Research On Multi-Target Fusion Multi-Strategy Collaboration Network Intrusion Detection

Modern society is increasingly dependent on computer networks,and network security threats are constantly evolving.Network intrusion is a widespread threat,which may lead to sensitive information leakage,system interruption,service interruption,and potential financial losses.The research and application of network intrusion testing can be found in malicious activities early to help organizations take appropriate measures to reduce potential risks.In addition,compliance regulations also require many organizations to take effective network intrusion testing measures to protect customer data and sensitive information.Studying network intrusion testing not only helps to improve network security,but also help maintain the reputation of the organization,ensure business continuity,and meet the requirements of regulations and compliance.Therefore,the network intrusion detection plays important roles in daily digital times.In modern networks,there are various types of communication protocols,services and applications,and each may become potential attack targets.In order to effectively identify and prevent various types of network intrusion,a large number of characteristics need to be considered,including traffic mode,protocol,data packet content and other aspects,resulting in high-dimensional network traffic.In addition,network traffic comes from relatively small network intrusion incidents in reality,while normal network traffic accounts for the vast majority.There are many types and methods of network intrusion,and each intrusion may have different characteristics and influence,which makes the differences between normal traffic and abnormal traffic more significant.As a result,network traffic showed decision-making bias.At the same time,with the rapid development of the Internet,there are a large number of devices,applications and services in the Internet,hundreds of millions of equipment,including computers,smartphones,and Io T devices,which are connected to the network.The huge network scale produces huge amounts of communication and data transmission.As a result,network traffic shows a large scale.Focusing on the above problems and challenges,this thesis proposes multi-target integration multi-strategy collaboration network intrusion detection to achieve self-weigh,self-organization,and interpretable detection strategies.The main researchis as follows.(1)Propose model-particle collaborative surrogate-assisted feature reduction algorithm(SAFE),the problem that are optimized by model particles to cooperate with highdimensional complex spaces.Specifically,first solve the problem of high-dimensional combination optimization in the simplified attributes through the surrogate model,and reduce the complexity of calculation;then propose a model-oriented optimization mechanism to make up for the error between the surrogate model and the complex problem,and correct the effective solution,improve the overall effective solution quality;then the emergence of dynamic optimization through particles,and the linear relationship between effective solutions and surrogate models has emerged with less local dependence,which drives solution to jumping out of local optimal,enhance the overall ability.Finally,the model-oriented collaboration with particles emerged,starting from the surrogate model and particles,and enhanced the quality of the feature subset in the network intrusion detection.(2)Propose systematically adaptive forest evolution ensemble rules(SAFER),through interaction feedback from reduction tree and reduction forest establish a self-organized generalized ensemble model.Specifically,the multi feature subset of network traffic are used to build a variety of reduction trees to reduce the space complexity of the ensemble model;then propose the diversity and weight method of the reduction tree,the match the elimination algorithm is applied to accurately describe the diversity of reduction tree,use the characteristics of the feature in feature subset to build the weight of reduction tree.Through the diversity and weight,the interdependent reduction tree builds a competitive relationship to achieve the independent evolution of reduction tree.Finally,through an incremental formation method,the dynamic interaction between the ensemble reduction Forest and the reduction tree,and adaptively build a lightweight ensemble model to implement the common evolution of the base classifier and the ensemble model.(3)Propose the multi-branch enhancement explainable deep forest for network intrusion detection(Meed),the systematically adaptive forest evolution ensemble rules is used to build end-to-end architecture,establish deep forest and give the explain of decisions process.Specifically,on the basis of ensemble the reduction Forest,extracts complete decision-making branch structure to ensure that the branch has high diversity and weight;and then through multi branch fusion strategies to use the end-to-end to realize the dynamic integration of the rules and the transformation of ensemble reduction forest to deep forests.The retention rules can explain and effectively expand the decision-making boundary and enhance the learning ability of the model.Finally,the stability and coverage of deep forest rules are defined,and the explanatory rules can be extracted from the deep model of convergence,the decision-making process of visual network intrusion detection,and providing reliable and interpretable rules for decision-making.In summary,the research presented in this paper focuses on the integration of multiple strategies for collaborative network intrusion detection.The objectives primarily revolve around solving high-dimensional complex spaces,constructing self-organizing generalized models,and enhancing decision interpretability.Various strategies such as SAFE,SAFER,and MEED are proposed to address these goals.Additionally,SAFE influences SAFER,and SAFER provides the underlying framework for MEED.These three strategies collaborate with each other to collectively achieve a reliable and trustworthy network intrusion detection system.This contributes to the enhancement of real-time response,intrusion detection rates,and detection determinism in network intrusion detection.