Network Intrusion Detection And Situation Assessment Based On Deep Learning

In today’s society,network security problems occur frequently,and there are a large number of network attacks in the network environment.Frequent cyber attacks threaten the cyber information security of individuals,enterprises,and countries,and even affect the normal operation of the economy and society.Therefore,in such a network environment,the research on network intrusion detection and situation assessment is particularly important.As the network environment becomes increasingly complex and the means of network attack become more variable,there is a certain lag in manual detection after network intrusion,which can no longer meet the actual needs.Most of the existing intrusion detection models are based on rule base analysis and matching,which lack flexibility and cannot deal with new attack methods.At the same time,the harm of network intrusion in the information society continues to increase,and network security managers have more needs for situational assessment,hoping to obtain an effective situational assessment to guide network security management work and formulate effective management measures.This thesis studies network intrusion detection and situation assessment based on deep learning,and proposes a network intrusion detection model and situation assessment model.In order to solve the problem of existing rule base matching model intrusion detection schemes,a deep learning network intrusion detection model is proposed.The intrusion detection data set is converted from textual data to grayscale image data,which is convenient for obtaining deep feature information of image data;GAN is used to generate adversarial network to generate a small amount of sample data,and the model detection can be improved without changing the overall data quantity distribution.degree of accuracy.The intrusion detection model selects the convolutional neural network model(CNN)to extract the information of the grayscale image data;because the intrusion detection data set has the temporal sequence characteristics of network traffic records,the long short-term memory network(LSTM)is used to mine Timing information implied by the data.The LSTM neural network has the problem of gradient disappearance.This thesis constructs the LSTM network structure using the residual module,and uses the residual module to enhance the timing information.On the basis of intrusion detection analysis,this thesis constructs a situational awareness evaluation model.The model quantifies attack data from three aspects: asset threat,attack frequency and attack level,and conducts a comprehensive assessment of the network security situation.In the asset analysis module,based on the " GB/T 20984-2022 Information Security Technology Information Security Risk Assessment Method",a user demand-oriented system model is proposed,which can fully consider the user’s three aspects of data,software,hardware and services.The difference in the security concerns of similar network assets makes the situation assessment more targeted.In terms of attack level,the high-abstract network kill chain model and the medium-abstract ATT&CK model are comprehensively considered,and a double-chain attack layer model is constructed to quantify the situation of different attack categories.Through the research on network intrusion detection and situation assessment of deep learning,a model of intrusion detection and situation assessment is constructed,and the model is experimentally analyzed using the connection-oriented KDDCUP99 data set and the flow-oriented CIC-IDS2017 data set.The accuracy of the intrusion detection experiment results in this thesis has increased to 93.23%,which is improved compared with other models.The overall trend of the prediction results of the situation assessment model is the same as that of the real data model assessment results.The experimental results show that the research model in this thesis is practical and effective.The intrusion detection and situation assessment model in this thesis has a good intrusion detection and evaluation effect,but because it only uses the traffic data set for detection,the situation evaluation is not comprehensive enough and fails to consider many aspects of the actual security situation assessment.Provide preliminary model algorithm application practice for the construction of all-round situational assessment.