Research On Network Intrusion Detection Method Based On Improved CNN-LSTM And Transfer Learning

Internet technology makes people’s life and entertainment more convenient and efficient.However,while the Internet brings convenience to people,network intrusion brings security risks to the Internet environment.Intrusion detection system as a network security protection tool,can rapid detection and identification of dangerous invasion and provide emergency response,but there are still some problems in intrusion detection research: the problem of the massive high-dimensional data processing,data sample imbalances,model generalization ability difference leads to the problem of low efficiency of detection effect is poor,etc.This paper aims at network intrusion detection as the research objective,combined with deep learning method to establish a model to solve the current problems in intrusion detection,with the Internet brain platform as the background,research and design of a network intrusion detection system.The specific work of this paper is as below:(1)Aiming at the problem of unbalanced data samples in network intrusion detection,this paper adopted the method of adjusting the weight of cost function and proposed an improved CNN-LSTM network intrusion detection model.Deal with huge amounts of data are extracted by using convolution neural network characteristic advantages and short-and longterm memory network advantage in dealing with a time series characteristics,fully consider the invasion of the scheduling and global characteristic of information,to CNN and LSTM are combined to become algorithm model of this paper,based on the weight adjustment cost function,according to the category of the abnormal data samples,At last,the experiment proves that the method used in this paper increases the recall rate(recall rate)by 1.2% on average and reduces the false positive rate by 0.15% on average,which effectively solves the problem of unbalanced data samples.(2)To solve the problem of poor generalization ability of the model trained from massive network traffic data,this paper adopts the method of transfer learning and proposes a neural network model based on CNN-LSTM and transfer learning.Design the high performance of a neural network model using the above research,introducing the migration study,and the trained model parameters of sharing,make the classification model is suitable for the new network traffic data,improve the generalization ability of the model,the experiment proved that this article USES the method makes the model accuracy improved 26%,solve the problem of poor generalization ability of model.(3)A network intrusion detection system based on the algorithm above is designed and implemented to add new functions to the Internet brain platform.After analyzing the system requirements and designing the system architecture,the functions of data acquisition,intrusion detection,abnormal alarm and management control are realized.The system can detect the intrusion or abnormal behavior and record the detection information,realize the network intrusion alarm,but also through the background management module to achieve users and administrators of the system,intrusion detection information and alarm information management.The results of functional test show that the system can accurately detect abnormal data and realize abnormal alarm of intrusion detection.