Novel Approach to Intrusion Detection: Introducing GAN-MSCNN-BILSTM with LIME Predictions

Asmaa Benchama,Khalid Zebbara
DOI: https://doi.org/10.56294/dm2023202
2024-06-08
Abstract:This paper introduces an innovative intrusion detection system that harnesses Generative Adversarial Networks (GANs), Multi-Scale Convolutional Neural Networks (MSCNNs), and Bidirectional Long Short-Term Memory (BiLSTM) networks, supplemented by Local Interpretable Model-Agnostic Explanations (LIME) for interpretability. Employing a GAN, the system generates realistic network traffic data, encompassing both normal and attack patterns. This synthesized data is then fed into an MSCNN-BiLSTM architecture for intrusion detection. The MSCNN layer extracts features from the network traffic data at different scales, while the BiLSTM layer captures temporal dependencies within the traffic sequences. Integration of LIME allows for explaining the model's decisions. Evaluation on the Hogzilla dataset, a standard benchmark, showcases an impressive accuracy of 99.16\% for multi-class classification and 99.10\% for binary classification, while ensuring interpretability through LIME. This fusion of deep learning and interpretability presents a promising avenue for enhancing intrusion detection systems by improving transparency and decision support in network security.
Cryptography and Security,Artificial Intelligence,Networking and Internet Architecture
What problem does this paper attempt to address?
The problem that this paper attempts to solve is to improve the detection accuracy and interpretability in network intrusion detection systems (IDS). Specifically, the paper proposes a new deep - learning method, which combines generative adversarial networks (GAN), multi - scale convolutional neural networks (MSCNN) and bidirectional long - short - term memory networks (BiLSTM), and enhances the transparency and decision - support capabilities of the model through the Local Interpretable Model - agnostic Explanations (LIME) technique. ### Main Problems and Solutions 1. **Improve Detection Accuracy**: - **GAN - Generated Data**: Use GAN to generate real - world network traffic data containing normal and attack patterns to address the class imbalance problem in the dataset and enhance the model's ability to detect rare intrusions. - **MSCNN Feature Extraction**: Extract features at different scales from network traffic data through multi - scale convolutional neural networks (MSCNN) to capture multi - level complex patterns and anomalies. - **BiLSTM Captures Temporal Dependencies**: Employ bidirectional long - short - term memory networks (BiLSTM) to capture temporal dependencies in network traffic sequences, improving the model's ability to analyze sequential and temporal events. 2. **Enhance Model Interpretability**: - **LIME Explains Model Decisions**: Integrate the LIME technique to provide explanations for model classifications, helping security analysts understand the key features in network traffic, thereby improving the system's transparency and decision - support capabilities. ### Experimental Results The paper was evaluated on the Hogzilla dataset. The results show that this method achieved an accuracy of 99.16% in multi - class classification tasks and 99.10% in binary classification tasks, while ensuring the interpretability provided by LIME. ### Summary This paper proposes an innovative intrusion detection system by fusing deep - learning and interpretability techniques, which not only improves the detection accuracy but also enhances the system's transparency and decision - support capabilities, providing a new research direction for network security.