Research On The Intelligent Network Security Defense Technology

The advancement of Internet of Things(IoTs),big data,cloud computing,and intelligent terminals has resulted in a highly complex network environment with constantly evolving cyber threats.To ensure the security of cyberspace and facilitate the growth of the national digital economy,it is imperative to develop the intelligent network security defense technology and implement real-time and effective detection of network intrusions.Over the past decade,the artificial intelligence technologies embodied by deep learning have made significant advancements in field of network intrusion detection.These technologies have improved the intelligence level of network security defense technology and enabled faster and more effective detection of network threats.Despite these advancements,malicious attackers have also evolved their attack technology,resulting in new attack surfaces and an increasing number of attacks that often exceed the processing capability and perception range of existing network security defense systems.These challenges include the lack of adaptive defense capability against unknown attacks and new threats,poor scalability of large-scale distributed networks,and the lack of robustness against poisoning attacks.Therefore,to overcome these challenges in practical scenarios,this paper focuses on studying intelligent network security defense technology based on deep learning-based network intrusion detection technologies.The goal is to enhance the adaptability,scalability,and robustness of network security defense technology.The main work of this paper is as follows:Firstly,the open-set classification-based unknown attack detection and adaptive defense scheme is proposed.Existing deep learning-based network intrusion detection algorithms have insufficient processing ability to unknown attacks and lack adaptive defense ability to unknown attacks.To address this challenge,this paper firstly proposes the unknown attack detection algorithm based the on open-set classification network(OCN).OCN designs two novel training loss functions,including Fisher loss and Maximum Mean Discrepancy loss,which enables to realize the finegrained recognition of known classes and the effective detection of unknown attacks.Then,this paper proposes the unknown attack discovery algorithm based on embedding clustering,to proactively discover hidden unknown attacks from all unknown instances detected by OCN.Finally,this paper proposes the adaptive updating algorithm of unknown attack detection model based on class incremental learning,which realizes adaptive defense against newly discovered unknown attacks by efficiently updating the classifier.Extensive experimental results demonstrate that the proposed scheme achieves the unknown attack detection accuracies above 90%,and also verify the feasibility of the adaptive defense against unknown attacks.Secondly,the federated continual learning-based distributed intrusion detection system is proposed.Given the large-scale and distributed nature of IoT,this paper designs the distributed intrusion detection system based on federated continual learning to protect the security of IoT.It enables the collaborative training of the global intrusion detection model while preserving data privacy.Firstly,due to the access of massive heterogeneous IoT devices,the collected distributed training traffic data may be nonindependent identically(Non-IID)distributed data across devices,which will lead to the performance degradation of federated learning.Thus,this paper proposes federated continual learning to improve the performance of the distributed intrusion detection system on Non-IID traffic data.Secondly,owning to the limited communication bandwidth of IoT devices,this paper proposes the bidirectional compression and error compensation(BCEC)algorithm to reduce the uplink and downlink communication overheads.The BCEC algorithm also locally compensates the bidirectional compression errors to ensure the convergence performance of training.Experimental results demonstrate that the proposed federated continual learning method can boost the detection performance by up to 46%with Non-IID data while dramatically reducing the communication overheads.Thirdly,the two-tier defense mechanism for poisoning attack against distributed intrusion detection system is proposed.Considering that federated learning-based distributed intrusion detection system has exhibited inherent vulnerabilities on the poisoning attacks launched by malicious clients,this paper designs the two-tier defense mechanism for poisoning attack against distributed intrusion detection system to enhance its robustness,including the model-level defense mechanism and the datalevel defense mechanism.Firstly,the model-level defense mechanism based on poisoned model detection is proposed.Specifically,this paper proposes the gradient-aware important model parameter selection method and the online unsupervised poisoned model detection method to effectively identify the poisoned models and reject them from joining the global intrusion detection model aggregation.This proposed approach mitigates the negative effect of the poisoning attacks.Secondly,on the basis of model-level defense,the data-level defense mechanism based on poisoned data detection is proposed.Concretely,this paper proposes the class path extraction method based on layer-wise relevance propagation and the poisoned data detection method based on class path similarity to filter out the poisoned traffic data effectively.The remaining clean traffic data is then leveraged to participate in the subsequent local training,further enhancing the defense ability for the poisoning attacks.Experimental results reveal that,when launching poisoning attacks under Non-IID traffic data settings,the model-level defense mechanism improves the performance of distributed intrusion detection system by 36%and the datalevel defense mechanism further improves the performance by 13%.Fourthly,the evolutionary distributed intrusion detection method towards the dynamic environment is proposed.The deployment environment of existing distributed network security defense systems is complex and dynamic,which poses challenges for their continuous adaptivity to new network attacks.To overcome this limitation,this paper proposes the evolutionary distributed intrusion detection method based on federated continual representation learning.This method designs the supervised contrastive loss based on the current traffic data stream and memory replay data and the global information-aware regularization loss to jointly optimize the local embedding network.This strategy facilitates effective feature representation learning from dynamic traffic flows across clients,enabling continuous learning of new attacks while maintaining the ability to discriminate against previously encountered attacks.Additionally,a federated aggregation method for global intrusion detection is designed to enable the global intrusion detection model to identify all attacks encountered by all clients,thereby enhancing the global defense capability against new attacks.Additionally,this paper proposes the prototype variance-based memory update strategy to ensure the effective memory replay data with limited memory size.Experimental results indicate that the proposed federated continual representation learning method outperforms the state-of-the-art dynamic federated learning methods by 13.3%-31.5%in terms of average accuracy.