Research On Network Intrusion Detection Method Based On Hybrid Deep Learning Model

With the widespread use of Internet technology,ensuring the confidentiality of important data has become a major challenge.Network intrusion detection has become an effective means of protection against network attacks by combining with current state-ofthe-art technologies to protect computer networks from ongoing network intrusions or illegal accesses that have already occurred.However,some existing network intrusion detection methods still suffer from low accuracy of multi-category detection,incomplete feature information extraction/learning,low detection rate of rare attacks,and low detection efficiency.To address the above problems,this paper conducts research on network intrusion detection methods based on hybrid deep learning models,as follows.(1)Aiming at the problems that the current network intrusion detection methods are not enough to learn the global and local correlation feature information of network intrusion data,and the accuracy of multi-classification detection is low,a network intrusion detection method based on SA-BTCN is proposed.Firstly,a two-layer time convolutional network(BTCN)is built to extract deep-level features from the input data;then a self-attention(SA)mechanism is added to compensate for the problem that the TCN does not extract enough global feature information from the network intrusion data due to the small sensory field,so that the local and global feature information of the network intrusion data can be effectively learned.The experimental results show that the method can achieve better detection results.(2)Aiming at the problems of incomplete feature information extraction and low accuracy of multi-classification detection in current network intrusion detection methods,a network intrusion detection method based on CNN-BiLSTM-XGBoost is proposed.Firstly,a network structure CNN-BiLSTM based on the combination of convolutional neural network and bidirectional long short-term memory network is established to extract the spatial and the temporal features of network intrusion data.Then,the concatenate layer used to fuse the two features.the traditional fully connected layer is replaced by extreme gradient boosting(XGBoost)to obtain the feature information from the input layer to the fusion Finally,XGBoost is used to replace the traditional fully connected layer to obtain the feature information from the input layer to the fused layer for classification.The experimental results show that the method can achieve high detection accuracy.(3)Aiming at the problems of low detection rate of rare attacks and long training and testing cycle of current network intrusion methods,a hybrid network intrusion detection method based on unbalance of multi-classification data is proposed.First,the K-Means algorithm is used to achieve random sampling of multi-class samples;then the SMOTE algorithm is used to oversample the rare attack samples to obtain balanced data samples;finally,the information gain(IG)is used to select important features to obtain the optimal subset of samples.The sample subsets are input into the network intrusion detection methods proposed in(1)and(2)respectively for experiments,and the comparison results show that the method can effectively improve the detection accuracy of rare attack samples,while having a low training time and improving the efficiency of network intrusion detection.To sum up,in view of the problems existing in the current network intrusion detection methods,this paper proposes three solutions,which can more comprehensively extract/learn the characteristic information of network intrusion data,effectively improve the detection rate of rare attack samples,obtain a higher multi-classification detection accuracy,and improve the detection efficiency.