Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Xuejiao Chen,Minyao Liu,Zixuan Wang,Yun Wang

DOI: https://doi.org/10.3390/s24165223

2024-08-12

Abstract:With the rapid advancement of the Internet of Things, network security has garnered increasing attention from researchers. Applying deep learning (DL) has significantly enhanced the performance of Network Intrusion Detection Systems (NIDSs). However, due to its complexity and "black box" problem, deploying DL-based NIDS models in practical scenarios poses several challenges, including model interpretability and being lightweight. Feature selection (FS) in DL models plays a crucial role in minimizing model parameters and decreasing computational overheads while enhancing NIDS performance. Hence, selecting effective features remains a pivotal concern for NIDSs. In light of this, this paper proposes an interpretable feature selection method for encrypted traffic intrusion detection based on SHAP and causality principles. This approach utilizes the results of model interpretation for feature selection to reduce feature count while ensuring model reliability. We evaluate and validate our proposed method on two public network traffic datasets, CICIDS2017 and NSL-KDD, employing both a CNN and a random forest (RF). Experimental results demonstrate superior performance achieved by our proposed method.

Chunyuan Wu,Aijuan Qian,Xiaoju Dong,Yanling Zhang

DOI: https://doi.org/10.1109/tase49443.2020.00019

2020-01-01

Abstract:Deep Learning models have demonstrated significant performance on different tasks such as computer vision, natural language processing, etc. In recent years, these models have also achieved remarkable progress in Intrusion Detection Systems. However, the mechanism of these models is often hard to understand, especially for researchers in the domain of network security. In this paper, we propose a visual analytics system for interpretable deep learning based intrusion detection. During the design of this visual analytics system, we follow the requirements and features of explainable artificial intelligence for users in the domain of network security. The system allows users to select the best parameters to construct the model, to better understand the role of neurons in a deep learning model, to select instances and explore the detection mechanism of the model on these instances. We present multiple use cases to demonstrate the effectiveness of our system.

Anbang Wang,Xinyu Gong,Jialiang Lu

DOI: https://doi.org/10.1109/smartcloud.2019.00028

2019-01-01

Abstract:With the development of network technology and the updating of intelligent networking devices, the variety of cyber attacks and the number of users being attacked are increasing. Intrusion Detection Systems (IDS) are commonly used in the field of network security to detect anomalous activity and behavior. Many previous works have achieved high detection accuracy on standard testing data sets by implementing mature Machine Learning (ML) algorithms. Inspired by the network ontology researches,, we propose two Long Short-Term Memory (LSTM) based IDSs with deep feature extraction: multi-class feature extraction IDS and dual-class feature extraction IDS. Through our experiments on the CICIDS2017 data set, we have found that multi-class feature extraction IDS can better identify the types of cyber attacks while the dual-class feature extraction IDS can better recall new attacks. We conclude that when the structure and characteristics of the classifier are limited, a reasonable selection of the feature extraction space can help improve the characteristics of the classifier and better achieve the downstream tasks in the security field.

Zhidong Wang,Yingxu Lai,Zenghui Liu,Jing Liu

DOI: https://doi.org/10.3390/s20143817

IF: 3.9

2020-07-08

Sensors

Abstract:Intrusion detection is only the initial part of the security system for an industrial control system. Because of the criticality of the industrial control system, professionals still make the most important security decisions. Therefore, a simple intrusion alarm has a very limited role in the security system, and intrusion detection models based on deep learning struggle to provide more information because of the lack of explanation. This limits the application of deep learning methods to industrial control network intrusion detection. We analyzed the deep neural network (DNN) model and the interpretable classification model from the perspective of information, and clarified the correlation between the calculation process of the DNN model and the classification process. By comparing the normal samples with the abnormal samples, the abnormalities that occur during the calculation of the DNN model compared to the normal samples could be found. Based on this, a layer-wise relevance propagation method was designed to map the abnormalities in the calculation process to the abnormalities of attributes. At the same time, considering that the data set may already contain some useful information, we designed filtering rules for a kind of data set that can be obtained at a low cost, so that the calculation result is presented in a more accurate manner, which should help professionals lock and address intrusion threats more quickly.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Congyuan Xu,Jizhong Shen,Xin Du,Fan Zhang

DOI: https://doi.org/10.1109/access.2018.2867564

IF: 3.9

2018-01-01

IEEE Access

Abstract:To improve the performance of network intrusion detection systems (IDS), we applied deep learning theory to intrusion detection and developed a deep network model with automatic feature extraction. In this paper, we consider the characteristics of the time-related intrusion and propose a novel IDS that consists of a recurrent neural network with gated recurrent units (GRU), multilayer perceptron (MLP), and softmax module. Experiments on the well-known KDD 99 and NSL-KDD data sets show that the system has leading performance. The overall detection rate was 99.42% using KDD 99 and 99.31% using NSL-KDD with false positive rates as low as 0.05% and 0.84%, respectively. In particular, for detecting the denial of service attacks, the system achieved detection rates of 99.98% and 99.55%, respectively. Comparative experiments showed that the GRU is more suitable as a memory unit for IDS than LSTM, and proved that it is an effective simplification and improvement of LSTM. Moreover, the bidirectional GRU can reach the best performance compared with the recently published methods.

Muhammad Naveed,Fahim Arif,Syed Muhammad Usman,Aamir Anwar,Myriam Hadjouni,Hela Elmannai,Saddam Hussain,Syed Sajid Ullah,Fazlullah Umar

DOI: https://doi.org/10.1155/2022/2215852

2022-08-10

Wireless Communications and Mobile Computing

Abstract:An intrusion detection system, often known as an IDS, is extremely important for preventing attacks on a network, violating network policies, and gaining unauthorized access to a network. The effectiveness of IDS is highly dependent on data preprocessing techniques and classification models used to enhance accuracy and reduce model training and testing time. For the purpose of anomaly identification, researchers have developed several machine learning and deep learning-based algorithms; nonetheless, accurate anomaly detection with low test and train times remains a challenge. Using a hybrid feature selection approach and a deep neural network- (DNN-) based classifier, the authors of this research suggest an enhanced intrusion detection system (IDS). In order to construct a subset of reduced and optimal features that may be used for classification, a hybrid feature selection model that consists of three methods, namely, chi square, ANOVA, and principal component analysis (PCA), is applied. These methods are referred to as "the big three." On the NSL-KDD dataset, the suggested model receives training and is then evaluated. The proposed method was successful in achieving the following results: a reduction of input data by 40%, an average accuracy of 99.73%, a precision score of 99.75%, an F1 score of 99.72%, and an average training and testing time of 138% and 2.7 seconds, respectively. The findings of the experiments demonstrate that the proposed model is superior to the performance of the other comparison approaches.

computer science, information systems,telecommunications,engineering, electrical & electronic

Tao Duan,Youhui Tian,Hanrui Zhang,Yaozong Liu,Qianmu Li,Jian Jiang,Zongsheng Shi

DOI: https://doi.org/10.1109/access.2020.2989498

IF: 3.9

2020-01-01

IEEE Access

Abstract:Intrusion detection technology, as an active and effective dynamic network defense technology, has rapidly become a hot research topic in the field of network security since it was proposed. However, current intrusion detection still faces some problems and challenges that affect its detection performance. Especially with the rapid development of the current network, the volume and dimension of network data are increasing day by day, and the network is full of a large number of unlabeled data, which brings great pressure on the data processing methods of IDS. In view of the tremendous pressure of intrusion detection brought by the current complex and high-dimensional network environment, this paper provides a feasible solution. Firstly, this paper briefly outlines the necessity of feature learning, the shortcomings of traditional feature learning methods and the new breakthroughs brought by deep belief network in feature learning, and focuses on the principle and working mechanism of deep belief network and Principal Component Analysis (PCA). Then, it constructs the intrusion detection model based on PCA-BP and DBN respectively. And through the experimental evaluation of the two detection models, a comparative experiment between deep belief network and principal component analysis is constructed. The experimental results show that deep belief network has unique advantages and good performance in feature learning. Therefore, deep belief network can be applied in the field of intrusion detection to extract effective features from the current high-dimensional and redundant network data, thereby improving the detection performance of IDS and its adaptability to the current complex and high-dimensional network environment.

Shraddha Mane,Dattaraj Rao

DOI: https://doi.org/10.48550/arXiv.2103.07110

2021-03-12

Abstract:Cybersecurity is a domain where the data distribution is constantly changing with attackers exploring newer patterns to attack cyber infrastructure. Intrusion detection system is one of the important layers in cyber safety in today's world. Machine learning based network intrusion detection systems started showing effective results in recent years. With deep learning models, detection rates of network intrusion detection system are improved. More accurate the model, more the complexity and hence less the interpretability. Deep neural networks are complex and hard to interpret which makes difficult to use them in production as reasons behind their decisions are unknown. In this paper, we have used deep neural network for network intrusion detection and also proposed explainable AI framework to add transparency at every stage of machine learning pipeline. This is done by leveraging Explainable AI algorithms which focus on making ML models less of black boxes by providing explanations as to why a prediction is made. Explanations give us measurable factors as to what features influence the prediction of a cyberattack and to what degree. These explanations are generated from SHAP, LIME, Contrastive Explanations Method, ProtoDash and Boolean Decision Rules via Column Generation. We apply these approaches to NSL KDD dataset for intrusion detection system and demonstrate results.

Cryptography and Security,Artificial Intelligence

Pengfei Sun,Pengju Liu,Qi Li,Chenxi Liu,Xiangling Lu,Ruochen Hao,Jinpeng Chen

DOI: https://doi.org/10.1155/2020/8890306

IF: 1.968

2020-08-28

Security and Communication Networks

Abstract:Many studies utilized machine learning schemes to improve network intrusion detection systems recently. Most of the research is based on manually extracted features, but this approach not only requires a lot of labor costs but also loses a lot of information in the original data, resulting in low judgment accuracy and cannot be deployed in actual situations. This paper develops a DL-IDS (deep learning-based intrusion detection system), which uses the hybrid network of Convolutional Neural Network (CNN) and Long Short-Term Memory Network (LSTM) to extract the spatial and temporal features of network traffic data and to provide a better intrusion detection system. To reduce the influence of an unbalanced number of samples of different attack types in model training samples on model performance, DL-IDS used a category weight optimization method to improve the robustness. Finally, DL-IDS is tested on CICIDS2017, a reliable intrusion detection dataset that covers all the common, updated intrusions and cyberattacks. In the multiclassification test, DL-IDS reached 98.67% in overall accuracy, and the accuracy of each attack type was above 99.50%.

computer science, information systems,telecommunications

Xuecheng Yu,Yan Huang,Yu Zhang,Mingyang Song,Zhenhong Jia

DOI: https://doi.org/10.32604/cmc.2023.044999

2024-01-01

Abstract:With the increasing dimensionality of network traffic, extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems (IDS). However, both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features, resulting in an analysis that is not an optimal set. Therefore, in order to extract more representative traffic features as well as to improve the accuracy of traffic identification, this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T2 and a multilayer convolutional bidirectional long short-term memory (MSC_BiLSTM) classifier model for network traffic intrusion detection. This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory (BiLSTM) network, which fully considers the influence between the before and after features. The network traffic is first characteristically downscaled by principal component analysis (PCA), and then the downscaled principal components are used as input to Hotelling’s T2 to compare the differences between groups. For datasets with outliers, Hotelling’s T2 can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers. Finally, a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data. The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision, recall and F1-score juxtaposed with the prevailing techniques. The results show that the intrusion detection accuracy, precision, and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%, 95.97%, and 90.22%.

computer science, information systems,materials science, multidisciplinary

Seshu Bhavani Mallampati,Hari Seetha

DOI: https://doi.org/10.1142/s0219649223500661

2023-11-22

Journal of Information & Knowledge Management

Abstract:Journal of Information &Knowledge Management, Ahead of Print. With advances in computer network technology, the Internet has become an integral part of our daily lives. It goes without saying that providing security to network data is crucial. To this effect, the intrusion detection system (IDS) is vital for defending networks against cyberattacks. However, the high dimensionality of data is a significant issue that impacts categorisation accuracy. Therefore, we proposed a novel integrated feature extraction method called PC-UDAE that uses principal component analysis (PCA) and Unsupervised Deep Autoencoder (UDAE) to extract linear and nonlinear relationships. Also, to address the class imbalance, synthetic minority class samples are generated using the combination of Synthetic Minority Over Sampling Technique and Edited Nearest Neighbour (SMOTE-ENN). Finally, the extracted features are trained by using supervised machine learning models like Random Forest (RF), Extreme Gradient Boosting Machine (XGBM), Decision Tree (DT), Light Gradient Boosting Machine (LGBM), Extra Tree (ET), Support Vector Machine (SVM), AdaBoost (AB), and K-Nearest Neighbour (KNN) with the original imbalanced and balanced data. We analysed our suggested model using UNSW-NB 15, NSL-KDD, Ton-IoT data sets and obtained 98.85%, 99.59%, and 99.97% accuracy, respectively. Our experimental findings show that our proposed method outperformed all other competing methods.

Feng Wei,Hongda Li,Ziming Zhao,Hongxin Hu

2023-01-01

Abstract:While Deep Learning-based Network Intrusion Detection Systems (DL-NIDS) have recently been significantly explored and shown superior performance, they are insufficient to actively respond to the detected intrusions due to the semantic gap between their detection results and actionable interpretations. Furthermore, their high error costs make network operators unwilling to respond solely based on their detection results. The root cause of these drawbacks can be traced to the lack of explainability of DL-NIDS. Although some methods have been developed to explain deep learning-based systems, they are incapable of handling the history inputs and complex feature dependencies of structured data and do not perform well in explaining DL-NIDS. In this paper, we present XNIDS, a novel framework that facilitates active intrusion responses by explaining DL-NIDS. Our explanation method is highlighted by: (1) approximating and sampling around history inputs; and (2) capturing feature dependencies of structured data to achieve a high-fidelity explanation. Based on the explanation results, XNIDS can further generate actionable defense rules. We evaluate XNIDS with four state-of-the-art DL-NIDS. Our evaluation results show that XNIDS outperforms previous explanation methods in terms of fidelity, sparsity, completeness, and stability, all of which are important to active intrusion responses. Moreover, we demonstrate that XNIDS can efficiently generate practical defense rules, help understand DL-NIDS behaviors, and troubleshoot detection errors.

Swapnil Mane,Vaibhav Khatavkar,Niranjan Gijare,Pranav Bhendawade

2023-04-04

Abstract:An Intrusion detection system (IDS) is essential for avoiding malicious activity. Mostly, IDS will be improved by machine learning approaches, but the model efficiency is degrading because of more headers (or features) present in the packet (each record). The proposed model extracts practical features using Non-negative matrix factorization and chi-square analysis. The more number of features increases the exponential time and risk of overfitting the model. Using both techniques, the proposed model makes a hierarchical approach that will reduce the features quadratic error and noise. The proposed model is implemented on three publicly available datasets, which gives significant improvement. According to recent research, the proposed model has improved performance by 4.66% and 0.39% with respective NSL-KDD and CICD 2017.

Cryptography and Security

Zakaria Abou El Houda,Bouziane Brik,Lyes Khoukhi

DOI: https://doi.org/10.1109/ojcoms.2022.3188750

2022-01-01

IEEE Open Journal of the Communications Society

Abstract:Internet of Things (IoT) is an emerging paradigm that is turning and revolutionizing worldwide cities into smart cities. However, this emergence is accompanied with several cybersecurity concerns due mainly to the data sharing and constant connectivity of IoT networks. To address this problem, multiple Intrusion Detection Systems (IDSs) have been designed as security mechanisms, which showed their efficiency in mitigating several IoT-related attacks, especially when using deep learning (DL) algorithms. Indeed, Deep Neural Networks (DNNs) significantly improve the detection rate of IoT-related intrusions. However, DL-based models are becoming more and more complex, and their decisions are hardly interpreted by users, especially companies’ executive staff and cybersecurity experts. Hence, the corresponding users cannot neither understand and trust DL models decisions, nor optimize their decisions (users) based on DL models outputs. To overcome these limits, Explainable Artificial Intelligence (XAI) is an emerging paradigm of Artificial Intelligence (AI), that provides a set of techniques to help interpreting and understanding predictions made by DL models. Thus, XAI enables to explain the decisions of DL-based IDSs to make them interpretable by cybersecurity experts. In this paper, we design a new XAI-based framework to give explanations to any critical DL-based decisions for IoT-related IDSs. Our framework relies on a novel IDS for IoT networks, that we also develop by leveraging deep neural network, to detect IoT-related intrusions. In addition, our framework uses three main XAI techniques ($i.e.$ , RuleFit, Local Interpretable Model-Agnostic Explanations (LIME), and SHapley Additive exPlanations (SHAP)), on top of our DNN-based model. Our framework can provide both local and global explanations to optimize the interpretation of DL-based decisions. The local explanations target a single/particular DL output, while global explanations focus on deducing the most important features that have conducted to each made decision (e.g., intrusion detection). Thus, our proposed framework introduces more transparency and trust between the decisions made by our DL-based IDS model and cybersecurity experts. Both NSL-KDD and UNSW-NB15 datasets are used to validate the feasibility of our XAI framework. The experimental results show the efficiency of our framework to improve the interpretability of the IoT IDS against well-known IoT attacks, and help the cybersecurity experts get a better understanding of IDS decisions.

Taining Zhang,Yihan Xiao,C. Xing,Zhongkai Zhao

DOI: https://doi.org/10.1109/ACCESS.2019.2904620

IF: 3.9

2019-03-12

IEEE Access

Abstract:With the popularity and development of network technology and the Internet, intrusion detection systems (IDSs), which can identify attacks, have been developed. Traditional intrusion detection algorithms typically employ mining association rules to identify intrusion behaviors. However, they fail to fully extract the characteristic information of user behaviors and encounter various problems, such as high false alarm rate (FAR), poor generalization capability, and poor timeliness. In this paper, we propose a network intrusion detection model based on a convolutional neural network–IDS (CNN–IDS). Redundant and irrelevant features in the network traffic data are first removed using different dimensionality reduction methods. Features of the dimensionality reduction data are automatically extracted using the CNN, and more effective information for identifying intrusion is extracted by supervised learning. To reduce the computational cost, we convert the original traffic vector format into an image format and use a standard KDD-CUP99 dataset to evaluate the performance of the proposed CNN model. The experimental results indicate that the AC, FAR, and timeliness of the CNN–IDS model are higher than those of traditional algorithms. Therefore, the model we propose has not only research significance but also practical value.

Engineering,Computer Science

Yiwen Wang,Lei Xu,Wanli Liu,Rongzhen Li,Junjie Gu

DOI: https://doi.org/10.1007/s11277-023-10472-7

IF: 2.017

2023-01-01

Wireless Personal Communications

Abstract:People often use similar methods to invade network traffic, such as flood attacks and Ddos attacks. Early detection of malicious traffic usually uses manual filtering to establish a whitelist, and then uses some artificial intelligence to simply measure some characteristic parameters. The high predictive performance of artificial intelligence will inevitably introduce unknowable decision process into network intrusion detection. When it is applied to the extremely important network environment, human’s doubt on its black box effect will hinder its advancement. Here, we make a propose to come up with a network traffic intrusion detection method (XAI-IDS) on account of interpretable artificial intelligence to detect malicious traffic intrusion in networks. XAI-IDS analyzes network traffic data to predict whether the traffic is malicious intrusion.

Xin Xu

2006-01-01

Abstract:In recent years, intrusion detection has emerged as an important technique for network security. Due to the large volumes of security audit data as well as complex and dynamic properties of intrusion behaviors, to optimize the performance of intrusion detection systems (IDSs) becomes an important open problem. In this paper, a general framework of adaptive intrusion detection based on machine learning is presented. In the framework, three perspectives of challenging problems are explored, which include feature extraction, classifier construction and pattern prediction for sequential data. It is illustrated that the three perspectives of research challenges are mainly suitable for machine learning methods using unsupervised, supervised and reinforcement learning algorithms, respectively. Several recently developed machine learning algorithms, including a multi-class support vector machine with principal component analysis (PCA) for feature reduction and a reinforcement learning algorithm for sequential prediction, are applied and evaluated both on network-based traffic data and on host-based program behaviors. Experiments on the KDD99 intrusion detection data set and the system call data from University of New Mexico show very promising results for the machine learning approaches to adaptive intrusion detection. Some directions for future research works are also discussed.

Maonan Wang,Kangfeng Zheng,Yanqing Yang,Xiujuan Wang

DOI: https://doi.org/10.1109/access.2020.2988359

IF: 3.9

2020-01-01

IEEE Access

Abstract:In recent years, machine learning-based intrusion detection systems (IDSs) have proven to be effective; especially, deep neural networks improve the detection rates of intrusion detection models. However, as models become more and more complex, people can hardly get the explanations behind their decisions. At the same time, most of the works about model interpretation focuses on other fields like computer vision, natural language processing, and biology. This leads to the fact that in practical use, cybersecurity experts can hardly optimize their decisions according to the judgments of the model. To solve these issues, a framework is proposed in this paper to give an explanation for IDSs. This framework uses SHapley Additive exPlanations (SHAP), and combines local and global explanations to improve the interpretation of IDSs. The local explanations give the reasons why the model makes certain decisions on the specific input. The global explanations give the important features extracted from IDSs, present the relationships between the feature values and different types of attacks. At the same time, the interpretations between two different classifiers, one-vs-all classifier and multiclass classifier, are compared. NSL-KDD dataset is used to test the feasibility of the framework. The framework proposed in this paper leads to improve the transparency of any IDS, and helps the cybersecurity staff have a better understanding of IDSs' judgments. Furthermore, the different interpretations between different kinds of classifiers can also help security experts better design the structures of the IDSs. More importantly, this work is unique in the intrusion detection field, presenting the first use of the SHAP method to give explanations for IDSs.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation