| Nowadays,with the rapid development of network technology,network security threats are becoming increasingly prominent,which brings new challenges to maintaining network security.Network intrusion detection system can effectively identify network intrusion through information collection,information analysis and result processing,and plays an important role in maintaining network security.With the development of Internet technology and the emergence of new network attacks,network intrusion detection technology is also facing new challenges.First,the accuracy of network intrusion detection systems needs to be further improved.Secondly,for ultra-high bandwidth network systems,traditional technologies are difficult to achieve fast network intrusion detection.In addition,in the field of network intrusion detection,there is a phenomenon of imbalance of various types of data.Therefore,this thesis mainly studies the fast network intrusion detection technology in the imbalanced data environment.The main contents are as follows:Aiming at the problem that the accuracy of network intrusion detection system needs to be further improved,in terms of detection algorithm,this thesis proposes an intrusion detection model that combines Light GBM and Bayesian optimization algorithm.The serialization method is integrated to improve the accuracy of model detection,and the Bayesian algorithm is used to optimize the hyperparameters of the core parameters in Light GBM,so as to find more suitable parameters and improve the accuracy of the model.The results of simulation tests on three data sets including NSL-KDD show that the Bayesian optimization algorithm in this thesis can effectively improve the performance indicators such as the accuracy of the model through hyperparameter search,and the algorithm proposed in this thesis is better than other traditional detection algorithms.Aiming at the problems of training and detection efficiency of network intrusion detection system,this thesis mainly optimizes from two aspects: the number of features and the training model.In terms of the number of features,this thesis proposes an adaptive binning feature selection algorithm.Simulation experiments show that this algorithm is superior to the traditional feature selection algorithm in terms of speed.The proposed feature selection algorithm can reduce the dimension of the original data set,thereby improving the efficiency of network intrusion detection systems in training and detection phases.In terms of training model,this thesis adopts lightweight ensemble learning.Compared with the network intrusion detection system based on deep learning,the training and detection speed is faster.The training time and detection time of the model are reduced.Aiming at the imbalance of various types of data in the field of network intrusion detection,this paper proposes an intrusion detection model that combines k-means and star topology oversampling.In the data balancing stage,k-means clustering is first performed on the samples in the original training set,and then the star topology oversampling algorithm is used for clusters with a significant distribution of minority samples.In this way,a minority class sample point that conforms to the original data distribution is generated,and the quantity ratio of each class in the training set is relatively balanced.Through testing on NSLKDD and CICIDS-2017 datasets,the performance of the algorithm in this thesis is better than some other algorithms in terms of accuracy,F1 and other performance indicators. |
PDF Full Text Request