Research On Intrusion Detection For Network Traffic Data Based On Machine Learning

With the rapid development of computer and network technology,and the use of a large number of security devices and diverse data collection technologies,the Internet has become an important infrastructure for carrying massive amounts of high-dimensional data.While it brings great convenience to human production and life,it also makes the network security situation increasingly serious.Intrusion detection systems have become an integral part of cyberspace security by analyzing relevant network data to generate security policies and detect intrusion attacks timely.However,with the continuous growth of data dimensions and the explosive increase of data volume,traditional intrusion detection methods face practical problems such as increased time complexity and reduced detection rates.In response to the advantages of machine learning in effectively processing massive high-dimensional data,in-depth research has been conducted on the application of machine learning in intrusion and attack detection,and certain innovative results have been achieved.The main research works are as follows.Firstly,to address the problem that existing intrusion detection methods split the process of dimensionality reduction of high-dimensional feature attributes and the subsequent classification process,which leads to the mutual influence of detection performance index and time complexity of the system and makes it difficult to balance the comprehensive performance of the system,a multi-classification neural network intrusion detection method based on the combination of PCA and Softmax regression model is proposed.The method considers PCA as a single-layer neural network and cascades it with the Softmax regression model to build a three-layer neural network for intrusion detection.In particular,the concept of convergence speed Gamma is proposed in the method,and the value of p is automatically obtained according to the Gamma value,so as to minimize the impact of manual intervention on the system performance.It solves the superposition of data error in the dimensionality reduction process and classification accuracy error in the classification process to impact on the overall performance of the system and the difficulty of balancing the performance index and time complexity.Through experiments and comparison of other methods,it is verified that the proposed method has good detection effect and efficiency.Secondly,to address the problem of low detection rate in the learning process of attack categories with small sample size caused by the imbalance between attack data and normal data in intrusion detection,a high-dimensional outlier mining intrusion detection method based on the maximum frequent pattern frequency factor is proposed.Based on the analysis of high-dimensional outlier mining,the method introduces the concept of maximum frequent patterns in association rules,transforms mining complete frequent patterns into the problem of mining maximum frequent patterns.Outlier data is obtained by the high-dimensional outlier mining algorithm based on the maximum frequent pattern frequency factor,and intrusion detection patterns are constructed by analyzing on the outlier data with association analysis.The method solves the problem that complete frequent pattern mining is difficult to achieve,and the time complexity is high caused by the number of complete frequent patterns is much larger than the maximum frequent patterns.Through experiments and comparison of other methods,the effectiveness of the proposed method is demonstrated,and it has good performance in terms of both accuracy and time complexity.Thirdly,DDo S attack is a kind of large-scale attack with high damage,wide distribution and high degree of coordination.To address the problem that the combination strategy of relative majority voting mechanism in DDo S attack detection ensemble learning can only randomly select classification when the highest vote is not unique,a DDo S attack detection method based on ensemble learning considering the detection rate of base classifiers is proposed.In the method,PCA algorithm is used for feature extraction,Softmax regression,XGBoost algorithm and GRU neural network are used as the base-classifier of Stacking ensemble learning,and the relative majority voting mechanism considering the detection rate of the base-classifier is used as the meta-classifier.The method solves the problem that the classification accuracy is reduced when the highest vote is not unique in the combination strategy of relative majority voting mechanism.The experiments show that the proposed method,whether for binary classification learning or multi-classification learning,has excellent performance in all evaluation metrics,which verifies the effectiveness and applicability of the proposed method for DDo S attack detection.