Research On Network Intrusion Detection Method For Unbalanced Data

While Internet technology has brought convenience to people,network security issues have become increasingly serious.As an important protection method,network intrusion detection can detect whether a computer is being attacked and give timely warnings.At present,network intrusion detection methods based on machine learning can achieve better results than methods such as pattern matching and expert systems,but the detection capabilities can still be further improved,at the same time,existing machine learning methods often only focus on the overall detection rate and ignore each the detection rate of the category,due to the imbalance of the data sample,has the problem of low detection rate of the attack type with a small number of samples.In order to solve the above problems,this paper proposes a detection model based on convolutional neural networks and long short-term memory networks as well as a data balancing strategy,which not only improves the overall detection rate of the model,but also improves the detection rate of attack types with small number of samples.The main work contents are as follows:First,in order to solve the problem of insufficient detection ability,convolutional neural networks and long short-term memory networks are applied to network intrusion detection,combining the advantages of the two,the potential spatial and temporal features in the data are extracted separately to improve detection capabilities.Among them,the convolutional neural network adopts the parallel input method,two convolutional neural networks are used to extract data features of different levels and merge them.In addition,by using the method of random forest feature selection to reduce the dimensionality of the data,the speed of model training is improved.Then,in order to solve the problem of low detection rate of attack types with small number of samples caused by data imbalance,a data balancing strategy based on SMOTE algorithm and generative adversarial network is proposed,according to the different number of samples in the data set,the improved SMOTE algorithm and generative adversarial network are used to balance the data respectively.The improved SMOTE algorithm can effectively expand the data set when the amount of original data is small,while the generative adversarial network can generate more realistic data.This balance strategy reduces the impact of data sample imbalance on the detection effect,which can effectively expand the data set and improve the model's detection rate for minority samples.Finally,two network intrusion detection data sets,NSL-KDD and CIC-IDS,are used for experimental evaluation.The experimental results show that the overall accuracy of the detection model proposed in this paper on the unbalanced data set reached 98.05% and 98.61%,which is better than other classical models.After balancing the data set with the balancing strategy,the overall accuracy rate increased to99.51% and 99.75% respectively,the detection rate of attack types with a small number of samples in the data set has been greatly improved compared with the detection rate before the balance.In addition,This paper uses different intrusion detection models and different data balancing methods to further experimentally verify the data balancing strategy,the results show that the proposed data balancing strategy can improve the detection ability of the model more effectively.