%0 Journal Article %A JIANG Yiming %A LAN Julong %A WANG Yue %T Intrusion detection based on improved triplet network and K-nearest neighbor algorithm %D 2021 %R 10.11772/j.issn.1001-9081.2020081217 %J Journal of Computer Applications %P 1996-2002 %V 41 %N 7 %X Intrusion detection is one of the important means to ensure network security. To address the problem that it is difficult to balance detection accuracy and computational efficiency in network intrusion detection, based on the idea of deep metric learning, a network intrusion detection model combining improved Triplet Network (imTN) and K-Nearest Neighbor (KNN) was proposed, namely imTN-KNN. Firstly, a triplet network structure suitable for solving intrusion detection problems was designed to obtain the distance features that are more conducive to the subsequent classification. Secondly, due to the overfitting problem caused by removing the Batch Normalization (BN) layer from the traditional model which affected the detection precision, a Dropout layer and a Sigmoid activation layer were introduced to replace the BN layer, thus improving the model performance. Finally, the loss function of the traditional triplet network model was replaced with the multi-similarity loss function. In addition, the distance feature output of the imTN was used as the input of the KNN algorithm for retraining. Comparison experiments on the benchmark dataset IDS2018 show that compared with the Deep Neural Network based Intrusion Detection System (IDS-DNN) and Convolutional Neural Networks and Long Short Term Memory (CNN-LSTM) based detection model, the detection accuracy of imTN-KNN is improved by 2.76% and 4.68% on Sub_DS3, and the computational efficiency is improved by 69.56% and 74.31%. %U http://www.joca.cn/EN/10.11772/j.issn.1001-9081.2020081217