An intrusion detection system and method based on machine learning

Abstract

The invention belongs to the artificial intelligence field and discloses an intrusion detection system and a method based on machine learning. Referring to the existing network security model and theintrusion detection model, the invention constructs an intrusion detection system frame based on machine learning according to the requirements in practical application. Firstly, a feature selection method is used to reduce the high dimension of security data in intrusion detection. Secondly, the particle swarm optimization artificial neural network algorithm is used to improve the detection accuracy. Thirdly, two typical clustering algorithms are used to eliminate false positives in intrusion detection. The intrusion detection system frame based on machine learning constructed by the invention adopts modular design, The invention presents a new intrusion detection method, which combines protocol analysis technology with clustering support vector machine to improve the detection efficiencyof clustering support vector machine. The algorithm is improved by computer software to further improve the detection rate and reduce the false positives rate.

Description

technical field [0001] The invention belongs to the technical field of artificial intelligence, and in particular relates to an intrusion detection system and method based on machine learning. Background technique [0002] At present, the existing technologies commonly used in the industry are as follows: With the rapid development of the Internet, communication networks and information systems have become vulnerable to various types of network attacks. Network security has become more and more concerned, and threats to network security are increasing. Building an efficient network based on intelligent networks A network intrusion detection system is very necessary, and there are many difficulties in building a security system: (1) System software and operating systems are becoming more and more complex, making it impossible for software designers to predict the system status when the program is running, let alone accurately (2) With the increasing demand for networking, it...

AI Technical Summary

Problems solved by technology

[0004] (1) Existing intrusion detection systems and detection methods have long detection time, low detection accuracy, and high false positive and false positive rates

[0005] (2) Existing machine learning-based intrusion detection requires too many training samples, training sample labeling takes a lot of time and relies too much on domain expertise

[0006] The difficulty and significance of solving the above technical problems: The number of alarms generated by intrusion detection systems and other security devices is usually large, too many alarms will affect the normal operation of the system, and it is extremely difficult to rely on manual processing; in actual intrusion detection, usually 10% of the alarms generated More than ninety percent of them are false alarms, which makes it more difficult to identify real alarms; the alarm information of existing intrusion detection systems is usually a single alarm triggered by a single attack behavior, and the same attack may generate a large number of alarms, but it is impossible to construct It is difficult to realize the analysis of multi-step attacks or complex network attacks, and it is also difficult to provide effective information for network threat and network situation analysis.

Images