Research On The Key Technology Of Network Intrusion Detection Based On Deep Learning

Network intrusion detection systems provide information feedback and decision support to users or other network defensive systems by sensing various threats in cyberspace.It is an important means to maintain the security and stability of the network environment.How to build an efficient,accurate and reliable network intrusion detection model is the core content of related research.Through the investigation and analysis of existing literature and practical engineering experience,it can be seen that network intrusion detection model has the following problems in in the phases of data collection,model construction and deployment:(1)Data Collection.Network intrusion detection model is faced with the problem of insufficient training samples especially in real scenario,and the existing methods are difficult to ensure the performance under the condition of insufficient samples;(2)Model Construction.Network intrusion detection model is faced with the problem of high dependency of manual annotation and expert knowledge,and the performance of existing low dependency methods is poor;(3)Deployment.Network intrusion detection model is faced with the problem of performance degradation,which is related to the distributional difference caused by network domain shift,and the existing methods are not robust to the problem.Based on the above analysis,the main research work of this paper is as follows.1.Aiming at the problems of insufficient training samples,a method of network security data reinforcement based on Multi-Class Variational Auto-Encoder(MVAE)is proposed based on the idea of generative learning.Firstly,the structure of the variational Auto-Encoder is improved for better ability to generate traffic characteristic data.Then,the distribution is fitted based on a small amount of traffic characteristic data of different network behaviors.Finally,the magnitude expansion and class balancing are achieved through random sampling on the distribution,decoding and parameter adjustment.The experiment results show that this reinforced model achieve 95.29% on accuracy in the evaluation stage,which is better than the detection level of the baseline under the condition of insufficient samples and close to its detection level under the condition of sufficient samples.2.Aiming at the problem of high dependency on manual annotation,a network intrusion detection method based on contrastive representation learning is proposed based on the idea of semi-supervised learning.Firstly,Contrastive Representation for Network Data(CRND)is designed according to the idea of comparative learning,which mainly relies on unannotated data to complete knowledge learning.Then,Sparse Augment Network(SAN)is designed to generate self-supervised signals to assist CRND training.Finally,the encoder in CRND is used as the feature extractor,a multi-layer perceptron is used as the classifier,and a small amount of annotated data is used to fine-tune the model to recognize the intrusion.The experiment results show that the network intrusion detection model based on CRND with 200 annotated data to fine-tune is superior to other unsupervised baseline models in the accuracy of 96.13% on the evaluation data set,and has the ability of continuous learning with the increase of the amount of fine-tuned data.3.Aiming at the problem performance degradation in the deployment phase,a network intrusion detection method based on domain confusion is proposed based on the idea of domain adaptation.In order to improve the robustness of the network intrusion detection model to network domain shift,Domain Confusion Network(DCN)is designed for feature transformation,where the traffic characteristics data in different network domain are mapped into the same feature space to reduce the impact of domain distribution differences on the model performance.Then the information loss regularization term is proposed to control the information loss phenomenon in the process of feature transformation to ensure that the transformed features retain enough information for intrusion detection.Finally,the DCN is trained by the adversarial training method and applied to the detection of intrusion behavior.The experiment results show that the performance of the network intrusion detection method based on DCN has high robustness to network domain changes,and the detection accuracy on the migration evaluation dataset is increased by 5.07%.