An Intrusion Detection Model Based On SAE-BALSTM

With continuous innovation and development of internet technology,it brings huge convenience to people's daily life,work and study.With the characteristics of openness,sharing and diversity,the problem of network security becomes more and more serious,and the cyber attacks also happen frequently.Network security is not only related to the benefits of individuals or enterprises,but also related to national security.Intrusion detection system(IDS)plays an important role of maintaining network security.It can actively detect the potential intrusion behavior in the network and has been deeply concerned by the majority of researchers.Today's network data is characterized by large quantities of high-dimensional data,while traditional intrusion detection models are learned by rule matching or classification and clustering algorithms,which rely on feature selection and extraction,and the traditional model in the detection rate,false alarm rate are difficult to meet the requirements of today's network environment.In addition,there is imbalance in the data of intrusion detection system,which makes the detection results tend to be biased..In recent years,deep learning technology has emerged rapidly and been widely used in various fields.In this paper,deep learning technology is introduced into intrusion detection model to solve some problems in the traditional model.The main work of this paper is as follows:(1)Aiming at the imbalance of data samples,this paper adopts Smote-Tomek combined sampling method to reduce the imbalance of data samples,improve the detection ability of the model for a small number of sample categories,and carry out experimental verification.(2)Aiming at the problem of high data dimension and high cost of acquiring large amount of labeled data,this paper proposes an intrusion detection model based on stack autoencoder,which can automatically extract features from large amount of unlabeled data and reduce dimensions,get the representative deep feature representation.In addition,the problem of fitting was solved through batch standardization and early stop mechanism,and experiments were conducted on the UNSW-NB15 Dataset.(3)Aiming at the problem that bidirectional short-and long-term memory networks lack the ability to select important features,an d long-short term memory network with attention is proposed.And a new intrusion detection model is proposed based on it,which takes the data extracted by stack autoencode as the input data of the network model.The model can not only mine the relationship between the context information and the current information,but also pay attention to the important features.The experimental results of the UNSW-NB15 data set show that the detection rate and false alarm rate of the model are improved compared with other models,and the validity of the model is verified.