Research On Intrusion Detection Model And Method Of Unsupervised Learning Based On K-means Algorithm

Computer technology represented by the Internet is widely used in various aspects in modern times,ranging from people’s life to aerospace.While enriching and facilitating people’s lives,it is accompanied by certain risks,such as network intrusion,so the security of the network needs to be guaranteed.But the means of network intrusion are more and more novel,with high concealment,rare attack type,wide range,and so on.It is difficult for traditional passive network defense technology to effectively detect such newly emerged attacks,while network intrusion detection technology can actively and timely detect attacks in network behaviors.At present,the network intrusion detection model based on deep learning has problems such as complex models,poor robustness,and low accuracy of unknown attack detection.In view of these problems,this thesis builds a model based on the k-means algorithm to explore a more ideal intrusion detection method and model.An unsupervised learning intrusion detection model based on the k-means algorithm is proposed to detect intrusion threats in the network environment.The work includes:(1)In view of the nonlinear,difficult-to-find correlation between attributes of network traffic data and different traffic data,the k-means clustering algorithm will be unstable,using the front GRU(Gate Recurrent Unit)network to process traffic data.An unsupervised learning intrusion detection model combining GRU and k-means algorithm is proposed,which can effectively capture the sequential features of multiple time spans in the original traffic sequence,and improve the detection ability and robustness of the model.(2)As the current intrusion detection model based solely on deep learning is of high complexity,supervision training cannot adapt to the detection of modern massive network traffic data,and supervision training is not enough to learn the features of unknown attacks or attack samples with a small amount of data,resulting in unsatisfactory detection ability.In this thesis,the unsupervised k-means clustering algorithm,which is simple,fast,and easy to explain,is used for modeling,and the traditional K-means algorithm k value and the selection of clustering center are optimized to improve the stability of the model.(3)The three-branch decision mechanism is used to improve the idea of hard clustering in the traditional k-means algorithm,and the three-branch decision mechanism is introduced into the process of classifying objects into clusters to reduce the risk of blind decisions when conditions are insufficient.By using the proximity and difference between the original cluster objects to divide the delay domain and re-allocate the domain,the abnormal behavior that deviates too much from the normal traffic behavior can be well detected,and the detection accuracy of the model against unknown attacks or attacks with less data volume can be improved to a certain extent.The accuracy of the proposed model is about 95% on the NSL-KDD data set,and through multi-dimension simulation experiments,it is proved that the proposed model is effective to solve the existing problems of the current intrusion detection model,such as poor robustness and stability.