Research And Application Of BP Neural Network In Intrusion Detection

With the development of 5g and the emergence of COVID-19,network traffic has increased sharply,and network security has once again become the focus of attention.Intrusion detection system is an important means to achieve network security.It can detect abnormal conditions in the early stage of network attack.Machine learning methods are often used in intrusion detection,which transform the identification of network attacks into the classification and prediction of network traffic.The traditional intrusion detection model is difficult to identify new network attacks,and the identification effect of innovative and emerging network attacks is not satisfactory.In order to improve the performance of intrusion detection system,this paper mainly establishes two kinds of hybrid intrusion detection models: two classification and multi-classification.By analyzing the data situation and characteristics of the public data set unsw-nb15,it is found that the intrusion detection data set has the problem of data imbalance.In response to this problem,this paper improves the classic SMOTE oversampling method,and proposes an oversampling method Probabilistic SMOTE that only samples the boundary points with a certain probability,which effectively solves the problem of data imbalance.The prediction and discrimination of normal network behavior and attack behavior that is the binary classification of intrusion detection.This paper presents a recognition model of BP neural network based on genetic algorithm optimization.Aiming at the problem that it is difficult to select the initial weights and thresholds of traditional BP neural network,the excellent global search ability of genetic algorithm is used for selection.Since the genetic algorithm only relies on evolution methods such as selection and crossover to evolve individuals,it will cause individuals to be disturbed by random factors and thus cannot reach the global optimal point within a limited iteration round.Therefore,this paper proposes an individual movement operation,which is added to the genetic algorithm to enhance the convergence speed of each individual,so that each individual has a certain initiative instead of just waiting for natural evolution,so as to ensure that the algorithm is within a limited evolution round.Finally,using the recall rate,accuracy and other indicators,this model is compared with the traditional machine learning models and algorithms proposed in other literatures.The results show that the hybrid detection model proposed in this study has higher recall rate and lower running time,and performs well in intrusion detection tasks.Aiming at the problem of identifying which specific network attack each attack behavior is,that is,the problem of multi-classification identification of intrusion detection.This paper proposes a multi-class hybrid intrusion detection model based on error correction output codes.Each binary divider in the error correction output code still uses the binary classification model based on BP neural network proposed in this paper.To solve the problem that the error correction matrix is difficult to determine,the improved genetic algorithm proposed in this paper has strong global search ability.Since the multi-classification task is relatively complex and takes a long time to run,this paper uses the SHAP value,an interpretable feature importance measure of machine learning,to filter the features in the dataset.Finally,after comparing with other traditional machine learning algorithms and models proposed in other literatures,although the recognition accuracy of all methods is not satisfactory,the method in this paper has certain advantages.Finally,in order to apply the algorithm model proposed in this paper to the network intrusion detection scenario of the actual software system,an intrusion detection system based on SpringBoot,Vue and other technologies is developed.The system uses HTML,CSS and JavaScript technologies for front-end page development,Spring,SpringMVC and Mabatis technologies for back-end system development,and the database is written using MySQL.The system effectively combines the front-end and back-end systems with the Python script that implements the algorithm,implements the detection model with the system page,and implements the system's basic user management functions.The system provides an effective reference for the application of the intrusion detection algorithm model to the network environment detection of the actual software system of the enterprise.