Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Isra Al-Turaiki,Najwa Altwaijry

DOI: https://doi.org/10.1089/big.2020.0263

IF: 4.426

2021-06-01

Big Data

Abstract:Cybersecurity protects and recovers computer systems and networks from cyber attacks. The importance of cybersecurity is growing commensurately with people's increasing reliance on technology. An anomaly detection-based network intrusion detection system is essential to any security framework within a computer network. In this article, we propose two models based on deep learning to address the binary and multiclass classification of network attacks. We use a convolutional neural network architecture for our models. In addition, a hybrid two-step preprocessing approach is proposed to generate meaningful features. The proposed approach combines dimensionality reduction and feature engineering using deep feature synthesis. The performance of our models is evaluated using two benchmark data sets, namely the network security laboratory-knowledge discovery in databases data set and the University of New South Wales Network Based 2015 data set. The performance is compared with similar deep learning approaches in the literature, as well as state-of-the-art classification models. Experimental results show that our models achieve good performance in terms of accuracy and recall, outperforming similar models in the literature.

computer science, theory & methods, interdisciplinary applications

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Mahalakshmi G,Uma E,Aroosiya M,Vinitha M

DOI: https://doi.org/10.3233/apc210116

2021-11-09

Abstract:Networks have an important role in our modern life. In the network, Cyber security plays a crucial role in Internet security. An Intrusion Detection System (IDS) acts as a cyber security system which monitors and detects any security threats for software and hardware running on the network. There we have many existing IDS but still we face challenges in improving accuracy in detecting security vulnerabilities, not enough methods to reduce the level of alertness and detecting intrusion attacks. Many researchers have tried to solve the above problems by focusing on developing IDSs by machine learning methods. Machine learning methods can detect datas from past experience and differentiate normal and abnormal data. In our work, the Convolutional Neural Network(CNN) deep learning method was developed in solving the problem of identifying intrusion in a network. Using the UNSW NB15 public dataset we trained the CNN algorithm. The Dataset contains binary types of ‘0’ and ‘1’ in general for normal and attack datas. The experimental results showed that the proposed model achieves maximum accuracy in detection and we also performed evaluation metrics to analyze the performance of the CNN algorithm.

Emad Hmood Salman,Montadar Abas Taher,Yousif I Hammadi,Omar Abdulkareem Mahmood,Ammar Muthanna,Andrey Koucheryavy

DOI: https://doi.org/10.3390/s23010206

2022-12-25

Abstract:Telecommunication networks are growing exponentially due to their significant role in civilization and industry. As a result of this very significant role, diverse applications have been appeared, which require secured links for data transmission. However, Internet-of-Things (IoT) devices are a substantial field that utilizes the wireless communication infrastructure. However, the IoT, besides the diversity of communications, are more vulnerable to attacks due to the physical distribution in real world. Attackers may prevent the services from running or even forward all of the critical data across the network. That is, an Intrusion Detection System (IDS) has to be integrated into the communication networks. In the literature, there are numerous methodologies to implement the IDSs. In this paper, two distinct models are proposed. In the first model, a custom Convolutional Neural Network (CNN) was constructed and combined with Long Short Term Memory (LSTM) deep network layers. The second model was built about the all fully connected layers (dense layers) to construct an Artificial Neural Network (ANN). Thus, the second model, which is a custom of an ANN layers with various dimensions, is proposed. Results were outstanding a compared to the Logistic Regression algorithm (LR), where an accuracy of 97.01% was obtained in the second model and 96.08% in the first model, compared to the LR algorithm, which showed an accuracy of 92.8%.

Imtiaz Ullah,Qusay H. Mahmoud

DOI: https://doi.org/10.1109/access.2021.3094024

IF: 3.9

2021-01-01

IEEE Access

Abstract:The growing development of IoT (Internet of Things) devices creates a large attack surface for cybercriminals to conduct potentially more destructive cyberattacks; as a result, the security industry has seen an exponential increase in cyber-attacks. Many of these attacks have effectively accomplished their malicious goals because intruders conduct cyber-attacks using novel and innovative techniques. An anomaly-based IDS (Intrusion Detection System) uses machine learning techniques to detect and classify attacks in IoT networks. In the presence of unpredictable network technologies and various intrusion methods, traditional machine learning techniques appear inefficient. In many research areas, deep learning methods have shown their ability to identify anomalies accurately. Convolutional neural networks are an excellent alternative for anomaly detection and classification due to their ability to automatically categorize main characteristics in input data and their effectiveness in performing faster computations. In this paper, we design and develop a novel anomaly-based intrusion detection model for IoT networks. First, a convolutional neural network model is used to create a multiclass classification model. The proposed model is then implemented using convolutional neural networks in 1D, 2D, and 3D. The proposed convolutional neural network model is validated using the BoT-IoT, IoT Network Intrusion, MQTT-IoT-IDS2020, and IoT-23 intrusion detection datasets. Transfer learning is used to implement binary and multiclass classification using a convolutional neural network multiclass pre-trained model. Our proposed binary and multiclass classification models have achieved high accuracy, precision, recall, and F1 score compared to existing deep learning implementations.

computer science, information systems,telecommunications,engineering, electrical & electronic

Azizjon Meliboev,Jumabek Alikhanov,Wooseong Kim

DOI: https://doi.org/10.48550/arXiv.2003.00476

2020-03-04

Abstract:Intrusion detection system (IDS) plays an essential role in computer networks protecting computing resources and data from outside attacks. Recent IDS faces challenges improving flexibility and efficiency of the IDS for unexpected and unpredictable attacks. Deep neural network (DNN) is considered popularly for complex systems to abstract features and learn as a machine learning technique. In this paper, we propose a deep learning approach for developing the efficient and flexible IDS using one-dimensional Convolutional Neural Network (1D-CNN). Two-dimensional CNN methods have shown remarkable performance in detecting objects of images in computer vision area. Meanwhile, the 1D-CNN can be used for supervised learning on time-series data. We establish a machine learning model based on the 1D-CNN by serializing Transmission Control Protocol/Internet Protocol (TCP/IP) packets in a predetermined time range as an invasion Internet traffic model for the IDS, where normal and abnormal network traffics are categorized and labeled for supervised learning in the 1D-CNN. We evaluated our model on UNSW\_NB15 IDS dataset to show the effectiveness of our method. For comparison study in performance, machine learning-based Random Forest (RF) and Support Vector Machine (SVM) models in addition to the 1D-CNN with various network parameters and architecture are exploited. In each experiment, the models are run up to 200 epochs with a learning rate in 0.0001 on imbalanced and balanced data. 1D-CNN and its variant architectures have outperformed compared to the classical machine learning classifiers. This is mainly due to the reason that CNN has the capability to extract high-level feature representations that represent the abstract form of low-level feature sets of network traffic connections.

Cryptography and Security,Artificial Intelligence

Niraj Thapa,Zhipeng Liu,B. KC Dukka,Balakrishna Gokaraju,Kaushik Roy,Dukka B. KC

DOI: https://doi.org/10.3390/fi12100167

2020-09-30

Future Internet

Abstract:The development of robust anomaly-based network detection systems, which are preferred over static signal-based network intrusion, is vital for cybersecurity. The development of a flexible and dynamic security system is required to tackle the new attacks. Current intrusion detection systems (IDSs) suffer to attain both the high detection rate and low false alarm rate. To address this issue, in this paper, we propose an IDS using different machine learning (ML) and deep learning (DL) models. This paper presents a comparative analysis of different ML models and DL models on Coburg intrusion detection datasets (CIDDSs). First, we compare different ML- and DL-based models on the CIDDS dataset. Second, we propose an ensemble model that combines the best ML and DL models to achieve high-performance metrics. Finally, we benchmarked our best models with the CIC-IDS2017 dataset and compared them with state-of-the-art models. While the popular IDS datasets like KDD99 and NSL-KDD fail to represent the recent attacks and suffer from network biases, CIDDS, used in this research, encompasses labeled flow-based data in a simulated office environment with both updated attacks and normal usage. Furthermore, both accuracy and interpretability must be considered while implementing AI models. Both ML and DL models achieved an accuracy of 99% on the CIDDS dataset with a high detection rate, low false alarm rate, and relatively low training costs. Feature importance was also studied using the Classification and regression tree (CART) model. Our models performed well in 10-fold cross-validation and independent testing. CART and convolutional neural network (CNN) with embedding achieved slightly better performance on the CIC-IDS2017 dataset compared to previous models. Together, these results suggest that both ML and DL methods are robust and complementary techniques as an effective network intrusion detection system.

Asmaa Halbouni,Teddy Surya Gunawan,Mohamed Hadi Habaebi,Murad Halbouni,Mira Kartiwi,Robiah Ahmad

DOI: https://doi.org/10.1109/access.2022.3206425

IF: 3.9

2022-09-30

IEEE Access

Abstract:Network security becomes indispensable to our daily interactions and networks. As attackers continue to develop new types of attacks and the size of networks continues to grow, the need for an effective intrusion detection system has become critical. Numerous studies implemented machine learning algorithms to develop an effective IDS; however, with the advent of deep learning algorithms and artificial neural networks that can generate features automatically without human intervention, researchers began to rely on deep learning. In our research, we took advantage of the Convolutional Neural Network's ability to extract spatial features and the Long Short-Term Memory Network's ability to extract temporal features to create a hybrid intrusion detection system model. We added batch normalization and dropout layers to the model to increase its performance. Based on the binary and multiclass classification, the model was trained using three datasets: CIC-IDS 2017, UNSW-NB15, and WSN-DS. The confusion matrix determines the system's effectiveness, which includes evaluation criteria such as accuracy, precision, detection rate, F1-score, and false alarm rate (FAR). The effectiveness of the proposed model was demonstrated by experimental results showing a high detection rate, high accuracy, and a relatively low FAR.

Mohammed Maithem,Ghadaa A. Al-sultany

DOI: https://doi.org/10.1088/1742-6596/1804/1/012138

2021-02-01

Journal of Physics: Conference Series

Abstract:Abstract In recent decades, rapid development in the world of technology and networks has been achieved, also there is a spread of Internet services in all fields over the world. Piracy numbers have increased, also a lot of modern systems were penetrated, so the developing information security technologies to detect the new attack become an important requirement. One of the most important information security technologies is an Intrusion Detection System (IDS) that uses machine learning and deep learning techniques to detect anomalies in the network. The main idea of this paper is to use an advanced intrusion detection system with high network performance to detect the unknown attack package, by using a deep neural network algorithm, also in this model, the attack detection is done by two ways (binary classification and multiclass classification). The proposed system has shown encouraging results in terms of the high accuracy (99.98% with multiclass classification and with binary classification).

Chia-Ming Hsu,Muhammad Zulfan Azhari,He-Yen Hsieh,Setya Widyawan Prakosa,Jenq-Shiou Leu

DOI: https://doi.org/10.1007/s11036-020-01623-2

2020-07-21

Mobile Networks and Applications

Abstract:The intrusion detection system (IDS) is a crucial part in the network administration system to detect some types of cyber attack. IDS is categorized as a classifying machine thus it is likely to engage with the machine learning schemes. Many studies have demonstrated how to apply machine learning schemes to IDS even though they cannot provide optimum results. To tackle this issue, deep learning schemes can be considered as the solution due to its achievement in several fields. Therefore, in this study, we propose a deep learning model which is constructed based on convolutional neural network (CNN) layers and using Long-Short Term Memory (LSTM) layers called CNN-LSTM to classify every single traffic network. We use NSL-KDD dataset as the benchmark thus we can compare the performance of our proposed method with other existing works. This dataset includes two testing sets which are the first one is <i>K</i><i>D</i><i>D</i><i>T</i><i>e</i><i>s</i><i>t</i>⁺ while the second one is <i>K</i><i>D</i><i>D</i><i>T</i><i>e</i><i>s</i><i>t</i>^− 21 which is more difficult to be classified. The results show that our proposed method outperforms other existing works.

computer science, information systems,telecommunications, hardware & architecture

Majdi Maabreh,Ibrahim Obeidat,Esraa Abu Elsoud,Asma Alnajjar,Rahaf Alzyoud,Omar Darwish

DOI: https://doi.org/10.3991/ijim.v16i14.30197

2022-07-26

International Journal of Interactive Mobile Technologies (iJIM)

Abstract:Cyberattacks have increased in tandem with the exponential expansion of computer networks and network applications throughout the world. In this study, we evaluate and compare four features selection methods, seven classical machine learning algorithms, and the deep learning algorithm on one million random instances of CSE-CIC-IDS2018 big data set for network intrusions. The dataset was preprocessed and cleaned and all learning algorithms were trained on the original values of features. The feature selection methods highlighted the importance of features related to forwarding direction (FWD) and two flow measures (FLOW) in predicting the binary traffic type; benign or attack. Furthermore, the results revealed that whether models are trained on all features or the top 30 features selected by any of the four features selection techniques used in this experiment, there is no significant difference in model performance. Moreover, we may be able to train ML models on only four features and have them perform similarly to models trained on all data,which may result in preferable models in terms of complexity, explainability, and scale for deployment. Furthermore, by choosing four unanimity features instead of all traffic features, training time may be reduced from 10% to 50% of the training time on all features.

Adel Binbusayyis,Thavavel Vaiyapuri

DOI: https://doi.org/10.1007/s10489-021-02205-9

IF: 5.3

2021-02-24

Applied Intelligence

Abstract:With the rapid advancement in network technologies, the need for cybersecurity has gained increasing momentum in recent years. As a primary defense mechanism, an intrusion detection system (IDS) is expected to adapt and secure the computing infrastructures from the ever-changing sophisticated threat landscape. Many deep learning approaches have recently been proposed; however, these techniques face significant challenges in identifying all types of attacks, especially rare attacks due to network traffic imbalances and the lack of a sufficient number of abnormal traffic samples for model training. To overcome these shortcomings and improve detection performance, this paper presents an unsupervised deep learning approach for intrusion detection. Unlike the existing IDS model that extracts features and trains a classifier in two separate stages, a single-stage IDS approach that integrates a one-dimensional convolutional autoencoder (1D CAE) and a one-class support vector machine (OCSVM) as a classifier into a joint optimization framework is introduced in this paper for the first time. Using only the normal traffic samples, the approach simultaneously optimizes the 1D CAE for compact feature representation and the OCSVM for classification by defining a unified objective function combining reconstruction error with classification error. Thus, the generated compact feature representation has not only reconstruction ability but also discriminative ability for classification. An in-depth ablation analysis validates the design decisions and provides further insight of the proposed approach. An extensive set of experiments on two benchmark intrusion datasets, NSL-KDD and UNSW-NB15, demonstrates the generalization ability of the proposed model for unseen attacks and confirms it as a competitive approach over the recent state-of-the-art intrusion detection baselines. Overall, the obtained results emphasize that the proposed approach has potential to serve as a baseline for building an effective IDS.

computer science, artificial intelligence

Muhammad Naveed,Fahim Arif,Syed Muhammad Usman,Aamir Anwar,Myriam Hadjouni,Hela Elmannai,Saddam Hussain,Syed Sajid Ullah,Fazlullah Umar

DOI: https://doi.org/10.1155/2022/2215852

2022-08-10

Wireless Communications and Mobile Computing

Abstract:An intrusion detection system, often known as an IDS, is extremely important for preventing attacks on a network, violating network policies, and gaining unauthorized access to a network. The effectiveness of IDS is highly dependent on data preprocessing techniques and classification models used to enhance accuracy and reduce model training and testing time. For the purpose of anomaly identification, researchers have developed several machine learning and deep learning-based algorithms; nonetheless, accurate anomaly detection with low test and train times remains a challenge. Using a hybrid feature selection approach and a deep neural network- (DNN-) based classifier, the authors of this research suggest an enhanced intrusion detection system (IDS). In order to construct a subset of reduced and optimal features that may be used for classification, a hybrid feature selection model that consists of three methods, namely, chi square, ANOVA, and principal component analysis (PCA), is applied. These methods are referred to as "the big three." On the NSL-KDD dataset, the suggested model receives training and is then evaluated. The proposed method was successful in achieving the following results: a reduction of input data by 40%, an average accuracy of 99.73%, a precision score of 99.75%, an F1 score of 99.72%, and an average training and testing time of 138% and 2.7 seconds, respectively. The findings of the experiments demonstrate that the proposed model is superior to the performance of the other comparison approaches.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rahul Kale,Zhi Lu,Kar Wai Fok,Vrizlynn L. L. Thing

DOI: https://doi.org/10.48550/arXiv.2212.00966

2022-12-02

Cryptography and Security

Abstract:Cyber intrusion attacks that compromise the users' critical and sensitive data are escalating in volume and intensity, especially with the growing connections between our daily life and the Internet. The large volume and high complexity of such intrusion attacks have impeded the effectiveness of most traditional defence techniques. While at the same time, the remarkable performance of the machine learning methods, especially deep learning, in computer vision, had garnered research interests from the cyber security community to further enhance and automate intrusion detections. However, the expensive data labeling and limitation of anomalous data make it challenging to train an intrusion detector in a fully supervised manner. Therefore, intrusion detection based on unsupervised anomaly detection is an important feature too. In this paper, we propose a three-stage deep learning anomaly detection based network intrusion attack detection framework. The framework comprises an integration of unsupervised (K-means clustering), semi-supervised (GANomaly) and supervised learning (CNN) algorithms. We then evaluated and showed the performance of our implemented framework on three benchmark datasets: NSL-KDD, CIC-IDS2018, and TON_IoT.

Ishaan Shivhare,Joy Purohit,Vinay Jogani,Samina Attari,Dr. Madhav Chandane

DOI: https://doi.org/10.48550/arXiv.2306.07601

2023-06-13

Cryptography and Security

Abstract:Network intrusions are a significant problem in all industries today. A critical part of the solution is being able to effectively detect intrusions. With recent advances in artificial intelligence, current research has begun adopting deep learning approaches for intrusion detection. Current approaches for multi-class intrusion detection include the use of a deep neural network. However, it fails to take into account spatial relationships between the data objects and long term dependencies present in the dataset. The paper proposes a novel architecture to combat intrusion detection that has a Convolutional Neural Network (CNN) module, along with a Long Short Term Memory(LSTM) module and with a Support Vector Machine (SVM) classification function. The analysis is followed by a comparison of both conventional machine learning techniques and deep learning methodologies, which highlights areas that could be further explored.

Safi Ullah,Jawad Ahmad,Muazzam A. Khan,Eman H. Alkhammash,Myriam Hadjouni,Yazeed Yasin Ghadi,Faisal Saeed,Nikolaos Pitropakis

DOI: https://doi.org/10.3390/s22103607

IF: 3.9

2022-05-11

Sensors

Abstract:The Internet of Things (IoT) is a widely used technology in automated network systems across the world. The impact of the IoT on different industries has occurred in recent years. Many IoT nodes collect, store, and process personal data, which is an ideal target for attackers. Several researchers have worked on this problem and have presented many intrusion detection systems (IDSs). The existing system has difficulties in improving performance and identifying subcategories of cyberattacks. This paper proposes a deep-convolutional-neural-network (DCNN)-based IDS. A DCNN consists of two convolutional layers and three fully connected dense layers. The proposed model aims to improve performance and reduce computational power. Experiments were conducted utilizing the IoTID20 dataset. The performance analysis of the proposed model was carried out with several metrics, such as accuracy, precision, recall, and F1-score. A number of optimization techniques were applied to the proposed model in which Adam, AdaMax, and Nadam performance was optimum. In addition, the proposed model was compared with various advanced deep learning (DL) and traditional machine learning (ML) techniques. All experimental analysis indicates that the accuracy of the proposed approach is high and more robust than existing DL-based algorithms.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Roy, Kaushik,Kelly, John,Olusola, Odeyomi

DOI: https://doi.org/10.1007/s43926-023-00034-5

2023-05-31

Discover Internet of Things

Abstract:Internet-of-Things (IoT) connects various physical objects through the Internet and it has a wide application, such as in transportation, military, healthcare, agriculture, and many more. Those applications are increasingly popular because they address real-time problems. In contrast, the use of transmission and communication protocols has raised serious security concerns for IoT devices, and traditional methods such as signature and rule-based methods are inefficient for securing these devices. Hence, identifying network traffic behavior and mitigating cyber attacks are important in IoT to provide guaranteed network security. Therefore, we develop an Intrusion Detection System (IDS) based on a deep learning model called Pearson-Correlation Coefficient - Convolutional Neural Networks (PCC-CNN) to detect network anomalies. The PCC-CNN model combines the important features obtained from the linear-based extractions followed by the Convolutional Neural Network. It performs a binary classification for anomaly detection and also a multiclass classification for various types of attacks. The model is evaluated on three publicly available datasets: NSL-KDD, CICIDS-2017, and IOTID20. We first train and test five different (Logistic Regression, Linear Discriminant Analysis, K Nearest Neighbour, Classification and Regression Tree,& Support Vector Machine) PCC-based Machine Learning models to evaluate the model performance. We achieve the best similar accuracy from the KNN and CART model of 98%, 99%, and 98%, respectively, on the three datasets. On the other hand, we achieve a promising performance with a better detection accuracy of 99.89% and with a low misclassification rate of 0.001 with our proposed PCC-CNN model. The integrated model is promising, with a misclassification rate (or False alarm rate) of 0.02, 0.02, and 0.00 with Binary and Multiclass intrusion detection classifiers. Finally, we compare and discuss our PCC-CNN model in comparison to five traditional PCC-ML models. Our proposed Deep Learning (DL)-based IDS outperforms traditional methods.

Liang Zhang,Chengxin Xu

DOI: https://doi.org/10.1109/icaibd55127.2022.9820384

2022-01-01

Abstract:With the rapid development of the Internet, the network security situation has become increasingly severe. Attackers around the world have caused thousands of economic losses to government and enterprises. Novel attack methods have brought huge challenges to traditional intrusion detection systems. This paper proposes an intrusion detection model based on deep learning. First it uses the Sigmoid pigeon optimization algorithm(SPIO) to select the features of the data samples, then uses a Three-layer convolutional neural network trains and validates the dataset. The model is tested on NSL-KDD dataset. Experimental results show that this model has a higher accuracy rate than the existing traditional detection models.

Salwa Elsayed,Khalil Mohamed,Mohamed Ashraf Madkour

DOI: https://doi.org/10.1109/access.2024.3389096

IF: 3.9

2024-05-03

IEEE Access

Abstract:This study introduces a deep learning approach for network intrusion detection (NIDS), which excels in both binary and multi-classification tasks. This approach combines the strengths of six distinct deep learning algorithms: DNN, CNN, RNN, LSTM, GRU, and a Hybrid CNN-LSTM architecture. The NSL-KDD dataset, a widely recognized benchmark for intrusion detection research, was utilized for implementation and evaluation. In binary classification, the approach demonstrates exceptional capabilities, with the GRU approach outperforming others. Similarly, the DNN, LSTM, CNN, and RNN approaches exhibit robust performance, showcasing their efficacy in detecting anomalies within network data. In the multi-classification setting, the DNN approach stands out with outstanding performance. While other approaches, including RNN, CNN, LSTM, GRU, and the Hybrid CNN-LSTM approach, also maintain commendable results, the DNN approach proves to be the most effective in handling complex network patterns. This research provides valuable insights into the application of deep learning approaches using the NSL-KDD dataset for network anomaly detection, emphasizing their versatility and reliability across different classification scenarios. The findings lay the groundwork for further exploration and utilization of deep learning methodologies in enhancing network security.

computer science, information systems,telecommunications,engineering, electrical & electronic