| The traffic data in the current network environment is more huge,complex and multidimensional than ever before.In order to capture malicious network attacks from massive data,network intrusion detection system(NIDS)based on machine learning and deep learning has become a mainstream research method,but there is still a high rate of false positives and false negatives in detection.Based on this,this paper mainly focuses on the unbalanced network traffic,and studies how to effectively mine malicious attacks,how to improve the class imbalance learning of network traffic,and how to improve the ability of the model to identify and generalize attack classes,specifically including the following two parts:(1)Aiming at the unbalanced network traffic,a difficult sample sampling algorithm hssa is proposed at the data level to mine malicious network attacks.The core idea is to divide the intrusion training set into difficult set and easy set through the neighborhood editing algorithm,and cluster and compress the multi class samples in the difficult set and enlarge the small class samples.Finally,the sampled difficult set and easy set are combined into a new training set.The experimental results of hssa on classic intrusion data sets nsl-kdd and cse-cic-ids2018 show that it is superior to other sampling methods,and significantly improves the performance of multiple machine learning and deep learning classification models.The average accuracy and F1 index are improved by2.54% and 3.13% respectively.(2)In order to improve the learning of unbalanced network traffic,it is necessary to capture the similarity of samples in different network traffic categories,enhance the mining and analysis of network data flow characteristics,and reduce the false positive rate and false negative rate in the detection process.At the model level,a contrastive learning method called conflow is proposed for network intrusion detection.The core idea is to use the randomness of dropout to input the same traffic into the encoder twice to obtain different vector representations of the same network traffic.In the training phase,the monitoring comparison loss and cross entropy loss are combined.The experimental results of the conflow method on ISCX-IDS2012 and CSE-CIC-IDS2017 data sets show that it is superior to other work,and the performance improvement on small sample learning is more significant.The cross training and testing on different data sets verify its more generalization and robustness.This paper exploits the potential risks in the network environment through difficult sample sampling algorithm and contrastive netflow learning method,and improves the real-time and accuracy of network intrusion detection.It has far-reaching practical significance for constructing intrusion detection with high accuracy and low false positive rate. |
PDF Full Text Request