Research On Network Intrusion Detection Algorithm Based On Machine Learning

With the rapid development and widespread popularity of the Internet,threats of intrusion on the network are constantly emerging,and traditional network intrusion detection techniques have been difficult to deal with the increasingly complex detection work.Therefore,it is necessary to apply more intelligent and efficient technology to network intrusion detection.In this big data age of information explosion,machine learning in the areas of artificial intelligence has been widely used,it also includes network intrusion detection.Although many researchers have successfully introducing machine learning technology to network intrusion detection field and obtain some results on the basis of this,there are still problems in network intrusion detection such as high false positive rate in multi-class detection and poor detection effect in minority classes.Therefore,this paper analyzes and evaluates the detection performance of various types of machine learning algorithms in network intrusion detection,by studying the strengths and weaknesses of algorithm in network intrusion detection,the new classification algorithm model is put forward,which improves the accuracy of network intrusion detection.The main tasks of this paper are as follows:(1)Analyzed network intrusion data sources and characteristics,build an intrusion detection model based on machine learning.Researched traditional supervised machine learning algorithms.The algorithms were trained on the NSL-KDD benchmark dataset,respectively.And set appropriate parameters for different algorithms to learn,completed the network intrusion detection multi-classification task.Finally,according to the performance indicators of the algorithm to evaluate the performance of network intrusion detection,each model of evaluation and comparison of the experimental data is given.(2)Through the analysis and experiment of the supervised learning algorithm,aiming at the problems of low accuracy and high false positive rate in multi-classification task of network intrusion detection nowadays,this paper proposes a network intrusion detection algorithm based on Gradient Boosting Decision Tree(GBDT)and random forest.The algorithm first uses the recursive feature elimination method to filter the feature subsets based on the importance of GBDT features to obtain a subset of potential feature combinations.Secondly,the GBDT model is constructed using the feature combination subset as the feature input of GBDT.Finally,the constructed GBDT is used as a base classifier to construct a random forest model to judge and classify network intrusions.Experiments with NSL-KDD dataset,compared to multilayer perceptrons,support vector machines and K-neighbor algorithms,the detection performance of this algorithm for each intrusion class in multi-classification problem is better than that of traditional algorithm,and the overall accuracy rate reaches 99.84%.Among them,the detection rate of Probe and R2 L intrusion types has been improved most obviously,with the accuracy rates of 99.89% and 99.96%,respectively.At the same time,it also has certain detection capabilities for the U2 R intrusion types of very few samples.