Research Of Intrusion Detection Method Based On Stacking

With the rapid development of the Internet,the ways of network attack are increasingly diversified,and the network security situation is not optimistic.It is urgent to prevent network attack and ensure network security.How to effectively detect abnormal behavior and its attack categories has become an important topic in the field of network security.Intrusion detection system(IDS),which actively monitors network behavior and finds abnormal behavior,has become an essential means of security protection.This paper studies and implements a set of network intrusion detection system,analyzes and models the traffic,provides real-time network intrusion detection,studies the data imbalance in the field of intrusion detection,and improves the recognition ability and accuracy of intrusion detection model to attack categories.The main research work is as follows:A data generation method for intrusion detection data is implemented.Aiming at the problem that the traditional generation countermeasure network can not directly generate discrete data and efficiently capture effective feature interaction,this paper proposes an improved generation countermeasure network model based on deep crossover network,which automatically learns high-order features based on feature crossover at each crossover layer,avoids inefficient artificial feature engineering,and uses Gumbel-softmax activation function to generate discrete data.The experimental results on the data set NSL-KDD show that The mean and mean square deviation of the generated sample are highly similar to the original sample.It is proved that the generated samples with high similar characteristic distribution to the data set can be generated based on this method;Using the classifier trained by the enhanced NSL-KDD data set,the F1 value of u2 r attack is increased by 39 ? 40%,and that of r2 l attack is increased by 42 ? 43%,which verifies the effectiveness of the generated samples;The accuracy of the model is improved by about 8%,and the macro F1 is improved by about 20%.Therefore,the overall detection effect can also be improved by expanding the number of minority samples.Compared with SMOTE algorithm and ADASYN algorithm,F1 of U2 R and R2 L is improved by 4% ? 6%,and the generated sample quality is better.A two-layer learner intrusion detection model is implemented.RF,LightGBM and CatBoost are selected as the base classifier and Softmax logistic regression is used as the meta classifier.The classifier is optimized based on cross validation and grid search.Through training and testing on NSL-KDD data set,it is better than single model algorithm in prediction accuracy of 84.68%,macro accuracy of 85.20%,macro recall of 65.22% and macro F1 value of 69.61%.After using WGAN-GP to enhance the data of a few classes in the dataset,the accuracy rate is 89.75%,the macro accuracy rate is 91.25%,the macro recall rate is 77.86%,and the macro F1 value is 82.84%.A network intrusion detection system is implemented.For high-speed traffic scenarios,this paper designs a high-performance network traffic collection architecture based on dpdk technology to detect network traffic in real time and identify potential intrusion attacks in the network environment.It also realizes a visual management platform based on web development technology to assist network managers in multi-dimensional data analysis of network security situation.