Research On Key Techniques Of Network Intrusion Detection Based On Learning To Hash

With the continuous attention to network security,people have taken network intrusion detection as one of the main technologies to maintain network security,and also an important countermeasure to protect computing infrastructure from malicious attacks.Intrusion detection system is a software or hardware component,which is used to monitor computer systems and analyze the events in order to find the signs of intrusion.At present,the commonly used intrusion detection technologies include: model-based technology,machine learning technology,data mining technology.The intrusion detection technology based on machine learning is a hotspot of current research.But the current network attack traffic is abundant so that data gathering is more difficult,causing it difficult to retrain the model for each abnormal traffic.In this paper,a new idea is proposed.Learning to hash technique is applied to the field of network intrusion detection,and it is combined with the KNN classification algorithm to solve the problem that the existing intrusion detection methods need to consume a lot of resources and computing power to train classifiers,and need to repeat training classifiers to detect unknown classes.The main work of this paper includes the following two aspects:(1)This paper proposes an intrusion detection framework based on learning to hash,which consists of online real-time data gathering,network data preprocessing,hash coding,anomaly detection and classification,output of detection results modules.The detection effect of the intrusion detection method is evaluated based on NSL-KDD intrusion dataset,and compares it with KNN intrusion detection and classification experiments.(2)In order to further improve the time performance of our method,an optimization scheme is proposed.It combines the multi-index hashing for fast and accurate search in Hamming space to continue to accelerate the rate of intrusion detection.The classification time is only 1/400 th of directly using KNN classification algorithm for intrusion detection.In addition,in order to further improve the detection effect,two optimization schemes are proposed.The first one introduces a classification module based on data distribution ratio,which solves the problem that the detection effect is not very good because of the unbalanced distribution of normal and abnormal traffic data.The second one introduces a multiple RBA hash coding module based on distributed training.The idea of distributed training avoidssingle point failure,performance bottlenecks and other issues,as well as offsets the randomness of centralized training for the entire training set.Finally,it improves the detection effect and the stability of the whole intrusion detection system.The validation experiments in this paper are based on NSL-KDD dataset to evaluate the detection effect of intrusion detection methods.The experimental results show that the intrusion detection method based on learning to hash proposed in this paper is an effective network intrusion detection method.