Research On Network Intrusion Detection Technology Based On Neural Network Model

With the continuous and fast development of internet technology,while the Internet provides great convenience to daily life,the number of computer network threat intrusion is also increasing rapidly.Therefore,network information security detection has a profound impact on ensuring people’s lives and maintaining information security in Internet space.A commonly used network information security defense system is called intrusion detection system.It mainly monitors computer networks and hosts with the help of software or hardware tools,when abnormal traffic is detected,it will trigger certain restriction operations and report the abnormality to the network security administrator,however,the intrusion detection system has the problems of low detection rate and high false alarm rate in the face of unbalanced sample data nowadays.Based on this,this thesis introduces the neural network framework model into intrusion detection to settle the trouble of data disproportion and improve the function of network intrusion detection.The contents of this research mainly include the following:（1）Summarize and analyze the current cyberspace and information security issues,as well as introduce the current research status of intrusion detection technology at home and abroad environments in detail.The different classification of intrusion detection technology and its practical application are expounded.Simultaneously,the structure of neural network and the principle of feature learning are also introduced.（2）Aiming at the problem that the neural network model cannot fully learn due to the imbalanced data in the detection data set,a network intrusion method combining a kind of balance and CNN is proposed.Firstly,the method used the random oversampling algorithm ROS to perform oversampling for minority class traffic samples,and then used Gaussian mixture model GMM to aggregation and down-sample the majority samples.Thirdly,it trained the CNN on the balanced data set to mine the high-dimensional features attributes in the network traffic data.Finally,it classified the data through softmax regression.The CICIDS2017 data set after different class balance processing was applied to examination the model and compared with the original data set.The results show that,the proposed method has a significant increase in the detection rate for minority class traffic sample data while maintaining a high overall intrusion accuracy rate,which verifies the proposed method has a great value in practical application.（3）In view of the problem of overfitting and disappointing pattern generalization capability of neural network in training intrusion detection model,a deep noise reduction and self-encoding network intrusion detection based on elastic net is proposed.The model is formed by end-to-end superposition of multi-level DAE frameworks.At the same time,elastic net regularization is subjoined to the loss function to optimize the model,in addition in the training process of the model,only some normal samples in the training set are trained to obtain the abnormal threshold of reconstruction error,and finally detect abnormal behavior by comparing the distribution of reconstruction error values of different types of data with the abnormal threshold.The model is tested on the NSL-KDD dataset,and it illustrates that it can validly upgrade the detection accuracy under the condition of low false positive rate.The innovations of the research work in this thesis are mainly reflected in the following aspects:（1）A network intrusion detection method combing class balance and CNN is proposed.Through the proposed class balance processing algorithm ROS-GMM,all class samples on the training data set are resampled to a uniform number of instances,which can avoid excessive redundant data caused by separate oversampling,increase time and space costs,and loses some important features caused by separate downsampling,which helps to improve the detection rate of a few types of attack samples,and can well settle the question of unbalanced data distribution in anomaly detection.At the same time,the neural network model CNN is used to independently extract deeper feature attributes,which can better deal with high-dimensional nonlinear network traffic features,and avoids the limitations brought by traditional shallow machine learning relying on manual feature selection,and finally increased the classification accuracy.（2）A deep denoising self-encoding network intrusion detection method based on elastic net is advanced.The sample characteristics of the data are actively learned through deep neural network model,which can make up for the limitations caused by a single neural network,the random deactivation of Dropout is used to solve the noise problem of network traffic data,thereby enhancing the robustness of the learned sample data.In addition,the denoising self-encoding overcomes the over-fitting problem in the training of auto-encoder networks.By adding elastic net regularization optimization measures to the loss function,the generalization performance of the system framework model is enhanced and the intrusion detection ability is improved.The semi-supervised method is used to train the model to obtain the abnormal threshold of reconstruction error,which can effectively improve the detection efficiency of the model and reduce the running time without completely scanning the entire data set.