关键词: 决策树（DT）, 主成分分析（PCA）, 深度神经网络（DNN）, 入侵检测

Abstract:

Intrusion detection is an important field. The problems such as high false alarm rate, low detection rate, slow processing speed and high feature dimension plague the experts and scholars in this field. For those problems, this paper proposes an intrusion detection model DT-PCA-DNN combining DT (decision tree), PCA (principal com-ponent analysis) and DNN (deep neural networks) to improve the processing speed of the IDS (intrusion detection system) on the basis of a relatively high detection rate and a relatively low false alarm rate. In order to reduce the overall data volume and speed up the processing speed, DT is used to make a preliminary judgment on the data. The data judged as intrusion by DT are stored in a temporary sample set to optimize DT and DNN, and the data judged as normal are processed by PCA to reduce the data dimension and then processed by DNN for secondary judgment. If the DT structure is too deep, too much normal data will be judged as intrusion data. This will cause the subsequent DNN processing cannot effectively improve the overall accuracy, so DT uses a shallow structure. DNN uses the ReLU activation function that simplifies the calculation process of the neural network and the Adam optimization algorithm with faster convergence speed to speed up the data processing speed. According to the binary and multi-class classification experimental results on the NSL-KDD dataset, compared with other intrusion detection methods that use deep learning, this model, which achieves a relatively high detection rate and has a faster detection speed, solves the real-time problem of intrusion detection effectively.

Key words: decision tree (DT), principal component analysis (PCA), deep neural networks (DNN), intrusion detection