• 学术研究 •

### 基于DT及PCA的DNN入侵检测模型

1. 天津大学 电气自动化与信息工程学院，天津 300072
• 出版日期:2021-08-01 发布日期:2021-08-02

### DNN Intrusion Detection Model Based on DT and PCA

WU Xiaodong, LIU Jinghao, JIN Jie, MAO Siping

1. School of Electrical Automation and Information Engineering, Tianjin University, Tianjin 300072, China
• Online:2021-08-01 Published:2021-08-02

Abstract:

Intrusion detection is an important field. The problems such as high false alarm rate, low detection rate, slow processing speed and high feature dimension plague the experts and scholars in this field. For those problems, this paper proposes an intrusion detection model DT-PCA-DNN combining DT (decision tree), PCA (principal com-ponent analysis) and DNN (deep neural networks) to improve the processing speed of the IDS (intrusion detection system) on the basis of a relatively high detection rate and a relatively low false alarm rate. In order to reduce the overall data volume and speed up the processing speed, DT is used to make a preliminary judgment on the data. The data judged as intrusion by DT are stored in a temporary sample set to optimize DT and DNN, and the data judged as normal are processed by PCA to reduce the data dimension and then processed by DNN for secondary judgment. If the DT structure is too deep, too much normal data will be judged as intrusion data. This will cause the subsequent DNN processing cannot effectively improve the overall accuracy, so DT uses a shallow structure. DNN uses the ReLU activation function that simplifies the calculation process of the neural network and the Adam optimization algorithm with faster convergence speed to speed up the data processing speed. According to the binary and multi-class classification experimental results on the NSL-KDD dataset, compared with other intrusion detection methods that use deep learning, this model, which achieves a relatively high detection rate and has a faster detection speed, solves the real-time problem of intrusion detection effectively.