Research On Distributed Mutual Trust Collaborative Intrusion Detection Method Based On Deep Learning Algorithm

As a new and active network protection method,network intrusion detection can effectively detect network attacks and is an important research direction in the field of network security.With the expansion of network scale and the increasing complexity of network intrusion behaviors,collaborative intrusion detection techniques have been proposed to defend against complex types of attacks in large-scale heterogeneous networks.The cooperative intrusion detection system is composed of a plurality of single intrusion detection nodes,and the nodes work cooperatively with each other.Such detection techniques also face two problems.First,the intrusion detection method inside the node has low recognition accuracy for complex and changeable intrusion behaviors,which affects the effectiveness of the entire collaborative intrusion detection system.Second,in the cooperation between nodes,data sharing and internal malicious nodes will also affect the integrity of collaborative detection.Aiming at the problems raised above,this paper studies the detection method within a single intrusion detection node and the cooperative method between multiple intrusion detection nodes.The specific work is as follows:To address the issues raised above,this paper investigates the detection method within a single intrusion detection node and the collaborative method among multiple intrusion detection nodes from both algorithmic and collaborative aspects,and combines the two into a distributed mutual trust collaborative intrusion detection method based on deep learning algorithms.The main work is as follows.(1)Within a single intrusion detection node,an intrusion detection method based on hybrid sampling and hybrid neural network is designed and implemented in this paper.To solve the problem of low recognition rate of few classes caused by the imbalance of class ratio of traffic data set,this paper adopts the hybrid sampling algorithm based on SMOTE-Tomek link,and improves and optimizes the SMOTE algorithm combined with k-means clustering algorithm in it.The hybrid sampling algorithm designed in this paper can effectively improve the unbalanced problem of categories in the dataset.To solve the problem that traditional machine learning algorithms or single deep learning algorithms cannot learn complex traffic data features well,this paper chooses to apply convolutional neural networks and long and short-term memory networks to intrusion detection,combining them into a hybrid neural network to learn spatial and temporal features of traffic data respectively.Finally,the above hybrid sampling algorithm and hybrid neural network together form an intrusion detection method ST-CNN-SLTM,and the new CIDDS-001 dataset is selected for multi-classification training and testing,and the UNSW-NB15 dataset is selected for binary classification training and testing.The overall classification accuracy and small class classification accuracy are significantly improved compared with traditional machine learning algorithms and single depth learning algorithms.(2)A distributed cooperative intrusion detection system is designed based on the JADE framework between intrusion detection nodes and nodes,and a blockchain-related component is added to the system to ensure the privacy of communication between nodes in the system.We propose a trust score algorithm to identify malicious nodes inside the collaborative intrusion detection system,which can adjust the trust score of nodes according to the traffic detection results of the detection nodes,identify nodes with trust score below a threshold value as malicious nodes and suspend them from use,and conduct simulation experiments.threshold,the algorithm can effectively identify and deactivate malicious nodes,thus ensuring the internal security of the collaborative intrusion detection system and the mutual trust between nodes.On top of the implemented collaborative intrusion detection system,a distributed collaborative detection is simulated in combination with the intrusion detection method designed in this paper,and experiments are conducted to compare with the traditional single-point detection method,and the experimental results show that the collaborative intrusion detection method can perform the intrusion detection work more efficiently.