Article Preview
TopIntroduction
With the advent of big data, the Internet constitutes an indispensable tool and platform for human society to progress, work and share information. While the network brings significant benefits to humanity, network information security also worries most network users and is widely concerning in all walks of life (Liu et al, 2018, Yin et al, 2017 and Zhang et al, 2021). Especially in the financial, medical, military, and public security fields. In these fields, abnormal network attacks and data privacy leaks have emerged, resulting in irreparable losses to the state, enterprises, and individuals (Zhang et al, 2021). So the issue of securing and maintaining a secure network environment needs to be addressed urgently.
As active defense tools, network intrusion detection models can monitor network traffic in real-time, sense hidden attacks and analyze various types of attack behaviors (Tian et al, 2021). As a result, these tools help maintain network information security and propose corresponding protection strategies. Compared with passive defense measures against network attacks, intrusion detection models can detect known attacks while discovering unknown attacks and have produced many efficient model results. With the feasibility in improving the real-time monitoring efficiency, reducing false alarm rates, and shortening detection times, intrusion detection is still an indispensable focus of research for network security defense today.
Network intrusion detection systems include techniques based on traditional machine learning, based on deep learning, reinforcement learning, and visualization learning (Wang et al, 2021). The most widely used techniques in intrusion detection include the K-Nearest Neighbor algorithm(KNN) that can reflect the difference between normal and abnormal traffic, achieving classification for various attack types without parameter estimation. Hurley et al (2016) uses principal component analysis to re-extract features and then uses KNN-based models for attack identification and classification. But large and higher-order data can make the algorithm less accurate. Compared with other machine learning algorithms, the Support Vector Machine(SVM) can improve the detection accuracy based on solving the imbalance of data samples. Teng et al (2014) and Reddy et al (2016) used SVM-based methods to effectively detect DDOS attacks, probe attacks, and other abnormal behaviors. In recent years, with the breakthroughs in deep learning research in natural language processing, image recognition, and other fields have been achieved. In contrast, the traditional machine learning methods require professionals with extensive domain knowledge to carry out manual feature extraction, as a shallow learning method has been unable to effectively cope with the massive data resources, and the network bandwidth increase caused by complex and variable data features.