Research On Network Intrusion Detection Based On Deep Learning

Network Intrusion Detection(NID)based on deep learning is one of the important means for modern society to defend against network attacks.However,large-scale and high-dimensional network traffic also brings huge challenges to intrusion detection,and most of the existing detection methods ignore the problem of class imbalance in the field of intrusion detection,which leads to a high overall detection rate of network attacks,but an extremely low detection rate of some attack traffic samples with a small amount of data.In response to the above problems,this paper researches and implements a data balance method based on horizontal and vertical dimension optimization and an intrusion detection model based on a hybrid neural network with attention mechanism,thereby improving the overall classification accuracy of the model and the detection accuracy of minority attack samples.The main work of the paper is as follows:(1)In view of the two major difficulties of imbalanced categories and high dimensions of intrusion detection data,the optimization is carried out from the horizontal and vertical dimensions of intrusion detection data.In the horizontal data dimension optimization,a data enhancement method based on WGAN-GP is implemented,the structures of the generator and the discriminator are designed respectively,and the gradient penalty item is added to optimize the loss function of the discriminator.Finally,pseudo minority samples that are highly similar to the real data distribution are generated to complete the equalization of data categories.In the vertical feature dimension optimization,the potential connection between data features and attack categories is analyzed,and a feature selection algorithm that combines Gini importance and Pearson correlation coefficient is implemented to filter relevant features and complete the low-dimensional training set.(2)In response to the high false alarm rate and low detection rate of existing intrusion detection models,a multi-classification model based on CNN and bidirectional GRU is implemented,and the self-attention mechanism is introduced.Combine CNN and bidirectional GRU as a hierarchical structure to extract the spatial and temporal features in the intrusion detection data respectively,then aggregate the spatiotemporal features extracted by average pooling and max pooling,then use the attention mechanism to further extract key information,and finally add weight decay term to optimize the loss function.(3)Using the UNSW-NB15 dataset for evaluation,the Pearson product-moment correlation coefficient and the Euclidean distance value between the real sample and the generated fake sample show the validity and accuracy of the data balance method in this paper.The overall precision,recall and F1-score of the intrusion detection model in this paper on the unbalanced dataset are 84.58%,84.77% and 84.68%,respectively.And the evaluation metrics are increased to 86.04%,85.95% and 85.99% respectively after using the data balance method,and F1-score of the four minority attacks of Analysis,Backdoor,Shellcode and Worms increased by 53.76%,44.94%,66.08% and 44.87%,respectively.It shows that the intrusion detection method in this paper has good detection performance.