Research On Intrusion Detection System Of High Speed Traffic Network Based On Machine Learning

As the high-speed development of the network brings convenience to people,its own vulnerability also provides the opportunity for hackers and malicious attackers to invade.And the increasing complexity and diversification of the intrusion attack means the higher requirements for the cyberspace security.As the direct carrier of network attack,network traffic contains a large number of network behavior characteristics,which provides data support for the design of threat intelligence analysis,intrusion detection and other systems.To improve the existing intrusion detection methods through network traffic analysis,based on deep learning and other machine learning algorithms,on the one hand,it improves the feedback mechanism at the sampling level to reduce the calculation burden and increase the entropy sensitivity.On other hand,it improves the existing traffic feature set construction mode at the traffic feature level to reduce its acquisition time and increase the detection accuracy both under the camouflage protocol Increase and the small sample conditions.Firstly,taking flow as the basic unit of flow processing,the current "sampling feedback" mechanism with high computational burden is improved.By analyzing the clustering and period dividing of flow,the feedback mechanism of high-speed flow intrusion detection is designed.The centralized feedback is improved to the decentralized feedback,which makes the feedback node more suitable for the flow law,reduces the flow scale to be detected in the system,and reduces the overall calculation.The calculation burden increases the sensitivity of the system to the traffic entropy value when the attack occurs.Secondly,a new traffic feature representation method "port interaction mode mapping in the link layer" is designed to replace the existing traffic feature set.A quantitative representation of the new features is defined.The session is regarded as a time series,and the coherence of long session and short session is analyzed by autocorrelation graph.The 4-D time series feature is transformed into high-dimensional feature by phase space reconstruction,and the delay time and embedding dimension of phase space reconstruction are determined by interactive information method and false nearest neighbor method respectively.Finally,the effectiveness of the proposed feature representation method is proved by the visualization of high-dimensional feature.Thirdly,based on the improved feature set,a multi model evaluation mechanism is designed to classify the sessions to achieve the effect of intrusion detection.By designing a multi model deep network comprehensive evaluation mechanism based on one-dimensional convolution network and long-term memory network,the session is mapped into three-dimensional model space,and finally the abnormal traffic classification is completed by the pre trained support vector machine.The comparison experiment shows that the proposed method reduces the feature acquisition time of the existing method,and improves the accuracy of the test for both data camouflage and small sample situation.