Research On Intrusion Detection Of Network Traffic Based On Machine Learning

The rapid development of the Internet has brought great changes and convenience to society and people.Along with the development of the Internet,its security is also being paid more and more attention to.Intrusion detection system can detect network attacks in real time and respond to them in time,which has become an essential and important security line of defense.With the novelty of network attacks and the diversity of network traffic,the traditional intrusion detection methods based on port and payload matching are no longer applicable to the current environment.The combination of machine learning and deep learning techniques for intrusion detection is a current research hotspot.Although the current research has achieved certain results,it still faces problems such as insufficient detection effect,old dataset,and unbalanced dataset,which bring intrusion detection poses a great challenge.In order to solve the problems of insufficient detection effect and old dataset,this thesis proposes an intrusion detection model based on multi-level feature extraction.Firstly,real rich normal traffic is collected in the laboratory,then it is transformed into a network stream file and combined with CIC-IDS2018 dataset to form a real valuable dataset,which is transferred to the input form of the subsequent module through pre-processing.Then the convolutional neural network and Transformer are connected,and the dense connection mechanism is introduced in the convolutional neural network to realize the traffic feature fusion and underlying feature extraction.Transformer's parallelism and multiheaded self-attentiveness can achieve feature recoding and global feature extraction while reducing training time.In order to solve the common non-uniform data problem in the field of intrusion detection,this thesis proposes a data synthesis method based on a generative model.The method uses a model based on VAE structure to learn the distribution of feature space combining semi-supervised learning.Then it introduces label information as an additional input to the decoder and improve the loss function to control the class of the generated samples.Then completes the detection through a classification network with a multi-level feature extraction model.The method not only expands the dataset,but also generates richer data and effectively improves the detection capability of a few classes of samples.Finally,experiments of the multi-level feature extraction model are conducted on the hybrid dataset CIC-IDS2018,and experiments of the data synthesis method are conducted on NSL-KDD.The results show that the multilevel feature extraction model proposed in this thesis performs well on both binary and multiclassification,and outperforms the existing detection models CNN,LSTM,and CNN-LSTM in all indexes.After the NSLKDD dataset is balanced,the multi-layer feature extraction model has a large improvement in the detection of a few categories.Compared with the existing methods Borderline SMOTE and ADA-SYN,the SCAVE method is more effective in improving the detection ability.