Research On Intrusion Detection Technology Based On Generative Adversarial Network

With the rapid development of Internet and serious threats to network security,it is of great value to study effective intrusion detection algorithms.The problem faced by traditional intrusion detection algorithm is that the number of attack behaviors is smaller than that of normal behaviors,and it is easy to be affected by data imbalance during intrusion detection.Another problem is the scarcity of labeled data sets available for training in a variety of complex scenarios,and the vast majority of the data used for training are normal data.Based on these practical problems,this paper uses unsupervised learning to train.During training,normal data are used for training,while abnormal data representing attack behavior can be identified in the test phase.This paper studies traffic intrusion detection and log intrusion detection from two perspectives.The main research contents and innovations of this paper are presented as follows:(1)In order to solve the intrusion detection problem in network traffic,this paper uses a complementary adversarial generation network algorithm.The algorithm uses a generative adversarial network structure,which is divided into generators and discriminators.The generator tries to find the complementary distribution of the normal samples and enters the complementary samples into the discriminator for training as the abnormal data and the normal data in the training set.The complementary sample is outside the normal sample distribution and very close to the normal sample.Use stacked asymmetric autoencoders as discriminators.The autoencoder algorithm can detect anomalies by calculating the reconstruction error.The asymmetric encoder used in this paper can improve the computing performance without affecting the accuracy.Through various experiments,it is found that compared with other algorithms,the proposed algorithm has better accuracy and better time performance,which proves that the complementary adversarial generation network algorithm can effectively improve the accuracy and robustness of intrusion detection.(2)In order to solve the intrusion detection problem in logs,this paper proposes the log parsing algorithm based on prefix tree clustering and the Log Exception Detection(GLAD)algorithm based on GAN.Prefix tree clustering algorithm is used to construct prefix trees for offline log data,and log templates are constructed by clustering.Spell algorithm is introduced into real-time log data to analyze new log data.The log anomaly detection algorithm based on GAN uses stacked LSTM/GRU autoencoder as generator to generate a new log sequence after encoder encoding and decoder decoding after training input.The discriminator also uses stacked LSTM/GRUs to identify whether the input data is from the training set or generated by the generator.The generator can capture temporal dependencies and semantic patterns of log sequences and reconstruct them with minimal error.The discriminator can learn to rank the reconstruction errors of different log sequences and assign them exception scores.In the exception detection phase,GLAD algorithm calculated the final exception score by calculating the reconstructed score and discriminant score.Experiments show that the proposed algorithm has higher accuracy and time performance on the log data set.