Research On Intrusion Detection For Anomaly And Data Imbalance

The rapid development of Internet technology has not only brought convenience to people’s daily life but also brought a lot of cybersecurity problems.The emergence of worms,ransomware,and APT attacks pose a huge threat to people’s online security.However,traditional firewalls,authentication,encryption,and other technologies cannot effectively defend against such attacks,so there is an urgent need for safe and effective protection technology to respond to the emergence of network attacks.Intrusion detection can actively detect abnormal network activities and plays an important role in network security.Although many researchers have researched intrusion detection technology,there are still some problems in intrusion detection: large data dimensionality makes it difficult to implement efficient detection,low detection accuracy makes it impossible to effectively identify attacks,and unbalanced data makes it difficult to detect a few types of attacks.To address these issues,this paper conducts the following research:(1)For the binary classification situation in anomaly detection,an intrusion detection method based on LightGradient Boosting Machine(LightGBM)and sparse autoencoder is proposed.To address the problem of low detection efficiency,the recursive feature reduction method based on LightGBM is used to reduce the feature dimension to extract effective features.To address the problem of low detection accuracy,a two-stage decision-making step based on reinforced LightGBM and sparse autoencoder is designed.First,in order to enhance the classification accuracy of the LightGBM model,the Focus Loss(FL)function is introduced into the LightGBM model to enhance the performance of the model.Second,the enhanced LightGBM model is used to make preliminary decisions on network traffic to identify normal and attack classes.Finally,the reconstruction error of the sparse autoencoder is used to perform the secondary discrimination of the normal class.Experimental results show that the proposed method can improve the efficiency and accuracy of the intrusion detection system.(2)Aiming at the problem of data imbalance,a hybrid sampling method based on the Synthetic Minority Over-Sampling Technique(Smote)and Fuzzy C-Means(FCM)is proposed.Firstly,the Smote oversampling technique is used to oversample the minority class samples,thereby increasing the diversity of the minority class samples.Secondly,the FCM clustering method is used to cluster the majority class samples to divide different clusters,thereby reducing the number of majority class samples.After the above processing,the data reaches a balanced state.Finally,taking advantage of deep learning in feature extraction,the resampled training data are converted into an image form and input into a two-dimensional convolutional neural network for training.The experimental results show that the proposed method can improve the detection rate of intrusion detection systems for a few classes of attacks compared with other methods.