| Nowadays,the operation of various industries and people’s daily life enjoy the convenience brought by the Internet,but at the same time,various network intrusion behaviors are also bothering network users.Network intrusion can bring great threats and losses to network users,so how to provide people with a safe network environment is an urgent problem to be solved.A network intrusion detection system is an important barrier to ensure network security.Traditional network intrusion detection methods are unable to cope with the current complex network environment.At the same time,network intrusion detection methods based on machine learning gradually become a research hotspot in academia due to their advantages of intelligence and automation.Therefore,combined with the characteristics of the network intrusion detection and the development of machine learning technology,this thesis conducts research from the following two aspects:(1)Aiming at the problem that the distribution of historical intrusion data and current intrusion data may be quite different in the field of network intrusion detection,the idea of transfer learning is introduced,and a network intrusion detection method based on Iterative and Weighted Easy Transfer Learning(IWEasy TL)is given.Easy TL is an existing transfer learning algorithm,and the given algorithm IWEasy TL is Easy TL-based.The given algorithm IWEasy TL first obtains the pseudo labels of the target domain by the Easy TL algorithm,then uses the random forest algorithm to obtain the feature importance with the help of the pseudo labels,and finally integrates the obtained feature importance into the label prediction process of the target domain,thus obtaining a more accurate transfer classifier model.The given algorithm can well overcome the data distribution differences,and achieve high intrusion detection performance.On the multi-group transfer tasks constructed based on the KDD99 dataset,the average F1 score of our method is as high as 99.69%,which is 36.05%~39.75%higher than that of the classical methods such as naive bayes and random forest,and also higher than the average F1 score of the Easy TL method.(2)Aiming at the situation that the original labeled intrusion data and the new intrusion data to be predicted in the field of network intrusion detection are in different feature spaces,a neural network framework that combines adversarial learning and heterogeneous transfer is studied.The framework consists of four parts: a source domain feature encoder,a target domain feature encoder,a shared classifier,and a domain discriminator.The main idea of the studied algorithm is that for effective transfer from source domain to target domain,predictions must be made based on features that cannot discriminate between the source and target domains,that is,the domain discriminator cannot distinguish whether the transformed feature comes from the source domain or the target domain.And at the same time,a shared classifier is learned for the classification of the transformed data of source and target domains.The above network is trained using backpropagation and stochastic gradient descent.In this algorithm,the feature encoders and the domain discriminator are trained in an adversarial manner,the domain discriminator is trained in the direction that it is easier to distinguish the transformed feature from the source domain or the target domain while the feature encoders are trained to fool the domain discriminator.In addition,the active learning method is combined with the above network to improve the prediction performance of the algorithm on the unlabeled data.On the multi-group heterogeneous transfer tasks constructed based on the KDD99,UNSW-NB15,and CIC-IDS-2017 datasets,when there are only a very small number of labeled samples in the target domain,there is a case where the accuracy achieved by BP neural network which cannot utilize heterogeneous source domain data is only 26.16%,but under the same setting,with the help of heterogeneous source domain knowledge,the studied algorithm can achieve an accuracy of 50.86%,which is 24.7% higher than that of BP neural network.At the same time,the introduction of active learning can further improve the performance of the model. |
PDF Full Text Request