Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Dual-mode intrusion detection device based on integrated machine learning algorithm

An intrusion detection and machine learning technology, applied in neural learning methods, biological neural network models, digital transmission systems, etc., can solve problems such as high detection results, high hardware resource requirements, and difficulty in algorithm learning and updating, to improve accuracy. , good scalability, and the effect of improving the detection effect of the algorithm

Active Publication Date: 2019-09-06
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF11 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] (2) Machine learning algorithm intrusion detection accuracy is not high
Although there are many classification detection algorithms currently, there are some main problems: many papers have not used the full test set for verification, and the objectivity of the algorithm is difficult to compare and evaluate; most of them are for the detection of the KDD99 data set, which is affected by the defects of the data set itself. The detection result is too high; in addition, artificial classification training is carried out beforehand, and then detected separately, which is inconsistent with the actual intrusion detection scene, resulting in a high result
The amount of U2R and R2L data in the original data set is very small, resulting in low detection accuracy
[0008] (3) The performance of machine learning algorithms is not high
The calculation process of machine learning algorithms is relatively complicated, especially for deep learning algorithms, which require hardware devices such as GPUs to improve computing performance, and require relatively high hardware resources.
[0009] (4) Algorithm learning and updating is difficult
Machine learning models need to prepare a large amount of training data in advance, but such training data sets are currently very scarce, making model training difficult, which is why many commercial products do not use machine learning algorithms on a large scale
Moreover, after adding new samples, the algorithm model needs to be fully retrained, which is expensive
[0010] (5) Poor interpretability of test results
Using machine learning algorithms, especially the alarm records detected by the deep neural network may have false positives, and security analysts have difficulty understanding the authenticity of the detection results, and the data loses a lot of original information after feature processing. work brings trouble

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dual-mode intrusion detection device based on integrated machine learning algorithm
  • Dual-mode intrusion detection device based on integrated machine learning algorithm
  • Dual-mode intrusion detection device based on integrated machine learning algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] In order to make the objectives, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention.

[0050] The core idea of ​​the present invention is to propose an integrated machine learning algorithm. Firstly, a single algorithm is optimized to further improve the accuracy, and a superposition decision tree algorithm and an Ensemble Voting algorithm are proposed. In order to solve the problem of unbalanced samples with very little data such as U2R, oversampling solutions are adopted, the sample ratio of the training set is adjusted, and the weights of different types of data are set to improve the detection accuracy of this type of data. Use the training data to train the algorithm, calculate the detection indicators of each algorithm for various types of data, and save the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a dual-mode intrusion detection system based on an integrated machine learning algorithm. The dual-mode intrusion detection system comprises a monitoring module, a network intrusion detection module, an intelligent intrusion detection module, a series detection module and an alarm module; the monitoring module is used for acquiring flow data from the network flow according to a monitoring strategy; the network intrusion detection module matches the traffic data by utilizing an intrusion detection rule, starts an alarm module if the traffic data of a black rule is matched, and forwards the traffic data which is not matched with the rule to the intelligent intrusion detection module; the intelligent intrusion detection module integrates various machine learning intrusion detection algorithms, the intrusion detection algorithms are used for detecting the received flow data, and when the detection result is attack flow, the alarm module is started; and under the condition that the alarm module is started, an alarm signal is sent out or blocked. According to the system, two detection technologies are combined together to detect the network attack behavior, so thatthe detection precision and the detection performance are greatly improved.

Description

technical field [0001] The invention relates to a dual-mode intrusion detection device based on an integrated machine learning algorithm, belonging to the technical field of intrusion detection. Background technique [0002] Among the existing technologies used in network intrusion detection, the rule matching method based on attack characteristics is currently the most used. In recent years, there have been researches on the use of various machine learning algorithms for intrusion detection at home and abroad. The NSL-KDD intrusion detection data set contains one type of normal data and four types of attack data. It is the most classic data in the field of network security and solves the problem of a large number of redundant and repeated data in KDD99 data. Many researchers have used various classification algorithms to study this data set, mainly including DecisionTree, Naive Bayes, Random Forest, Kneighbors, Logistic Regression, KNN, SVM, CNN, DNN, etc. According to the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06N3/08H04L12/24
CPCG06N3/08H04L41/0631H04L63/1408H04L63/1441
Inventor 胡昌振高献伟单纯王可惟王鹏
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com