CNN-GRU-FF: a double-layer feature fusion-based network intrusion detection system using convolutional neural network and gated recurrent units

Yakubu Imrana,Yanping Xiang,Liaqat Ali,Adeeb Noor,Kwabena Sarpong,Muhammed Amin Abdullah
DOI: https://doi.org/10.1007/s40747-023-01313-y
IF: 6.7
2024-02-02
Complex & Intelligent Systems
Abstract:Abstract Identifying and preventing malicious network behavior is a challenge for establishing a secure network communication environment or system. Malicious activities in a network system can seriously threaten users’ privacy and potentially jeopardize the entire network infrastructure and functions. Furthermore, cyber-attacks have grown in complexity and number due to the ever-evolving digital landscape of computer and network devices in recent years. Analyzing network traffic using network intrusion detection systems (NIDSs) has become an integral security measure in modern networks to identify malicious and suspicious activities. However, most intrusion detection datasets contain imbalance classes, making it difficult for most existing classifiers to achieve good performance. In this paper, we propose a double-layer feature extraction and feature fusion technique (CNN-GRU-FF), which uses a modified focal loss function instead of the traditional cross-entropy to handle the class imbalance problem in the IDS datasets. We use the NSL-KDD and UNSW-NB15 datasets to evaluate the effectiveness of the proposed model. From the research findings, it is evident our CNN-GRU-FF method obtains a detection rate of 98.22% and 99.68% using the UNSW-NB15 and NSL-KDD datasets, respectively while maintaining low false alarm rates on both datasets. We compared the proposed model’s performance with seven baseline algorithms and other published methods in literature. It is evident from the performance results that our proposed method outperforms the state-of-the-art network intrusion detection methods.
computer science, artificial intelligence
What problem does this paper attempt to address?
The problem that this paper attempts to solve is how to effectively identify and prevent malicious network behaviors in Network Intrusion Detection Systems (NIDS). Specifically, in view of the problem of class imbalance in existing intrusion detection datasets, the paper proposes a two - layer feature fusion technique (CNN - GRU - FF) based on Convolutional Neural Network (CNN) and Gated Recurrent Unit (GRU). This method aims to improve the accuracy of network intrusion detection by fusing spatial and temporal features and uses the modified focal loss function to deal with the class imbalance problem in the dataset. ### Main contributions of the paper: 1. **Proposed a new two - stage feature extraction method**: This method effectively utilizes the advantages of CNN and RNN through feature fusion, combines the learning of spatial and temporal features, and improves the robustness of network intrusion detection. 2. **Solved the class imbalance problem in intrusion detection datasets**: By using the modified focal loss function, the accuracy of the proposed CNN - GRU - FF NIDS method is further improved. 3. **For the first time, proposed a method of combining spatial and temporal feature fusion with the modified focal loss function in NIDS**. 4. **Verified the effectiveness of the CNN - GRU - FF NIDS method through extensive experiments**: The experimental results show that the detection rates of this method on the NSL - KDD and UNSW - NB15 datasets reach 99.68% and 98.22% respectively, and maintain a low false positive rate, which is superior to existing NIDS methods. ### Problems solved: - **Class imbalance problem**: Most intrusion detection datasets have class imbalance situations, which make it difficult for traditional classifiers to achieve good performance. The paper effectively alleviates this problem by using the modified focal loss function. - **Insufficient feature extraction**: Traditional CNN and RNN may not be able to fully capture the key spatial and temporal features in network intrusion detection. The paper improves the detection performance of the model by combining the spatial feature extraction ability of CNN and the temporal feature extraction ability of GRU through the two - layer feature fusion technique. ### Experimental verification: - **Datasets**: The paper uses two well - known intrusion detection datasets, NSL - KDD and UNSW - NB15, to evaluate the proposed method. - **Performance indicators**: Mainly focus on the detection rate and false positive rate. The experimental results show that the proposed method performs excellently in both indicators and is superior to other existing methods. In conclusion, through proposing an innovative two - layer feature fusion technique and an improved loss function, this paper effectively solves the key problems in network intrusion detection and improves the accuracy and robustness of detection.