Network intrusion detection model SGM-CNN based on class imbalance processing

A technology of network intrusion detection and balanced processing, applied in biological neural network models, electrical components, transmission systems, etc., can solve problems such as not considering data classification performance, reducing detection rate, class imbalance, etc., to achieve outstanding substantive features , improve the detection rate, avoid the effect of time and space cost
CN111740971AInactive Publication Date: 2020-10-02ZHENGZHOU UNIV
0 Cites 11 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
ZHENGZHOU UNIV
Publication Date
2020-10-02
Estimated Expiration
Not applicable · inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

For the data class imbalance problem, the present invention provides an effective network intrusion detection model SGM-CNN based on a Synthetic Minority Over-Sampling Technique (SMOTE) and a GaussianMixture Model (GMM) based on a data flow. According to the technical scheme, the method comprises the steps of firstly obtaining a to-be-identified network data flow; and preprocessing the data stream, inputting the preprocessed data stream into a pre-established network intrusion detection model based on a one-dimensional convolutional neural network (1D CNN), and outputting a detection result of the network data stream. The invention provides a class imbalance processing technology, namely an SGM, for large-scale data. The SGM firstly uses SMOTE to perform oversampling on minority class samples, then uses GMM to perform clustering-based downsampling on majority class samples, and finally balances data of each class. According to the SGM method, expensive time and space cost caused by oversampling is avoided, the situation that important samples are lost due to random downsampling is avoided, and the detection rate of minority classes is remarkably increased.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention belongs to the field of intrusion detection in network security, and in particular relates to a data flow-based network intrusion detection model based on class imbalance processing. Background technique

[0002] According to Cisco's forecast, from 2017 to 2022, the number of connected smart devices will double, resulting in a rapid five-fold increase in data traffic. As networks continue to expand in scope and scale, the threat of network intrusion is greater than ever. Under such circumstances, intrusion detection systems (IDS), which are widely used to sniff and detect different types of network intrusions, need to keep pace with the times to meet the increasing demand for network security assurance. Modern NIDS mainly fall into two categories: rule-based misuse detection and statistics-based anomaly detection. The former is used to store a database of attributes of all known attacks, and if the extracted attributes match those in th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More