Research on campus network security protection system framework based on cloud data and intrusion detection algorithm

The continuous progress of society has created conditions for the widespread use of information technology. People rely more and more on information technology and the Internet. People can use the Internet to retrieve relevant information to meet their work needs, but the widespread use of the Internet is also accompanied by network security issues. The existence of network security problems will affect people’s work to varying degrees. Network security management departments use intrusion detection technology and set firewalls to improve the security of people’s personal information on the Internet and prevent viruses and some criminals from stealing people’s important information through the Internet, causing adverse effects on the Internet environment. In the daily management of the school, the extensive use of the campus network can not only facilitate students’ daily study and life, but also improve the efficiency of school management. Ensuring the network security of campus network is an important work to ensure the campus management and students’ study and life. The four parts of network security work include setting firewall, encrypting cloud data, using intrusion detection technology, and recovering data. Intrusion detection technology is extremely important for the development of network security work, which can help people actively find vulnerabilities in networks and systems, identify possible behaviors that may invade systems and networks, and give early warning or automatically close intrusion channels. There are various types of cloud data, so cloud database plays an extremely important role in the development of various fields. This paper uses intrusion detection algorithms to design the campus network security protection system, which provides security for the use of the campus network.


Introduction
By analyzing the characteristics of network security problems, we can know that the existence of network security problems has a great threat to the safe operation of the network, and these problems will change with the continuous development of time (Xu et al. 2013). With the indepth study of network security, people have also found many strategies and methods to ensure network security. In order to ensure the security of the network, the network security defense strategies that people use are usually to improve the security performance of the network by setting firewalls, encrypting information, authenticating and identifying identity, controlling users' access to pages, and strengthening the operating system (Viduto et al. 2012). These measures and strategies can effectively inhibit intrusion and also have a good effect on network security.
The continuous development of information technology not only brings more convenience to people's lives, but also creates conditions for the development of intrusion technology. Under the premise of the continuous development of intrusion technology, the means and ways of criminals to attack the network have become more and more complex (Fang et al. 2020). Using the passive and static methods mentioned above to resist network intrusion can no longer fully guarantee the security of the network. Therefore, the design and use of intrusion detection systems become very necessary. The emergence of intrusion detection system provides an efficient tool for people to deal with network security problems (Liao et al. 2013). This system can monitor user behavior and system operation, not only to prevent network intrusion outside the system, but also to monitor the operation of personnel inside the system to prevent illegal behavior of internal operators. Compared with static network defense, this system has made great progress (Khraisat et al. 2019).
The establishment of cloud database makes up for the shortcomings of traditional databases. The advantages of using cloud database for data management include: Data can be distributed according to the cloud computing situation, dynamic capacity expansion according to user needs, no system maintenance and management, low cost and high efficiency (Tan et al. 2017). This paper uses the intrusion detection algorithm to design the security protection system of the campus network, which provides a guarantee for the safe use of the campus network, and also strengthens the security performance of the cloud database, making people more trust the cloud database, facilitate people to manage more data, improve the efficiency, and also strengthen the security performance of the cloud database, making people more trust the cloud database, and facilitate people to manage more data, improve work efficiency (Ferretti et al. 2013). In the process of carrying out the work, this paper analyzes the network structure and management of each campus and then studies the use of the cloud data and intrusion detection system of the system. Combined with the important situation of the campus data information, the structure of the campus network is classified and the corresponding model is built (Ali et al. 2015). In the process of designing the system, the reliability, practicability, and specific performance of the system operation were considered, and a three-level centralized management network security model was designed. According to the model, the external protection and internal defense systems of the system were created, providing a strong guarantee for the safe use of the campus network (Amokrane et al. 2015;Sangaiah et al. 2022).

Related work
The literature thinks that the campus network plays an important role in the construction and development of the school. It can not only provide guarantee for the daily management of the school, but also provide greater help for students' study and life. It is an important tool for the school's education, teaching, scientific research, management, and foreign exchange (Zheng et al. 2021). The security of the campus network plays a decisive role in the normal development of the school management and related activities. Therefore, we must use modern technology to establish a network security system to ensure the safe use of the campus network and provide security for the normal management and related activities of the school (Rojas et al. 2015). The traditional way of setting up firewalls can no longer meet the needs of modern network security system construction. As a technology that can actively discover system problems and ensure network security, intrusion detection is the first choice for campus network security maintenance under the current development background (Shone et al. 2018). According to the literature, data are the core of the development and progress of Internet technology. The Internet platform stores data in the virtual cluster hosted by the system through cloud storage. The cloud platform can manage data according to the needs of the system operation or use the call service or storage user to access the data of the network interface to obtain resources (He et al. 2012). In the process of building the database, cloud security technology is used to ensure the security of cloud storage space, and real-time monitoring of abnormal behavior of different clients in cloud storage, to identify network viruses and malicious programs embedded in the system that exist in cloud storage, and to collect the identified information to the server (Khan and Al-Yasiri 2016). The system will analyze various information in the server itself, provide processing solutions according to the information reflected, and ensure the overall security of data in cloud storage. The literature analyzed the situation of traditional information systems and believed that the traditional information systems mainly focused on whether the data were encrypted and audited during transmission and storage in the process of ensuring data security (Purnomo et al. 2021;Sangaiah et al. 2019). In the cloud storage system, the system not only focused on the data problems that the traditional information systems focused on, but also used cloud computing to centrally manage and store the data and isolated the data of different users and improve the security of data storage. The literature proposes that intrusion detection is an active network security protection technology, which can accurately monitor the internal and external attacks of the system, identify the user's behavior of operating the system wrongly, intercept and warn the possible hazards of the network system, and use the intrusion detection system to identify network security problems, which can make up for the shortcomings of traditional firewalls (Bul'ajoul et al. 2015). According to the literature, intrusion detection technology can not only detect the user's operation behavior, but also supervise the internal conditions of the system, such as the vulnerability of the system, the sensitivity of the evaluation system, whether the data inside the system are complete, whether the system is invaded, the statistics of abnormal operations and behaviors, the collection of patches that can help the system recover, and the monitoring of illegal behaviors. Set up a decoy server to obtain information about hackers and criminals, so that system managers can effectively and quickly obtain information about system operation, and ensure the security of system operation (Chakraborty 2013). 3 Cloud data and intrusion detection algorithm

Cloud data
In the development of big data era, effective information processing and safe operation of network platform are the main contents of people's research. With the wide use of the Internet, the data processing work and data volume of the system become larger and larger. In order not to affect the normal use of users, system assurance services and use effects have become an important problem. Improving service quality by adding servers is a way to solve the problem. However, if the server fails during operation, the system will provide users with interrupted services and increase costs. The emergence of cloud computing provides a new way to solve the above problems. It allows users to allocate and process data efficiently without corresponding software and hardware facilities and without requiring special personnel to maintain the system. In the process of continuous development of cloud computing, various advanced modern technologies are also promoting the continuous progress of cloud computing. Distributed parallel computing, automatic management and deployment, virtualization technology, high-speed network, etc., have all played a significant role in the further development of cloud computing. Cloud computing can configure data and expand storage space according to users' needs, so the data management mode will also change accordingly. In traditional data management, users need to build their own database infrastructure and buy out data processing tools, but cloud computing allows users to rely on the network to obtain data processing services and make service choices and pay fees according to their own needs. Users only need to purchase service items without configuring software and hardware equipment, saving users' expenses.
According to the characteristics of cloud computing, the levels of cloud services are divided into IaaS, SaaS, and PaaS. The deployment mode of cloud computing determines the form of services enjoyed by users, which are private, public, and mixed. The continuous enrichment of data types has led to the fact that the traditional database construction method can no longer meet the diversified needs of users to process data. Using cloud database to process data can make up for the shortcomings of traditional databases. This paper compares the performance of self-built databases and cloud databases, as shown in Table 1.
The impact of the use of different technologies on the storage security of cloud data is different. This paper analyzes the impact of outsourcing mode, virtualization technology, and multi-tenant technology. The specific results are shown in Table 2.
Homomorphic encryption technology can be used to encrypt the algebraic operation results of the system. This technology can solve the problem of cloud computing data storage. The calculation idea of homomorphic encryption comes from private homomorphism, which can calculate encrypted data when the decryption function is unknown. Assuming that algorithms PLUS and MULT exist, let them meet the following relationships: The above formula can be used to calculate the corresponding value without knowing a and b, so the formula can satisfy both additive homomorphisms and multiplicative homomorphisms. In the process of research, this paper compares the performance of cloud database and local database, and the comparison results are shown in Fig. 1.
It can be seen from the information in Fig. 1 that the data processing capacity of cloud database is stronger than that of local database, and it can meet the diversified data processing needs of users. The convenience and risk of cloud computing technology in the use process have been widely recognized by all sectors of society. Therefore, the most important thing to face now is how to improve the security of cloud computing technology in its own use process.
Before processing the cloud database, it is necessary to analyze the situation of the neighborhood points in the cloud space and use the outlier filtering algorithm to remove the outliers in the cloud space. The filtered points can be expressed in the formula: The following formula can be used to calculate the average distance between the sampling point and all nearby points. The formula is as follows: The local plane can be calculated from the local adjacent points of the point cloud. The plane has the meaning of least squares. At this time, the sum of the distances from the local adjacent points of the point cloud to the plane is the smallest. The calculation formula of the plane is as follows: The covariance matrix corresponding to points in cloud space can be expressed as: The eigenvalues calculated from the covariance matrix can be used to estimate the complexity of the surface at the location used. The curvature of the surface is calculated as follows: The reverse cloud generator can be used to determine the model framework of quantitative value and qualitative language. It can convert quantitative data into corresponding concepts represented by qualitative language values. The information reverse cloud algorithm can be used to calculate the corresponding values. First, it is necessary to calculate the average value of samples input into the system. The calculation formula is as follows: Next, calculate the sample variance as follows: He ¼ ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi ffi S 2 À En 2 p ð12Þ Resource utilization There will be peak value and low resource utilization Apply on demand The rotation matrix is used for iteration to make the data meet the convergence rules set by the system. The calculation process is as follows: 3.2 Intrusion detection algorithm The main task of intrusion detection technology is to ensure the security of the network environment by identifying the user's behavior. When users use computers and network systems, they will operate according to the network information collected from the audit data prompted by the system's security log. The intrusion detection system is designed according to the characteristics of network security problems. The main function of the system is to ensure that the computer and network environment will not be damaged. The external and internal intrusion programs and intrusion means are identified by the form of identification, so that the computer and network systems can operate in a secure environment. During the operation of the computer and network system, the traces of malware identified by improving the performance of the internal configuration and designing the system can be viewed in the system report. If there are unauthorized, abnormal, and non-compliant contents in the configuration and system, the intrusion detection system will accurately identify them. The emergence and maturity of intrusion detection technology have provided new ideas for solving traditional network security problems, and to some extent, it has made up for the shortcomings of traditional network security protection work. It provides more advanced technology for system managers to monitor and identify the security of system operations, ensuring the security and integrity of system information, and is the second reliable line of defense for network security protection. It can be targeted to intercept and warn against illegal acts that want to damage network security, to a certain extent, it reduces the loss of network systems caused by bad intrusion, improves the security index of network environment, and improves the development level of China's network security technology. The types of intrusion detection technologies include misuse intrusion detection and anomaly intrusion detection. The comparison of these two types of detection is shown in Table 3: In the process of ensuring network security, two different types of intrusion detection technology have their own advantages and disadvantages. To detect through the idea of anomaly detection, you need to store the normal behavior characteristics of users in the system in advance and then compare the current user's behavior data with the characteristic data in the database. If there is a corresponding deviation between the two, it means that abnormal behavior has occurred, and the system will judge the situation as an intrusion. In the process of detection, the algorithm can be used to detect abnormal traffic in the network environment. The process is as follows.
First, suppose that the objective function h (x) is expressed as: Using Taylor expansion to expand the objective function, we can get: Finally, the test set is used to test the selected optimal network. The intrusion data set to be detected is normalized and divided into training data set, fitness test data set, and test data set. The processing process is as follows.
The formula for standardization process can be expressed as: Next, conduct normalization, and the formula is as follows: In a typical CNN model, the previous network layers are all convolutional layers, and the eigenvector of the convolutional layer can be expressed as: In order to calculate the partial derivatives of different network layers, it is necessary to calculate the characteristic dimensions of the sampling layer and convolution layer. The calculation formula is as follows: If N eigenvectors are input in the lower sampling layer, the system will output N eigenvectors with smaller dimensions. The output vector can be expressed as: Through calculation, we can get: Research on campus network security protection system framework based on cloud data… 6839 The improved CNN model can only process data in the range of 0 to 1, so the data need to be normalized first. The formula used is as follows: This paper compares the performance of the improved CNN model and the basic CNN model, as shown in Fig. 2: Generally, the specific performance of the intrusion detection algorithm needs to be measured and analyzed by calculating the accuracy rate, false alarm rate, and false alarm rate. The formula for calculating these three rates is as follows: This paper compares the accuracy of several classical algorithms and the intrusion detection algorithm used in this paper. The results are shown in Fig. 3: It can be seen from the information shown in Fig. 3 that the accuracy of the intrusion detection algorithm used in this paper is higher than that of the classical algorithm, which can provide support for the intrusion detection work of the system and can also effectively ensure the security of the network environment.
4 Construction of campus network security protection system framework

System requirements
In campus life, the development and application of network technology has had a great impact on students' learning and life and has also changed the traditional management mode of the school to a certain extent, providing convenience for the development of education and teaching, scientific research, information exchange, etc. With the continuous maturity of network technology, the application scope of campus network is also growing. It can not only provide some basic services for schools and students, but also provide new ideas for the innovation of teaching models. The emergence and use of network teaching system, teaching information management system, campus all-in-one card system, library intelligent search system, online office system, etc., cannot be separated from the It can detect intrusion activities that have not been seen before and has good adaptability Shortcoming The false alarm rate is low, the false alarm rate is high, and the adaptability is poor, so it needs to be updated constantly Low false alarm rate and high false alarm rate Fig. 2 Comparison between the improved CNN model and the optimization effect of CNN model Fig. 3 Comparison of accuracy between the algorithm in this paper and the classical algorithm wide distribution and use of campus network. Therefore, the security of campus network is extremely important. The establishment of the campus network started from the local area network. Security awareness and construction costs have led people to pay less attention to the network security issues. Many colleges and universities have only installed simple firewalls or virus detection software in the campus network. Some schools have not even taken any measures to make the campus network directly distributed with the public Internet. Although taking simple network security protection measures can play a protective role on the surface, the development of technology has also promoted the technological progress of criminals' intrusion into the network system, and the intrusion means and technologies adopted by criminals have become more and more complex and diverse. If we only rely on passive and static network security defense measures such as building firewalls and installing virus detection software, we can no longer guarantee the security of the current network environment. Today, with the continuous development of information technology, many kinds of system viruses, frequent hacker attacks, loss of system information, and other phenomena are fatal problems of the network system. Therefore, to ensure the security of the campus network, we need to develop an all-round security strategy from multiple perspectives. First of all, it is necessary to identify and prevent network viruses. In the network environment, the propagation media of viruses are not limited to traditional software, hardware, and CD, but can be spread through network communication facilities and e-mail. Therefore, identifying and preventing computer viruses is very important for computer network security. Second, we need to take security isolation measures for different networks. Different networks and networks are interconnected, which also creates conditions for criminals to invade the network. Therefore, we need to isolate different networks according to the characteristics of the network. Third, appropriate network monitoring measures should be taken, which should not affect the normal operation of the network environment. The resources of the network environment can be protected by adding internal network monitoring mechanisms. Fourth, it is necessary to identify the security vulnerabilities in the network environment in a timely manner. If you are not a professional in network security, you will not be able to understand and master the security vulnerabilities in the server system and network environment in a timely manner. Therefore, you need to use thirdparty software to help more people identify and detect the vulnerabilities in the network environment and system and develop corresponding solutions according to the identification of the software. Fifth, data should be backed up and restored. Data stored on devices and platforms may be lost due to improper operation or illegal intrusion. Therefore, complete data and backup and restore strategies should be developed to ensure data integrity. Sixthly, provide network security services, comprehensively analyze and study the network structure according to the needs of network operation, and formulate a management scheme that can ensure the network operation, so as to ensure the security performance of the network environment.

System design and implementation
By analyzing the network structure of the school, we can know that the network system of the school needs to master the information of the general campus, sub-campus, and each directly affiliated area, and the main structure is the distributed network structure. During the operation of the network system, the communication between the LAN of each sub-campus needs to be carried out between the insecure public networks. According to the characteristics of the school network system structure, cloud data and intrusion detection algorithms can be used to improve the security of its data management. In order to ensure the centralized management of data, this paper combines the characteristics of the campus network with the design model in the process of analysis and research and uses cloud data and intrusion detection algorithms to centrally manage the data. After the model is built, cloud data, firewall establishment, anti-virus software installation, and intrusion detection system are combined in the model to build a layer-by-layer defense system from system peripheral protection, data transmission layer protection to system core host protection. This algorithm is also the main technical support to maintain the safe operation of the network system. This algorithm can be used to establish a strong security defense mechanism for the network platform and network system.
By analyzing the development of the big data era, we can know that the most likely problem for data transmission and information exchange in cyberspace is security, and protecting the security of network systems is an important task for the development of the big data era. This paper analyzes the network intrusion detection system based on expert system and artificial neural network according to the characteristics of network security problems. The structure of this system is shown in Fig. 4.
In the operation of campus network, intrusion detection system is used to ensure the security of network environment, and combined with cloud database, expert system, and artificial neural network technology to improve the performance of network intrusion detection system, providing technical support for the accuracy of system detection of external attacks and internal operational errors, which can make up for the limitations of traditional network security defense measures and make the operation of campus network more reliable and safe. The technology of network security detection is advancing, and the technology of network intruders is also advancing. Intrusion behaviors and methods will become more and more complex and diverse. In the future work process, it is important to improve the security performance of the intrusion detection system, combine different types of network management software to monitor the network environment, and improve the security performance of the campus network security protection system.

System test and analysis
There are many servers related to the website in the campus network structure. Among these servers, the server in the information center needs to process the largest amount of data, and the data faces the largest security risk. Therefore, the server is taken as the test object of system performance. The server is IBM System x3650M2 (794712C). Figure 5 shows that when the gateway is attacked, The flowchart of the gateway after the intrusion detection system is turned on.
This paper analyzes the response of the system when the intrusion detection system is started and the response of the system when the intrusion detection system is not started. The specific results are shown in Table 4.
It can be seen from the above data that if the intrusion detection system is not started in the event of an attack, the gateway traffic is that after the intrusion detection system is started, the system can detect the peripheral and internal intrusion in time and conduct defense. According to the experiments and tests, the campus network security defense model machine combining intrusion detection system and firewall can detect known intrusion behaviors and also can detect some unknown intrusion situations and can develop and take effective defense measures according to the intrusion situation to ensure the safe operation of the campus network.

Conclusion
According to the specific analysis, the arrival of the cloud data era has brought problems to the network environment, such as virus propagation, file information theft and destruction, massive leakage of user privacy, and threats to data storage. Although these problems have corresponding coping strategies, they can only deal with individual problems. In the operation process of the network platform, the way and source of users of the network platform to obtain information is the main reason for network information security problems. To ensure that users' interests are not damaged, a secure network protection mechanism must be established. In the process of establishing the security mechanism, the maintenance personnel of the network system are the main body controlling the operation of the security mechanism and are the guarantee of the operation of the network security mechanism. The management layer of the security detection system can be divided into several parts, namely the users of the network platform, the managers of the network operation, the merchants who provide various network information, the saboteurs and attackers who pose threats to the network system. According to the form and characteristics of the current network security problems, combined with the characteristics of the campus network structure and the use needs, this paper uses the intrusion detection system to improve the efficiency of the campus network security management and combines the intrusion detection system with the traditional network security strategies and defense measures to build a protective barrier for the safe operation of the campus network. According to the test results, it is correct to combine the intrusion detection system and firewall to improve the performance of campus network security. The two can cooperate in the process of ensuring network security, and the intrusion detection system can also make up for the shortcomings of the firewall. In the future work, we still need to continue to analyze the characteristics of network information security, combine modern advanced network security technology to improve the effect of network security defense, provide security for the network environment, and try to avoid the possible security problems of network information, so that it can be effectively controlled.
Funding This paper was supported by Science and Technology Project of Jiangxi Provincial Department of Education: Research on data governance and application based on campus data center (GJJ209932).
Data availability Data will be made available on request.

Declarations
Conflict of interest The authors declare that they have no conflict of interests.
Ethical approval This article does not contain any studies with human participants performed by any of the authors.