| The rapid development of the network has produced massive data,and also led to complex and diverse forms of network attacks.The existing deep neural network based intrusion detection system is not perfect.In the scenario with available data labels,it is necessary to detect malicious traffic and further identify the specific category.Therefore,this thesis proposes a supervised intrusion detection method based on multi-scale spatial-temporal residual network.In addition,in the real network environment,there may be a problem that obtaining high-quality labelled dataset requires high time cost and professional manual analysis.The traditional unsupervised intrusion detection technologies first reduce the dimensionality and then use clustering analysis or probability density estimation.There is no follow-up analysis guidance during dimensionality reduction,and the key features of the clustering analysis and probability density estimation may be lost.Therefore,this thesis proposes an unsupervised intrusion detection model.In scenario with available data labels,this thesis proposes an intrusion detection model based on the multi-scale spatial-temporal residual network(MS-ST-RNet).Data with large skewness can be transformed with log1 p smoothing to make it more obedient to the Gaussian distribution.Multiple flows are combined as a whole to represent features,then the spatial and temporal features of the data are extracted by multi-scale one-dimensional convolution module and long short-term memory module respectively.Based on the idea of residual network,identity mapping is added to avoid gradient disappearance,gradient explosion and network degradation.In scenario without available data labels,this thesis proposes an unsupervised intrusion detection model based on the stacked sparse autoencoder and improved Gaussian mixture model(SIGMOD).Firstly,the Pearson correlation coefficient is applied to linearly reduce the dimensionality.Secondly,the stacked sparse autoencoder realizes nonlinear dimensionality reduction,which not only reduces the redundant data,but also combines the low-dimensional features from the encoder and the reconstruction error representation from the decoder together as the sample input representation.Thirdly,the parameters of the Gaussian mixture model are estimated using a multi-layer perceptron neural network referred to as an estimation network.Finally,the sample energy evaluation of the Gaussian mixture model is promoted through end-to-end joint optimization.The energy threshold is used to evaluate the anomaly.Finally,the two models proposed in this thesis are evaluated on UNSW_NB15 Dataset.The experimental results of data preprocessing show that log1 p smoothing can optimize data distribution.The results of comparative experiments show that MS-ST-RNet can effectively enhance the representation ability and generalization ability of the model,the performance of evaluation metrics has been significantly improved and it still has a good effect when the number of network layers is deep,which can avoid network degradation;the detection performance of SIGMOD is superior to the existing unsupervised detection methods,and it can still maintain a good detection effect with enough robustness when the training data is pulluted. |
PDF Full Text Request