Research On Active Defense Technologies For Network Security Based On Machine Learning

With the rapid development of technologies such as artificial intelligence and big data,traditional passive defense technologies for network security such as data encryption and identity authentication can no longer fully resist intelligent,complex and diversified network attacks.When a network attack successfully breaks through the passive defense measures,it will cause fatal harm to the information system.Aiming at the above problems,this thesis conducts research on active defense technologies for network security with intrusion detection and strategy decision-making as the core,so as to realize the three-stage online active defense for information systems: real-time detection,vulnerability assessment,strategy decision-making.Aiming at the problems of current intrusion detection technology,this thesis proposes two intrusion detection methods combined with swarm intelligence optimization algorithm and machine learning algorithm.Firstly,the data dimensions are compressed based on the stacked sparse autoencoder to form a new feature subset;then chaotic mapping and random walk are used to optimize the sparrow search algorithm to improve the search ability and development ability of the algorithm;finally,the improved sparrow search algorithm is used to optimize the support vector machine and the extreme learning machine respectively,so as to obtain two intrusion detection methods which can improve the anomaly detection effect.Aiming at the current confrontational relationship between attacker and defender of the network,this thesis combines game model and reinforcement learning to propose a network security defense strategy decision-making method.Firstly,a vulnerability assessment model based on attack graph and Common Vulnerability Scoring System is proposed to reduce the complexity of the game model;then the network attack and defense problem is designed as a multi-stage random game model;finally,the reinforcement learning Minimax-Q algorithm is introduced to make the decision of the network defense strategy,the algorithm can converge to the optimal defense strategy after multiple learning,so as to take into account the impact of both risk and resources in the defense process.Multiple sets of comparative experiments show that the two intrusion detection methods proposed in this thesis have achieved better detection results than traditional machine learning algorithms in the classification tasks under the two data sets of NSLKDD and UNSW-NB15,and have effectively improved the original The detection speed of the algorithm.At the same time,the defense strategy decision method that combines game model and reinforcement learning proposed in this thesis can successfully predict most of the attack intentions in network offense and defense,and has a higher defense winning rate than other methods in the face of rational attackers,and compared with related work,the method proposed in this thesis is more suitable for real and complex network environment.Therefore,the research work of this thesis has guiding significance and practical value for strengthening the construction of cyberspace security.