Модели и алгоритмы обнаружения и предотвращения вторжений на основе статистических методов и устойчивых алгоритмов машинного обучения
Аннотация
Работа рассматривает вопросы развития систем обнаружения вторжений (Network Intrusion Detection Systems - NIDS) в программно-определяемых сетях (Software-defined Networking - SDN) с использованием современных статистических методов, методов машинного обучения, глубокого обучения и оптимизации, таких как случайный лес (Random Forest), сверточная нейронная сеть (CNN), глубокая остаточная сеть (Deep residual network - ResNet-50), метод опорных векторов (SVM), алгоритм оптимизации Grey Wolf Optimizer (GWO). На основе этих методов предложено три новых комбинированных модели, каждая из которых протестирована на трех наборах данных (NSL-KDD, KDD99, UNSW-NB15), с целью обеспечения возможности использования моделей в различных условиях для разных типов вторжений. Показано, что предложенные модели демонстрируют улучшение по всем основным метрикам (precision, recall, overall accuracy) по сравнению с существующими и могут быть использованы в системах обнаружения сетевых вторжений с целью повышения их эффективности.
An AI-based feature optimization using the Random Forest Algorithm in the proposed technique for a high efficiency and accuracy classifier model for intrusion detection. To achieve the target provided, three datasets—KDD99, NSL-KDD, and UNSW-NB15—not prepared for model training, validation, and testing multiple scenarios. This will ensure the cleaning, missing value treatment, normalization, and standardization of the dataset.
The AI technique Grey Wolf Optimization (GWO ) is opt to ensure that the in-number technique used to maximize the information gain and entropy to select the best features. The chosen and weighted features are then optimized for training the data against the Random Forest Algorithm.
The model is then optimized using the boosting technique to enhance the separation of classes. Finally, ensuring that detected intrusions are adequately mitigated, the model is placed under the approach of the Intrusion Prevention System. The efficacy of the model is tested with respect to precision, recall, and accuracy.
The second proposed approach uses the deep residual network, ResNet-50, to integrate with Support Vector Machines for intrusion detection. The depth of convolutional networks helps in better feature representation, and the SVM with robustness helps in a better classification. Initially, the problems of KDD99, NSLKDD, and UNSWNB15 are collected; then preprocessed; then optimized extracted feature selection is conducted using the ResNet50. The selected and optimized extracted features and their feed-ins is further act in SVM, and a feature classification further optimized by Boosted Random Forest. The model is subjected to an IPS approach post-detection and model performance evaluation across precision, recall, and accuracy.
The third strategy that the research used was the combination: Transfer Learning, Convolutional Neural Networks, and Random Forest. The. It is followed by the collection of comprehensive datasets like KDD99, NSL-KDD, and UNSW-NB15, after which hyperparameter tuning is done regarding the transfer learning. CNNs are used in feature optimization, and the boosted Random Forest is used in the classification of the features that are optimized in the process. The use of an IPS approach is guaranteed to have a real-time threat mitigation, while the model's performance is measured on the basis of precision, recall, and accuracy.
Each approach embraces novel strategies for developing practical solutions for effective NIDS: this is geared towards improvement of precision, recall, and overall accuracy to have strong, reliable cybersecurity measures. The proposed methods present not only a future development in the sensitive sphere of cybersecurity but also match the challenge of assumption limitations in standard datasets and the implementation of up-to-date optimization/classification techniques.
The use of the NSL-KDD, KDD99, and UNSW-NB15 datasets is comprehensive, ensuring the model is robust in terms of training and evaluation: hence the inclusion of AI-based feature optimization, deep learning, and ensemble learning techniques are more effective and reliable in the case of NIDS. These strategies not only enhance the detection capabilities of the system but also enable effective real-time mitigation to achieve a more secure and resilient network environment.
An AI-based feature optimization using the Random Forest Algorithm in the proposed technique for a high efficiency and accuracy classifier model for intrusion detection. To achieve the target provided, three datasets—KDD99, NSL-KDD, and UNSW-NB15—not prepared for model training, validation, and testing multiple scenarios. This will ensure the cleaning, missing value treatment, normalization, and standardization of the dataset.
The AI technique Grey Wolf Optimization (GWO ) is opt to ensure that the in-number technique used to maximize the information gain and entropy to select the best features. The chosen and weighted features are then optimized for training the data against the Random Forest Algorithm.
The model is then optimized using the boosting technique to enhance the separation of classes. Finally, ensuring that detected intrusions are adequately mitigated, the model is placed under the approach of the Intrusion Prevention System. The efficacy of the model is tested with respect to precision, recall, and accuracy.
The second proposed approach uses the deep residual network, ResNet-50, to integrate with Support Vector Machines for intrusion detection. The depth of convolutional networks helps in better feature representation, and the SVM with robustness helps in a better classification. Initially, the problems of KDD99, NSLKDD, and UNSWNB15 are collected; then preprocessed; then optimized extracted feature selection is conducted using the ResNet50. The selected and optimized extracted features and their feed-ins is further act in SVM, and a feature classification further optimized by Boosted Random Forest. The model is subjected to an IPS approach post-detection and model performance evaluation across precision, recall, and accuracy.
The third strategy that the research used was the combination: Transfer Learning, Convolutional Neural Networks, and Random Forest. The. It is followed by the collection of comprehensive datasets like KDD99, NSL-KDD, and UNSW-NB15, after which hyperparameter tuning is done regarding the transfer learning. CNNs are used in feature optimization, and the boosted Random Forest is used in the classification of the features that are optimized in the process. The use of an IPS approach is guaranteed to have a real-time threat mitigation, while the model's performance is measured on the basis of precision, recall, and accuracy.
Each approach embraces novel strategies for developing practical solutions for effective NIDS: this is geared towards improvement of precision, recall, and overall accuracy to have strong, reliable cybersecurity measures. The proposed methods present not only a future development in the sensitive sphere of cybersecurity but also match the challenge of assumption limitations in standard datasets and the implementation of up-to-date optimization/classification techniques.
The use of the NSL-KDD, KDD99, and UNSW-NB15 datasets is comprehensive, ensuring the model is robust in terms of training and evaluation: hence the inclusion of AI-based feature optimization, deep learning, and ensemble learning techniques are more effective and reliable in the case of NIDS. These strategies not only enhance the detection capabilities of the system but also enable effective real-time mitigation to achieve a more secure and resilient network environment.