Research On Network Intrusion Detection Method Based On Machine Learning

Modern network security technology is a critical technology in the development strategy of "Industry 4.0" digital intelligent network + application and "Made in China 2050" intellectual manufacturing major project,and the national "14th Five-Year Plan.It also has a significant position in the national "14th Five-Year Plan".The global network security situation is still severe in the complex and changing international status,prompting a new round of scientific and technological industrial revolution rapid change,coupled with the new crown pneumonia epidemic risk of intertwined superposition.For critical industries and new technologies,new scenarios of Cyber security threat events frequently occur,forcing the essential deepening of infrastructure security construction and strengthening the security risk prevention of new technologies and applications.China’s digital economy turned into a new stage of deepening development to address the new situation and Cyber security challenges.Studying cutting-edge technologies such as model architecture,feature self-learning,deep learning detection,and dynamic adaptive analysis methods related to Cyber security intrusion detection is necessary.The thesis addresses machine learning-related techniques in network intrusion/attack detection methods,starting from network intrusion detection model theory,Io T,and wireless sensor network intrusion detection techniques.The theoretical research and experiments are conducted using a combination of machine learning methods,deep learning feature theory,and integrated learning models,and the usability of the proposed methods for intrusion detection in modern network environments is fully verified.The research focuses on several critical issues of machine learning-based intrusion detection,such as recurrent neural network feature selection,semi-supervised deep learning Io T intrusion detection,self-learning intrusion detection in wireless sensor networks,and adaptive learning intrusion detection.The specific research work is as follows.1.The detection model scans the network to determine the presence of intrusion activity or security vulnerabilities and detects intrusions by looking for features of known attacks or variability in regular activity.Intrusion detection systems need to examine features extracted from raw network data,also for small networks.In addition,most of the extracted data will be noisy and will result in the presence of irrelevant features that degrade the performance of the classifier.Therefore,it is essential to select data using a dimensionality reduction algorithm.To address the above issues,a deep learning method for detecting attacks based on long and short-term memory is proposed,invoking principal component analysis and mutual information for dimensionality reduction and feature selection.The proposed intrusion detection method has been experimented with on the KDDCPU’99 data.The results show that the deep learning and PCA-based intrusion detection method achieves better training and testing accuracy in binary and multi-feature classification.2.The extensive traffic data of Io T provides data assurance for studying Io T intrusion detection techniques.Marking Io T traffic features requires much work,but the number of marked records is small,increasing the difficulty of identifying attacks and intrusions.To address the above problems,a network learning algorithm is proposed around the theory of a semi-supervised deep learning algorithm and combined with the intrusion detection method of Io T data features to fine-tune the learning Spatio-temporal representation by multi-scale residual time convolution.A traffic attention mechanism is applied to estimate the importance of scores of features to help the model focus on the critical information of the target.The algorithm is integrated into the Io T intrusion detection method to provide efficient real-time intrusion detection.Finally,experiments on two datas(CIC-IDS2017,CIC-IDS2018)show that the algorithm improves the efficiency of intrusion detection and maintains computational efficiency while improving the algorithm’s robustness.3.The study of automated machine learningtheory helps in rapid intrusion detection and attack prevention in wireless sensor networks.Currently,the performance of automated machine learning models is driven by their hyper parameters to complete the learning or training of data,and accurate prediction of data results can be achieved by optimizing or tuning the hyper parameters by multiple methods.However,manually selected methods for optimal hyper parameters require personnel with high expertise to determine them,resulting in inconsistent hyper parameter optimization.An automatic machine learning model was introduced to select the optimal hyper parameters,and four synthetic predictors were extracted using Monte Carlo simulation to address these problems.The process regression performed well with correlation coefficient(R = 1),root means square error(RMSE =0.007),and bias of-0.006,outperforming other automated machine learning models.In addition,the model was tested for performance on a publicly available sensor intrusion detection data,and very satisfactory results were obtained.4.While feature-based intrusion detection techniques perform attack alerts based on the characteristic patterns of known attacks,anomaly-based intrusion detection techniques are highly efficient for detecting new or unknown attacks.In a dynamically changing and non-uniform network environment,inappropriate initialization parameters can produce poor clustering results and affect the generation of a standard or attack pattern library.To address the above problems,a Gaussian mixture clustering method is used to learn the network connection patterns of normal and abnormal attack behaviors,and a genetic algorithm-based global optimal Gaussian mixture model learning method is proposed,which can perform pattern learning of normal and attack network behaviors in a simplified data attribute space.The experimental results show that the adaptive network intrusion detection method is more effective and superior in intrusion detection,providing a theoretical basis for widespread application of more complex and realistic network security monitoring.