Research On Preprocessing Method Of Network Security Intrusion Detection

Intrusion detection is a very effective and important active security defense technology.With the extensive application of deep learning in the field of network security,the intrusion detection method based on deep learning has always been the frontier subject of scholars’ research.The quality of training data directly affects the implementation efficiency and identification accuracy of intrusion detection classification model.Due to the increasing complexity of network environment,the massive network data used for training classification model has the characteristics of unbalanced categories,insignificant features and redundant information,which seriously limits the performance and function of intrusion detection system.Therefore,the research of intrusion detection pretreatment method has important theoretical and engineering application value.With the continuous popularization and of high-speed network intrusion means diversification,the traditional intrusion detection model based on machine learning algorithms defects in more and more prominent,there have been difficult to deal with high-dimensional data,such as excessive dependence on artificial feature selection problem didn’t get very good solve,cause this kind of system has been gradually cannot meet the needs of the current network security,deep learning can extract advanced features,learn advanced concepts,therefore,the deep learning related technology and theory in network intrusion detection technology in network security field a new method and train of thought.In this paper,unbalanced data processing and high-dimensional data feature extraction methods are combined to design a preprocessing method independent of the classification model,so as to build a lightweight network security intrusion detection model.Firstly,generative adversarial network(GAN)is used to increase the capacity of a small number of attack samples to improve the unbalanced distribution of network intrusion data in the sample set.Secondly,features related to intrusion behavior in high-dimensional data are extracted through unsupervised learning of stacked denoised auto-encoders(SDAE).Finally,the characteristic data obtained after pretreatment is used to construct the random forest intrusion detection classifier.Thus,the deep learning method is applied in the pre-processing of network security intrusion detection to improve the problems of traditional intrusion detection model,such as difficulty in processing highdimensional data and excessive reliance on artificial feature selection.Then,the classification effect and identification accuracy of the designed network intrusion detection model are tested through simulation experiment.The main work of this paper is divided into three parts:(1)After the sample data digitization and normalization processing,GAN is used to expand a small number of samples by means of intra-category expansion,so as to balance the quantity of each category in the sample and weaken the impact of category imbalance on classification accuracy.Simulation experiments show that the learning rate,batch size,epoch value and the number of hidden layers of the GAN model have effects on the generated data quality and intrusion detection performance.Moreover,it is proved that the detection accuracy of the whole sample and the minority sample can be improved after the expansion of the GAN minority sample.(2)The expanded sample is then used to extract the distribution rules of network data layer by layer through stacked deep SDAE intelligence,under the condition of the input noise,combined with the coding layers of coefficient of punishment and the reconstruction error,using unsupervised training step by step a greedy algorithm in training in each layer for a more robust expression,by back propagation method to model the overall fine-tuning,diversity of highdimensional data feature extraction,preserve the subject characteristics of data and learn more excellent characteristics,to achieve dimensionality reduction of high-dimensional data.SDAE network structure has been proved by the simulation experiments,the number of hidden layer nodes and the proportion of noise parameters on the result of feature extraction,the model is compared with other dimensionality reduction model experiment,the results show that the characteristics of SDAE has better ability to learn,at the same time improve the detection rate and improve the model performance has made remarkable achievements.(3)Each subset of data samples after dimension reduction represents each decision tree for training.In the detection stage,the classification results of each decision tree are combined to vote,and finally all decision trees are collected to form a forest and a classification analysis result is obtained.Finally,in order to verify the effectiveness of the preprocessing method in this paper,the latest UNSW-NB15 data set in the field of intrusion detection is used for simulation experiments.The results show that compared with support vector machine,K-nearest neighbor algorithm,convolutional neural network,long short-term memory network,and deep belief network model,the model proposed in this paper improves the overall detection accuracy and the detection accuracy of a few types of Analysis,Shellcode,Backdoor,and Worms,and effectively reduces the false positive rate and false negative rate.