Research On Network Intrusion Detection Algorithm Based On Statistical Analysis And Incremental Learning

With the rapid development of computer and Internet and the advent of the Big data,network security has become an important issue.At present,the number of network attacks is increasing,and the types of attacks have a diversified tendency,which seriously affects users’ work and study,personal privacy,property security and other aspects.Therefore,intrusion detection,as one of the defense lines of network security,has become a focus for relevant researchers at home and abroad.This thesis focuses on intrusion detection research from two perspectives of correlation analysis in statistical analysis and incremental learning respectively,and the main work is summarized as follows:1.Nowadays Internet contains a large amount of high-dimensional data which brings more and more difficulties for intrusion detection,so an intrusion detection method based on correlation analysis is proposed.Firstly,the correlation analysis of different features is performed using the cross tabs to initially filtrate the features of the dataset,then the feature redundancy is introduced to optimize the recursive feature elimination algorithm based on random forest to obtain a strongly correlated and low redundant feature subset.Finally,the correlation between different features within each sample is analyzed using the multivariate correlation analysis method to discover the difference between the normal traffic and abnormal traffic Finally,we use multivariate correlation analysis to analyze the correlation between different features within each sample to discover the difference in the internal relationship between sample and sample,and propose a method to construct a sample feature metric matrix to calculate the cosine distance between the sample and the vectors in the feature metric matrix,so as to determine whether the new data belongs to the attack type.The results of comparison experiments on the NSL-KDD dataset show that show that the algorithm is improved by 4.9% on average,the recall is improved by 3.5% on average,and the F-measure is improved by 5.0% on average,which can indicate the proposed method is significantly better than that of the comparison algorithm.2.Most current internet intrusion detection methods are poorly adaptive,so an incremental intrusion detection method based on probabilistic neural networks is proposed,which firstly introduces the probability into self-organizing incremental neural networks,defines probability membership as the criterion of classification to obtain an unsupervised incremental competitive learning network which can get the prototype vector of data distribution.Secondly,the prototype vector is used as the sample layer of the PNN to construct a incremental learning network for intrusion detection research to complete the learning of new contents while detecting without affecting the previous learning results.Then comparing with machine learning algorithms and neural network methods used for intrusion detection,the experimental results show that the proposed algorithm has significantly better recall on sparse attack types than the comparison algorithms.the recall rate of U2 R was 56.7% and the recall rate of R2 L was 85.19%.What’s more,the overall accuracy and recall of the test set are also significantly improved.