Congyuan Xu,Jizhong Shen,Xin Du,Fan Zhang

DOI: https://doi.org/10.1109/access.2018.2867564

IF: 3.9

2018-01-01

IEEE Access

Abstract:To improve the performance of network intrusion detection systems (IDS), we applied deep learning theory to intrusion detection and developed a deep network model with automatic feature extraction. In this paper, we consider the characteristics of the time-related intrusion and propose a novel IDS that consists of a recurrent neural network with gated recurrent units (GRU), multilayer perceptron (MLP), and softmax module. Experiments on the well-known KDD 99 and NSL-KDD data sets show that the system has leading performance. The overall detection rate was 99.42% using KDD 99 and 99.31% using NSL-KDD with false positive rates as low as 0.05% and 0.84%, respectively. In particular, for detecting the denial of service attacks, the system achieved detection rates of 99.98% and 99.55%, respectively. Comparative experiments showed that the GRU is more suitable as a memory unit for IDS than LSTM, and proved that it is an effective simplification and improvement of LSTM. Moreover, the bidirectional GRU can reach the best performance compared with the recently published methods.

Haonan Peng,Chunming Wu,Yanfeng Xiao

DOI: https://doi.org/10.3390/app132111629

2023-01-01

Applied Sciences

Abstract:The importance of network security has become increasingly prominent due to the rapid development of network technology. Network intrusion detection systems (NIDSs) play a crucial role in safeguarding networks from malicious attacks and intrusions. However, the issue of class imbalance in the dataset presents a significant challenge to NIDSs. In order to address this concern, this paper proposes a new NIDS called CBF-IDS, which combines convolutional neural networks (CNNs) and bidirectional long short-term memory networks (BiLSTMs) while employing the focal loss function. By utilizing CBF-IDS, spatial and temporal features can be extracted from network traffic. Moreover, during model training, CBF-IDS applies the focal loss function to give more weight to minority class samples, thereby mitigating the impact of class imbalance on model performance. In order to evaluate the effectiveness of CBF-IDS, experiments were conducted on three benchmark datasets: NSL-KDD, UNSW-NB15, and CIC-IDS2017. The experimental results demonstrate that CBF-IDS outperforms other classification models, achieving superior detection performance.

Ke Cao,Jinqi Zhu,Weijia Feng,Chunmei Ma,Ming Liu,Tian Du

DOI: https://doi.org/10.1109/iwcmc51323.2021.9498652

2021-01-01

Abstract:With the rapid development of the Internet of Things (IoT), the continuous emergence of cyberattacks have brought great threat to the security of the network. Intrusion Detection System (IDS) which can identify malicious network attacks has become a strong tool to ensure network security. Many deep learning-based approaches have been used in IDS. However, most of these researches ignore the internal structural characteristics of the network traffic, and cannot accurately learn the key features of the malicious traffic. Thus, they have a low accuracy in classifying different kinds of network attacks. In this paper, we build an intrusion detection model DAL (Dense-Attention-LSTM, DAL), in which dense dilated convolutions is used to extract the underlying features of the network traffic. Then, attention mechanism is utilized to capture key features which represent the structural characteristics of traffic data. Moreover, CuDNN-based long short-term memory network is used to learn time-related information of the traffic while accelerating the convergence of the model. Finally, global maxpooling is adopted to compress data and to improve the generalization capabilities of the proposed model. Experimental results on UNSW-NB15 dataset show that the binary classification accuracy of the proposed model is up to 92.65%. Further, it can also identify various attacks with the accuracy of 81.28%. The performance of our model is better than some competing machine learning methods and some deep learning methods. We published our code at https://github.co-m/cKiNg37/IDS-model-DAL.

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Bo Cao,Chenghai Li,Yafei Song,Yueyi Qin,Chen Chen

DOI: https://doi.org/10.3390/app12094184

2022-04-21

Applied Sciences

Abstract:A network intrusion detection model that fuses a convolutional neural network and a gated recurrent unit is proposed to address the problems associated with the low accuracy of existing intrusion detection models for the multiple classification of intrusions and low accuracy of class imbalance data detection. In this model, a hybrid sampling algorithm combining Adaptive Synthetic Sampling (ADASYN) and Repeated Edited nearest neighbors (RENN) is used for sample processing to solve the problem of positive and negative sample imbalance in the original dataset. The feature selection is carried out by combining Random Forest algorithm and Pearson correlation analysis to solve the problem of feature redundancy. Then, the spatial features are extracted by using a convolutional neural network, and further extracted by fusing Averagepooling and Maxpooling, using attention mechanism to assign different weights to the features, thus reducing the overhead and improving the model performance. At the same time, a Gated Recurrent Unit (GRU) is used to extract the long-distance dependent information features to achieve comprehensive and effective feature learning. Finally, a softmax function is used for classification. The proposed intrusion detection model is evaluated based on the UNSW_NB15, NSL-KDD, and CIC-IDS2017 datasets, and the experimental results show that the classification accuracy reaches 86.25%, 99.69%, 99.65%, which are 1.95%, 0.47% and 0.12% higher than that of the same type of CNN-GRU, and can solve the problems of low classification accuracy and class imbalance well.

Kai Jin,Lei Zhang,Yujie Zhang,Duo Sun,Xiaoyuan Zheng

DOI: https://doi.org/10.3390/electronics12204329

IF: 2.9

2023-10-19

Electronics

Abstract:The current mainstream intrusion detection models often have a high false negative rate, significantly affecting intrusion detection systems' (IDSs) practicability. To address this issue, we propose an intrusion detection model based on a multi-scale one-dimensional convolutional neural network module (MS1DCNN), an efficient channel attention module (ECA), and two bidirectional long short-term memory modules (BiLSTMs). The proposed hybrid MS1DCNN-ECA-BiLSTM model uses the MS1DCNN module to extract features with a different granularity from the input data and uses the ECA module to enhance the weight of important features. Finally, the model carries out sequence learning through two BiLSTM layers. We use the dung beetle optimizer (DBO) to optimize the hyperparameters in the model to obtain better classification results. Additionally, we use the synthetic minority oversampling technique (SMOTE) to fill several samples to reduce the local false negative rate. In this paper, we train and test the model using accurate network data from a water storage industrial control system. In the multi-classification experiment, the model's accuracy was 97.04%, the precision was 97.17%, and the false negative rate was 2.95%; in the binary classification experiment, the accuracy and false negative rate were 99.30% and 0.7%. Compared with other mainstream methods, our model has a higher score. This study provides a new algorithm for the intrusion detection of industrial control systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Alla Abd El-Rady,Rowayda Sadik,Hesham El Badwy,Heba Osama

DOI: https://doi.org/10.1109/NRSC58893.2023.10152872

2023-05-30

Abstract:Network intrusion detection has an important role in providing security to networks and computer systems. It applies different artificial intelligence technologies in order to improve performance against various cyber-attacks. Applying Deep Learning (DL) techniques has a considerable impact compared to using traditional Machine Learning (ML) methods. Recently, Convolutional Neural Network (CNN) has been widely used by researchers to enhance Intrusion Detection Systems (IDSs). This paper aims to build a customized CNN model to improve the accuracy of IDSs. The study involves comparing the results obtained from the proposed CNN model with those obtained from Random Forest which is a well-known machine learning technique utilized frequently in IDSs. The performance of both models was evaluated using standard measurements such as accuracy and F-measure. Two datasets were used, UNSW-NB15 and CSE-CICIDS2018, to demonstrate the efficacy of our proposed model. The proposed CNN model achieved better results than the Random Forest algorithm. A comparison with existing recent IDSs was carried out. The result of this study provides insights and proves the effectiveness of using CNNs for IDSs and helps in identifying the best approach for building efficient and accurate CNN based IDSs with the accuracy of 99.18% using CSE-CICIDS2018 dataset and 99.70% using UNSW-NB15 dataset.

Engineering,Computer Science

Yakubu Imrana,Yanping Xiang,Liaqat Ali,Adeeb Noor,Kwabena Sarpong,Muhammed Amin Abdullah

DOI: https://doi.org/10.1007/s40747-023-01313-y

IF: 6.7

2024-02-02

Complex & Intelligent Systems

Abstract:Abstract Identifying and preventing malicious network behavior is a challenge for establishing a secure network communication environment or system. Malicious activities in a network system can seriously threaten users’ privacy and potentially jeopardize the entire network infrastructure and functions. Furthermore, cyber-attacks have grown in complexity and number due to the ever-evolving digital landscape of computer and network devices in recent years. Analyzing network traffic using network intrusion detection systems (NIDSs) has become an integral security measure in modern networks to identify malicious and suspicious activities. However, most intrusion detection datasets contain imbalance classes, making it difficult for most existing classifiers to achieve good performance. In this paper, we propose a double-layer feature extraction and feature fusion technique (CNN-GRU-FF), which uses a modified focal loss function instead of the traditional cross-entropy to handle the class imbalance problem in the IDS datasets. We use the NSL-KDD and UNSW-NB15 datasets to evaluate the effectiveness of the proposed model. From the research findings, it is evident our CNN-GRU-FF method obtains a detection rate of 98.22% and 99.68% using the UNSW-NB15 and NSL-KDD datasets, respectively while maintaining low false alarm rates on both datasets. We compared the proposed model’s performance with seven baseline algorithms and other published methods in literature. It is evident from the performance results that our proposed method outperforms the state-of-the-art network intrusion detection methods.

computer science, artificial intelligence

R Vinayakumar,KP Soman,Prabaharan Poornachandran,K P Soman

DOI: https://doi.org/10.1109/icacci.2017.8126009

2017-09-01

Abstract:Recently, Convolutional neural network (CNN) architectures in deep learning have achieved significant results in the field of computer vision. To transform this performance toward the task of intrusion detection (ID) in cyber security, this paper models network traffic as time-series, particularly transmission control protocol/internet protocol (TCP/IP) packets in a predefined time range with supervised learning methods such as multi-layer perceptron (MLP), CNN, CNN-recurrent neural network (CNN-RNN), CNN-long short-term memory (CNN-LSTM) and CNN-gated recurrent unit (GRU), using millions of known good and bad network connections. To measure the efficacy of these approaches we evaluate on the most important synthetic ID data set such as KDDCup 99. To select the optimal network architecture, comprehensive analysis of various MLP, CNN, CNN-RNN, CNN-LSTM and CNN-GRU with its topologies, network parameters and network structures is used. The models in each experiment are run up to 1000 epochs with learning rate in the range [0.01-05]. CNN and its variant architectures have significantly performed well in comparison to the classical machine learning classifiers. This is mainly due to the reason that CNN have capability to extract high level feature representations that represents the abstract form of low level feature sets of network traffic connections.

Chia-Ming Hsu,Muhammad Zulfan Azhari,He-Yen Hsieh,Setya Widyawan Prakosa,Jenq-Shiou Leu

DOI: https://doi.org/10.1007/s11036-020-01623-2

2020-07-21

Mobile Networks and Applications

Abstract:The intrusion detection system (IDS) is a crucial part in the network administration system to detect some types of cyber attack. IDS is categorized as a classifying machine thus it is likely to engage with the machine learning schemes. Many studies have demonstrated how to apply machine learning schemes to IDS even though they cannot provide optimum results. To tackle this issue, deep learning schemes can be considered as the solution due to its achievement in several fields. Therefore, in this study, we propose a deep learning model which is constructed based on convolutional neural network (CNN) layers and using Long-Short Term Memory (LSTM) layers called CNN-LSTM to classify every single traffic network. We use NSL-KDD dataset as the benchmark thus we can compare the performance of our proposed method with other existing works. This dataset includes two testing sets which are the first one is <i>K</i><i>D</i><i>D</i><i>T</i><i>e</i><i>s</i><i>t</i>⁺ while the second one is <i>K</i><i>D</i><i>D</i><i>T</i><i>e</i><i>s</i><i>t</i>^− 21 which is more difficult to be classified. The results show that our proposed method outperforms other existing works.

computer science, information systems,telecommunications, hardware & architecture

Feng Cui,Mingdi Xu,Bo Xie,Chaoyang Jin,Zhengxiao Li,Haipeng Fan

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603260

2024-04-19

Abstract:Intrusion Detection Systems (IDS) play a crucial role in safeguarding network security perimeters by monitoring network traffic and system behavior in real time. The advent of deep learning, particularly through the application of Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks, has significantly enhanced IDS's ability to detect network threats by leveraging autonomous learning and generalization capabilities. However, deep learning-based IDSs encounter challenges, including the necessity for extensive data labeling and the computational resources required, which pose obstacles to their widespread adoption and effectiveness. Nonetheless, deep learning-based IDS encounter challenges, including the requirement for extensive labeled datasets and significant computational resources. This paper proposes a novel hybrid IDS framework — HDCBAN that integrates deep convolutional neural networks, bidirectional LSTM networks, and the AlexNet model to efficiently predict and classify malicious network activities. The HDCBAN model employs deep CNNs to capture local features through convolution, bidirectional LSTMs to seize temporal features for enhanced performance and prediction capabilities, and AlexNet to augment classification efficacy through feature extraction. The effectiveness of this hybrid approach was assessed using real-world datasets, including the publicly available CSE-CIC-IDS 2017, CSE-CIC-IDS 2018, and NSL-KDD datasets, with preprocessing to optimize model performance. Experimental results, validated through 10-fold cross-validation, reveal that our model achieves a malicious attack detection rate and accuracy of up to 99.88% for CSE-CIC-IDS and 99.93% for NSL-KDD, thereby outperforming existing models in detection rate, accuracy, and reducing false positives.

Computer Science,Engineering

Longlong Li,Yuliang Lu,Guozheng Yang,Xuehu Yan

DOI: https://doi.org/10.3390/s24072122

IF: 3.9

2024-03-27

Sensors

Abstract:The network intrusion detection system (NIDS) plays a crucial role as a security measure in addressing the increasing number of network threats. The majority of current research relies on feature-ready datasets that heavily depend on feature engineering. Conversely, the increasing complexity of network traffic and the ongoing evolution of attack techniques lead to a diminishing distinction between benign and malicious network behaviors. In this paper, we propose a novel end-to-end intrusion detection framework based on a contrastive learning approach. We design a hierarchical Convolutional Neural Network (CNN) and Gated Recurrent Unit (GRU) model to facilitate the automated extraction of spatiotemporal features from raw traffic data. The integration of contrastive learning amplifies the distinction between benign and malicious network traffic in the representation space. The proposed method exhibits enhanced detection capabilities for unknown attacks in comparison to the approaches trained using the cross-entropy loss function. Experiments are carried out on the public datasets CIC-IDS2017 and CSE-CIC-IDS2018, demonstrating that our method can attain a detection accuracy of 99.9% for known attacks, thus achieving state-of-the-art performance. For unknown attacks, a weighted recall rate of 95% can be achieved.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jay Sinha,M. Manollas

DOI: https://doi.org/10.1145/3430199.3430224

2020-06-26

Abstract:The need for Network Intrusion Detection systems has risen since usage of cloud technologies has become mainstream. With the ever growing network traffic, Network Intrusion Detection is a critical part of network security and a very efficient NIDS is a must, given new variety of attack arises frequently. These Intrusion Detection systems are built on either a pattern matching system or AI/ML based anomaly detection system. Pattern matching methods usually have a high False Positive Rates whereas the AI/ML based method, relies on finding metric/feature or correlation between set of metrics/features to predict the possibility of an attack. The most common of these is KNN, SVM etc., operate on a limited set of features and have less accuracy and still suffer from higher False Positive Rates. In this paper, we propose a deep learning model combining the distinct strengths of a Convolutional Neural Network and a Bi-directional LSTM to incorporate learning of spatial and temporal features of the data. For this paper, we use publicly available datasets NSL-KDD and UNSW-NB15 to train and test the model. The proposed model offers a high detection rate and comparatively lower False Positive Rate. The proposed model performs better than many state-of-the-art Network Intrusion Detection systems leveraging Machine Learning/Deep Learning models.

Asmaa Halbouni,Teddy Surya Gunawan,Mohamed Hadi Habaebi,Murad Halbouni,Mira Kartiwi,Robiah Ahmad

DOI: https://doi.org/10.1109/access.2022.3206425

IF: 3.9

2022-09-30

IEEE Access

Abstract:Network security becomes indispensable to our daily interactions and networks. As attackers continue to develop new types of attacks and the size of networks continues to grow, the need for an effective intrusion detection system has become critical. Numerous studies implemented machine learning algorithms to develop an effective IDS; however, with the advent of deep learning algorithms and artificial neural networks that can generate features automatically without human intervention, researchers began to rely on deep learning. In our research, we took advantage of the Convolutional Neural Network's ability to extract spatial features and the Long Short-Term Memory Network's ability to extract temporal features to create a hybrid intrusion detection system model. We added batch normalization and dropout layers to the model to increase its performance. Based on the binary and multiclass classification, the model was trained using three datasets: CIC-IDS 2017, UNSW-NB15, and WSN-DS. The confusion matrix determines the system's effectiveness, which includes evaluation criteria such as accuracy, precision, detection rate, F1-score, and false alarm rate (FAR). The effectiveness of the proposed model was demonstrated by experimental results showing a high detection rate, high accuracy, and a relatively low FAR.

Muhammad Basit Umair,Zeshan Iqbal,Muhammad Ahmad Faraz,Muhammad Attique Khan,Yu-Dong Zhang,Navid Razmjooy,Sefedine Kadry

DOI: https://doi.org/10.1089/big.2021.0268

IF: 4.426

2022-06-16

Big Data

Abstract:An intrusion detection system (IDS) is designed to detect and analyze network traffic for suspicious activity. Several methods have been introduced in the literature for IDSs; however, due to a large amount of data, these models have failed to achieve high accuracy. A statistical approach is proposed in this research due to the unsatisfactory results of traditional intrusion detection methods. The features are extracted and selected using a multilayer convolutional neural network, and a softmax classifier is employed to classify the network intrusions. To perform further analysis, a multilayer deep neural network is also applied to classify network intrusions. Furthermore, the experiments are performed using two commonly used benchmark intrusion detection datasets: NSL-KDD and KDDCUP'99. The performance of the proposed model is evaluated using four performance metrics: accuracy, recall, F1-score, and precision. The experimental results show that the proposed approach achieved better accuracy (99%) compared with other IDSs.

computer science, theory & methods, interdisciplinary applications

S. Kanumalli,L. K,Rajeswari A,Tejaswi M,Samyuktha P

DOI: https://doi.org/10.1109/ICAIS56108.2023.10073719

2023-02-02

Abstract:As cloud technologies are used more frequently, network intrusion detection systems are becoming increasingly well-liked. Due to ever-increasing network traffic and the regular emergence of new types of assaults, Network Intrusion Detection (NIDS) came into existence as a key aspect of network security and must be extremely effective. These kind of IDS systems employ either an anomaly detection system based on machine learning or a system for matching patterns. The False Positive Rate for pattern matching approaches is high, but AI/ML-based systems determine the possibility of an attack by identifying a metric or characteristic or a connection between a number of metrics or characteristics. The most popular models include KNN, SVM, and others, they only work on a small range of traits, are not very accurate, and have a high False Positive Rate. This study created a deep learning system to learn the temporal and spatial data properties using the advantages of CNN and Bidirectional LSTM. The system present in this paper is trained and analyzed using the openly available dataset NSL-KDD. The proposed model has a high rate of detection and a low incidence of false positives. A lot of cutting-edge Network Intrusion Detection systems that use Machine Learning/Deep Learning models perform better than the suggested model.

Engineering,Computer Science

Muhammad Ashfaq Khan

DOI: https://doi.org/10.3390/pr9050834

IF: 3.5

2021-05-10

Processes

Abstract:Nowadays, network attacks are the most crucial problem of modern society. All networks, from small to large, are vulnerable to network threats. An intrusion detection (ID) system is critical for mitigating and identifying malicious threats in networks. Currently, deep learning (DL) and machine learning (ML) are being applied in different domains, especially information security, for developing effective ID systems. These ID systems are capable of detecting malicious threats automatically and on time. However, malicious threats are occurring and changing continuously, so the network requires a very advanced security solution. Thus, creating an effective and smart ID system is a massive research problem. Various ID datasets are publicly available for ID research. Due to the complex nature of malicious attacks with a constantly changing attack detection mechanism, publicly existing ID datasets must be modified systematically on a regular basis. So, in this paper, a convolutional recurrent neural network (CRNN) is used to create a DL-based hybrid ID framework that predicts and classifies malicious cyberattacks in the network. In the HCRNNIDS, the convolutional neural network (CNN) performs convolution to capture local features, and the recurrent neural network (RNN) captures temporal features to improve the ID system’s performance and prediction. To assess the efficacy of the hybrid convolutional recurrent neural network intrusion detection system (HCRNNIDS), experiments were done on publicly available ID data, specifically the modern and realistic CSE-CIC-DS2018 data. The simulation outcomes prove that the proposed HCRNNIDS substantially outperforms current ID methodologies, attaining a high malicious attack detection rate accuracy of up to 97.75% for CSE-CIC-IDS2018 data with 10-fold cross-validation.

engineering, chemical

Jevgenijus Toldinas,Algimantas Venčkauskas,Robertas Damaševičius,Šarūnas Grigaliūnas,Nerijus Morkevičius,Edgaras Baranauskas

DOI: https://doi.org/10.3390/electronics10151854

IF: 2.9

2021-08-01

Electronics

Abstract:The current rise in hacking and computer network attacks throughout the world has heightened the demand for improved intrusion detection and prevention solutions. The intrusion detection system (IDS) is critical in identifying abnormalities and assaults on the network, which have grown in size and pervasiveness. The paper proposes a novel approach for network intrusion detection using multistage deep learning image recognition. The network features are transformed into four-channel (Red, Green, Blue, and Alpha) images. The images then are used for classification to train and test the pre-trained deep learning model ResNet50. The proposed approach is evaluated using two publicly available benchmark datasets, UNSW-NB15 and BOUN Ddos. On the UNSW-NB15 dataset, the proposed approach achieves 99.8% accuracy in the detection of the generic attack. On the BOUN DDos dataset, the suggested approach achieves 99.7% accuracy in the detection of the DDos attack and 99.7% accuracy in the detection of the normal traffic.

engineering, electrical & electronic,computer science, information systems,physics, applied

Brandon Bowen,Anitha Chennamaneni,Ana Goulart,Daisy Lin

DOI: https://doi.org/10.1007/s10207-023-00663-5

2023-03-03

International Journal of Information Security

Abstract:Intrusion detection systems (IDS) identify cyber attacks given a sample of network traffic collected from real-world computer networks. As a powerful classification tool, deep learning (DL) models have been used as IDSs. Although most models achieve high accuracy, they may not always detect underrepresented attacks. Also, their accuracy depends on the dataset, its features, and the proportion of samples. This paper proposes BLoCNet, a hybrid DL model that combines convolutional neural network (CNN) and bidirectional long short-term memory (BLSTM) layers. CNN allows the IDS to recognize patterns in the features of the network data in a fast computation time. The results are sent to two BLSTM layers, which capitalize on the forward and backward propagation of data to identify malicious traffic. BLoCNet was evaluated against four datasets, and its results compared with five DL models and seven related studies. BLoCNet had a higher attack detection rate for CIC-IDS2017, IoT-23 and UNSW-NB15 than the five DL models. For CIC-IDS2017 and IoT-23 datasets, BLoCNet had an accuracy of 98% and 99%, which is similar performance as related studies, albeit not an exact comparison due to different sampling approaches. For the original UNSW-NB15 dataset, BLoCNet had an accuracy of 76.34% vs. 75.56% of related work. These results demonstrate that BLoCNet performed well across various datasets and confirms that its hybrid model provides good detection results.

computer science, information systems, theory & methods, software engineering

Lalin Heng,Thomas Weise

DOI: https://doi.org/10.1109/iccicc46617.2019.9146088

2019-01-01

Abstract:Network security is becoming more and more vital in our world as the internet permeates both the industry and our private life. Today, the means of production are networked and controlled by intelligent manufacturing process and the majority of the people are constantly connected to information systems by using mobile phones. Intrusion detection systems (IDS) are software components which detect attacks and malicious attempts to gain access to networks. How to design such systems efficiently is a question of both practical and research interest. We propose and approach based on cognitive computing using deep learning for this purpose. Our method has two main advantages: It is highly efficient and accurate, yet it is simple, builds on existing standard software, and can easily be implemented and enriched with domain knowledge by an expert from computer security with little background in machine learning. Furthermore, with the parallelism and big data support of the platform, our method will also scale well with the size of the dataset available for training. In deep learning, Convolutional neural network (CNNs) have successfully been applied to a variety of classification tasks in various fields. They are also available in easily accessible and scalable standard frameworks such as TensorFlow. In this paper, we present an approach to constructing an IDS based on CNN. Network traffic is presented based on features of TCP/IP connections and the approach is trained based on known attack signatures. We evaluate this approach using the widely available NSLKDD dataset. We are able to achieve the accuracy, precision, recall and $F_{1}$ -score of 98.92%, 99.82%, 92.34%, and 96.34%, respectively. Based on its simplicity and these surprisingly good performance results, we can conclude that our approach is highly suitable for constructing IDS.