Design And Implementation Of Intrusion Detection Systems Based On Machine Learning For The Smart Integration Identifier Network

The advancement of science and technology has resulted in the rapid development of the Internet,where network attacks also happen more frequently and diversely.As an active protection means,intrusion detection has become a research hotspot in the field of cybersecurity.Compared with traditional solutions,the machine learning-based intrusion detection mechanism has more advantages in terms of strong adaptability and generalization ability,and has also received great attention from academia and industry in recent years.However,the imbalance of network traffic data and the difficulty of optimizing the hyperparameters of machine learning models have brought many challenges to the performance improvement of intrusion detection models.In addition,due to the lack of flexibility and controllability of the traditional network architecture,it is unfavourable for the on-demand deployment and agile upgrades of high-performance intrusion detection systems.To this end,this dissertation designs and implements a flexible and efficient intrusion detection system based on the Smart Integration Identifier Network where the management and control plane is decoupled from that of the function execution,aiming to sharply improve online detection accuracy of anomaly traffic and its operation efficiency,through offline optimization,online deployment,and distributed updates of the associated trained models.The primary contributions of this work are as follows:Firstly,a sample balance mechanism based on Generative Adversarial Network is proposed to solve the problem of unbalanced training data.Besides,an intrusion detection model based on machine learning is designed,along with a model optimization method based on artificial bee colony algorithm,in order to increase the detection accuracy for anomaly traffic by the proposed model.Secondly,an intrusion detection system based on the Smart Integration Identifier Network is designed and implemented,where the operating entity at the data plane is able to collect and extract the feature information of the incoming data stream in real time,and effectively recognize anomaly traffic according to the proposed two-class and multi-class detection models trained offline,promoting the online detection accuracy of the system.Thirdly,a distributed update mechanism for detection models based on federated learning is designed and implemented,in order to boost detection ability of the system for unknown attacks.In addition,a double-trigger guarantee mechanism is designed to synchronize the update pace of each operating entity in the data plane of the proposed intrusion detection system.Finally,a relevant experimental platform is built to verify the function of the core module of the proposed intrusion detection system based on the Smart Integration Identifier Network,and its detection performance is evaluated based on the CICDDo S2019 and ISCX VPN-non-VPN dataset.The results show that the proposed intrusion detection model has higher detection accuracy compared with other 9 common machine learning models such as Random Forest and Convolutional Neural Network;the designed intrusion detection system is able to recognize the anomaly traffic online;and the proposed distributed update approach is able to effectively shorten the update time of the relevant parameters of the intrusion detection model,and can improve the ability to detect unknown attacks for the proposed system.