Research On Lightweight Intrusion Detection Model And Algorithm Based On Deep Learning

In today’s cybersecurity field,the combination of deep learning and intrusion detection is gaining more and more attention.In the face of massive,high-dimensional network traffic with uneven sample distribution,how to be able to quickly and accurately detect anomalous traffic is the primary task of intrusion detection.Based on this,this paper combines deep learning with intrusion detection,using the powerful representing ability of deep learning to solve the above problems,this paper mainly focuses on reducing the dependence of the model on labelled data,optimizing the number of parameters in intrusion detection model,to build a fast and accurate intrusion detection model.The following is the paper’s primary contribution:(1)In view of the disadvantages that supervised learning methods require the use of a large amount of manually labeled data and the poor generalization ability of unsupervised learning models,we propose an intrusion detection model based on improved BYOL self-supervised learning named IBYOL-IDS.We adopt selfsupervised learning that model can be trained without labels,and self-supervised learning can fully exploit its own supervisory information from large-scale unlabeled data,and train the model with this fake supervisory information to learn highly generalizable and valuable representations of network traffic.The essence of deep learning lies in its powerful representation learning capability.The excellent results obtained in the transfer learning experiments of NSL-KDD,KDD CUP99,CIC IDS2017 and CIDDS＿001 are enough to prove the strong generalization ability of the self-supervised learning model and the generality of the extracted network traffic feature representations.(2)In view of the disadvantages that intrusion detection models are mostly deployed in the resource-constrained devices,for example,limited energy resource,low computational resource,bad communication environment as well as restricted storage capacity.We propose a lightweight yet efficient intrusion detection approach based on knowledge distillation and triplet convolution neural network named KD-TCNN,the complexity and computation of the proposed intrusion detection model can be reduced by three aspects to achieve more accurate,real-time as well as lightweight anomaly detection: feature selection,model compression,convolution neural network architecture.We also propose a new K-fold cross training method that uses the idea of pre-training and fine-tuning to enhance the performance of the proposed KD-TCNN.Compared to traditional deep learning approaches and several state-of-the-art models,the KD-TCNN model has significant advantages in all performance metrics on the dataset NSL-KDD and CIC IDS2017.(3)Since intrusion detection models are usually deployed on facilities with limited computing power and resources,and malicious traffic samples are difficult to collect,we propose a two-stage lightweight intrusion detection model named CL-SKD based on self-supervised learning and self-knowledge distillation to reduce the model’s overreliance on labels,optimize the model’s generalization ability,and greatly improve the speed of intrusion detection while reducing the complexity of the model.Firstly,we take advantage of self-supervised contrastive learning that can train model without labeled data to learn the feature representations of the essence of network traffic.Then we use self-knowledge distillation to transfer the feature representations learned by the large convolution neural network to the depthwise separable convolution network in the second phase.In this paper,we will conduct binary and multi classification experiments on the datasets KDD CUP99,NSL-KDD,UNSW-NB15,CIC IDS2017 and CIDDS-001 to fully compare the recent state-of-the-art models with our CL-SKD model,so as to prove the powerful generalization ability and excellent anomaly detection capability of the proposed model in our paper.