Research On Network Intrusion Detection Technology Based On Concept Drift

With the continuous development of Internet applications,network traffic data is gradually developing towards high-dimensional and massive characteristics,and the types of network attacks are becoming more and more diverse.At the same time,with the change of time,the data distribution of network traffic is constantly changing,and the traditional intrusion detection model with machine learning algorithm as the main method uses static classifiers to consider the above problems,resulting in its detection accuracy.This phenomenon is known as the concept drift problem,that is,the change of the target concept caused by the change of the context in the data flow.Therefore,based on deep learning,this thesis conducts research on intrusion detection technology under concept drift.Firstly,the concept drift detection algorithm based on classification accuracy has the problems of high consumption of label resources and high cost.In this thesis,a concept drift detection algorithm based on Wasserstein distance is designed.The algorithm adopts a double-layer sliding window mechanism,and sets two sliding windows to obtain the latest batch of detected data samples and data samples to be detected that have concept drift,and calculates the Wasserstein distance between the two data samples,which is compared with the drift threshold.,to detect the occurrence of concept drift.Secondly,for the concept drift problem of intrusion detection,this thesis designs a hybrid intrusion detection model based on Wasserstein distance.The model adopts a concept drift detection algorithm based on Wasserstein distance to detect concept drift,and adopts an offline network based on SAE-CNN and an online network based on SAE-LSTM as a hybrid classifier module for intrusion detection.When concept drift occurs,the online network is updated in real time,so that the model adapts to the changing data distribution and improves the performance of the intrusion detection model.Using the KDD CUP99 dataset as the intrusion detection dataset,it is verified that the model is effective when concept drift occurs.Finally,aiming at the concept drift problem of multi-label classification in intrusion detection,this thesis designs a dual-classifier intrusion detection model based on mixed sampling.The model introduces a warning threshold based on the concept drift detection algorithm based on Wasserstein distance,and adopts a mixed sampling method based on Borderline-SMOTE and K-Means undersampling to reduce the imbalance of the training set when training the classifier using the training set.The drift adaptation part is implemented with dual classifiers,namely active classifier and passive classifier.The classifier is designed with Res CNN-LSTM network,and the update of the two classifiers is controlled according to the warning signal and drift signal of concept drift.When updating the classifier,the Borderline-SMOTE algorithm is used to increase the number of minority class samples and improve the generalization ability of the model.The KDD CUP99 dataset is used as the intrusion detection dataset to verify the effectiveness of the model under multi-label classification and concept drift.