet-GAN based on Generative Adversarial Network is proposed.This model adds a discriminator based on COD-VAE and uses adversarial learning to help the generator better learn the spatial distribution of expected network flows in order to distinguish between regular network traffic and malicious network traffic.Experimental results prove that the Packet-GAN deep anomaly detection algorithm has a higher precision rate and a lower false alarm rate than the CE-SAE and COD-VAE algorithms.