Research On Methods Of Network Intrusion Detection Based On Deep Reinforcement Learning

As an active defense technology,the intrusion detection system protects the security and stability of the network environment through the effective detection of network attacks,which makes it a key component of the network security system.However,the dynamic and complex network environment enhances the concealment and harmfulness of network attacks,and the increasingly serious network attack threat brings a severe test to the existing network intrusion detection systems.In view of the key problems facing the current intrusion detection system,this paper introduces relevant strategies for research,aiming to improve the detection performance of the network intrusion detection system.The main research works of this paper are listed as follows:Firstly,the incomplete feature extraction ability on network traffic data of existing intrusion detection system leads to the problem of weak identification ability.From the standpoint of enhancing model feature extraction ability,the convolution neural network,bidirectional long short-term memory network and deep neural network are integrated in this paper,and a new model based on space feature fusion called CBDNN is proposed.The simulation results on NSL KDD and UNSW_NB 15 demonstrate that the model successfully extracts the comparatively comprehensive network traffic data characteristics and significantly enhances the model’s detection performance.Secondly,the high dependence on the data labels brings a large degree of limitation to the existing intrusion detection models.To solve the problem,the network intrusion detection process is constructed into a Markov decision process,and the classical double deep Q-network algorithm is improved using the CBDNN model to enhance the environment perception.A new intrusion detection algorithm based on the improved double deep Q-network is proposed.In addition,the Borderline-SMOTE algorithm is used to resample the network traffic data at the data level,so as to reduce the degree of data imbalance,and algorithm’s practicality and efficacy are confirmed.Finally,to address the issue of low identification on zero-day attacks encountered by intrusion detection models after being implemented in a real-world network environment,an active learning approach is utilized.The DDQN method is incorporated into the framework of active learning algorithms,and the DDQN model serves as a sample selection technique to construct an ADDQN network intrusion detection model based on the active double deep Q-network.The DDQN technique is used to choose valuable samples for annotation and train the classifier in order to enhance model’s detection performance and reduce data annotation costs.Furthermore,to assess the detection capability of the model for zero-day attacks,a new performance evaluation index Z-DRz is introduced to assess the zero-day attack detection rate.Several simulation experiments of zeroday attack scenario are performed to verify the effectiveness and necessity of the proposed algorithm.To handle problems the existing intrusion detection algorithm are facing,such as incomplete data feature extraction,data label dependence,data imbalance and zero attack,some effective approaches are put forward from the data level and algorithm level in this thesis.The simulation experiment results demonstrate that these modeling ideas have a good application potential.