Haonan Peng,Chunming Wu,Yanfeng Xiao

DOI: https://doi.org/10.3390/app132111629

2023-01-01

Applied Sciences

Abstract:The importance of network security has become increasingly prominent due to the rapid development of network technology. Network intrusion detection systems (NIDSs) play a crucial role in safeguarding networks from malicious attacks and intrusions. However, the issue of class imbalance in the dataset presents a significant challenge to NIDSs. In order to address this concern, this paper proposes a new NIDS called CBF-IDS, which combines convolutional neural networks (CNNs) and bidirectional long short-term memory networks (BiLSTMs) while employing the focal loss function. By utilizing CBF-IDS, spatial and temporal features can be extracted from network traffic. Moreover, during model training, CBF-IDS applies the focal loss function to give more weight to minority class samples, thereby mitigating the impact of class imbalance on model performance. In order to evaluate the effectiveness of CBF-IDS, experiments were conducted on three benchmark datasets: NSL-KDD, UNSW-NB15, and CIC-IDS2017. The experimental results demonstrate that CBF-IDS outperforms other classification models, achieving superior detection performance.

Feng Cui,Mingdi Xu,Bo Xie,Chaoyang Jin,Zhengxiao Li,Haipeng Fan

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603260

2024-04-19

Abstract:Intrusion Detection Systems (IDS) play a crucial role in safeguarding network security perimeters by monitoring network traffic and system behavior in real time. The advent of deep learning, particularly through the application of Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks, has significantly enhanced IDS's ability to detect network threats by leveraging autonomous learning and generalization capabilities. However, deep learning-based IDSs encounter challenges, including the necessity for extensive data labeling and the computational resources required, which pose obstacles to their widespread adoption and effectiveness. Nonetheless, deep learning-based IDS encounter challenges, including the requirement for extensive labeled datasets and significant computational resources. This paper proposes a novel hybrid IDS framework — HDCBAN that integrates deep convolutional neural networks, bidirectional LSTM networks, and the AlexNet model to efficiently predict and classify malicious network activities. The HDCBAN model employs deep CNNs to capture local features through convolution, bidirectional LSTMs to seize temporal features for enhanced performance and prediction capabilities, and AlexNet to augment classification efficacy through feature extraction. The effectiveness of this hybrid approach was assessed using real-world datasets, including the publicly available CSE-CIC-IDS 2017, CSE-CIC-IDS 2018, and NSL-KDD datasets, with preprocessing to optimize model performance. Experimental results, validated through 10-fold cross-validation, reveal that our model achieves a malicious attack detection rate and accuracy of up to 99.88% for CSE-CIC-IDS and 99.93% for NSL-KDD, thereby outperforming existing models in detection rate, accuracy, and reducing false positives.

Computer Science,Engineering

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Muhammad Basit Umair,Zeshan Iqbal,Muhammad Ahmad Faraz,Muhammad Attique Khan,Yu-Dong Zhang,Navid Razmjooy,Sefedine Kadry

DOI: https://doi.org/10.1089/big.2021.0268

IF: 4.426

2022-06-16

Big Data

Abstract:An intrusion detection system (IDS) is designed to detect and analyze network traffic for suspicious activity. Several methods have been introduced in the literature for IDSs; however, due to a large amount of data, these models have failed to achieve high accuracy. A statistical approach is proposed in this research due to the unsatisfactory results of traditional intrusion detection methods. The features are extracted and selected using a multilayer convolutional neural network, and a softmax classifier is employed to classify the network intrusions. To perform further analysis, a multilayer deep neural network is also applied to classify network intrusions. Furthermore, the experiments are performed using two commonly used benchmark intrusion detection datasets: NSL-KDD and KDDCUP'99. The performance of the proposed model is evaluated using four performance metrics: accuracy, recall, F1-score, and precision. The experimental results show that the proposed approach achieved better accuracy (99%) compared with other IDSs.

computer science, theory & methods, interdisciplinary applications

Pengfei Sun,Pengju Liu,Qi Li,Chenxi Liu,Xiangling Lu,Ruochen Hao,Jinpeng Chen

DOI: https://doi.org/10.1155/2020/8890306

IF: 1.968

2020-08-28

Security and Communication Networks

Abstract:Many studies utilized machine learning schemes to improve network intrusion detection systems recently. Most of the research is based on manually extracted features, but this approach not only requires a lot of labor costs but also loses a lot of information in the original data, resulting in low judgment accuracy and cannot be deployed in actual situations. This paper develops a DL-IDS (deep learning-based intrusion detection system), which uses the hybrid network of Convolutional Neural Network (CNN) and Long Short-Term Memory Network (LSTM) to extract the spatial and temporal features of network traffic data and to provide a better intrusion detection system. To reduce the influence of an unbalanced number of samples of different attack types in model training samples on model performance, DL-IDS used a category weight optimization method to improve the robustness. Finally, DL-IDS is tested on CICIDS2017, a reliable intrusion detection dataset that covers all the common, updated intrusions and cyberattacks. In the multiclassification test, DL-IDS reached 98.67% in overall accuracy, and the accuracy of each attack type was above 99.50%.

computer science, information systems,telecommunications

Geetha T V,Deepa A J,Mary Linda M

DOI: https://doi.org/10.1007/s10489-024-05505-y

IF: 5.3

2024-05-25

Applied Intelligence

Abstract:The Intrusion Detection System (IDS) distinguishes the harmful entries from the normal ones in network traffic data and aids in network security. Due to the emergence of new and unknown network-connected devices, a lot of modern systems were penetrated. As a result, it is critical to improve information security and to detect new cyber-attacks exploiting various application protocols such as Hyper Text Transfer Protocol (HTTP) and Domain Name System (DNS). Therefore, this paper introduced an Optimized Bidirectional Convolutional Neural Network and Long-Short term Memory (OBCLSTM) method to detect whether the protocol HTTP and DNS is attacked or not. Initially, the records are fed to data normalization and data encoding. After pre-processing, the vectors are fed to the OBCLSTM model. The Bidirectional Channel Pooling (BiCP) layer is used to learn behavior-based features (which show interactions among hosts based on ports, destinations and behavior) and flow-based features (which identify basic flows, such as IP addresses of source-destination and ports), which improves the accuracy of detecting malicious attacks. In the OBCLSTM model, the best hyper parameter configuration for Convolutional Neural Network (CNN) to learn features is tuned using Enhanced Red Fox Optimization (ERFO). Then, bidirectional long short-term memory (BiLSTM) is used to extract features in the time domain and has the ability to preserve the long-term of the information from historical context, allowing attackers to be detected early before causing widespread damage to networks. Finally, the fully connected layer utilizes these features to classify the network data as attacks (types of attacks) or normal. Tests are conducted on the NSL - KDD99, TUIDS, UNSW-NB15 and BoT-IoT datasets. The proposed OBCLSTM method attains better performance in terms of precision, accuracy, recall, and F-measure.

computer science, artificial intelligence

Asmaa Halbouni,Teddy Surya Gunawan,Mohamed Hadi Habaebi,Murad Halbouni,Mira Kartiwi,Robiah Ahmad

DOI: https://doi.org/10.1109/access.2022.3206425

IF: 3.9

2022-09-30

IEEE Access

Abstract:Network security becomes indispensable to our daily interactions and networks. As attackers continue to develop new types of attacks and the size of networks continues to grow, the need for an effective intrusion detection system has become critical. Numerous studies implemented machine learning algorithms to develop an effective IDS; however, with the advent of deep learning algorithms and artificial neural networks that can generate features automatically without human intervention, researchers began to rely on deep learning. In our research, we took advantage of the Convolutional Neural Network's ability to extract spatial features and the Long Short-Term Memory Network's ability to extract temporal features to create a hybrid intrusion detection system model. We added batch normalization and dropout layers to the model to increase its performance. Based on the binary and multiclass classification, the model was trained using three datasets: CIC-IDS 2017, UNSW-NB15, and WSN-DS. The confusion matrix determines the system's effectiveness, which includes evaluation criteria such as accuracy, precision, detection rate, F1-score, and false alarm rate (FAR). The effectiveness of the proposed model was demonstrated by experimental results showing a high detection rate, high accuracy, and a relatively low FAR.

Congyuan Xu,Jizhong Shen,Xin Du,Fan Zhang

DOI: https://doi.org/10.1109/access.2018.2867564

IF: 3.9

2018-01-01

IEEE Access

Abstract:To improve the performance of network intrusion detection systems (IDS), we applied deep learning theory to intrusion detection and developed a deep network model with automatic feature extraction. In this paper, we consider the characteristics of the time-related intrusion and propose a novel IDS that consists of a recurrent neural network with gated recurrent units (GRU), multilayer perceptron (MLP), and softmax module. Experiments on the well-known KDD 99 and NSL-KDD data sets show that the system has leading performance. The overall detection rate was 99.42% using KDD 99 and 99.31% using NSL-KDD with false positive rates as low as 0.05% and 0.84%, respectively. In particular, for detecting the denial of service attacks, the system achieved detection rates of 99.98% and 99.55%, respectively. Comparative experiments showed that the GRU is more suitable as a memory unit for IDS than LSTM, and proved that it is an effective simplification and improvement of LSTM. Moreover, the bidirectional GRU can reach the best performance compared with the recently published methods.

Ke Cao,Jinqi Zhu,Weijia Feng,Chunmei Ma,Ming Liu,Tian Du

DOI: https://doi.org/10.1109/iwcmc51323.2021.9498652

2021-01-01

Abstract:With the rapid development of the Internet of Things (IoT), the continuous emergence of cyberattacks have brought great threat to the security of the network. Intrusion Detection System (IDS) which can identify malicious network attacks has become a strong tool to ensure network security. Many deep learning-based approaches have been used in IDS. However, most of these researches ignore the internal structural characteristics of the network traffic, and cannot accurately learn the key features of the malicious traffic. Thus, they have a low accuracy in classifying different kinds of network attacks. In this paper, we build an intrusion detection model DAL (Dense-Attention-LSTM, DAL), in which dense dilated convolutions is used to extract the underlying features of the network traffic. Then, attention mechanism is utilized to capture key features which represent the structural characteristics of traffic data. Moreover, CuDNN-based long short-term memory network is used to learn time-related information of the traffic while accelerating the convergence of the model. Finally, global maxpooling is adopted to compress data and to improve the generalization capabilities of the proposed model. Experimental results on UNSW-NB15 dataset show that the binary classification accuracy of the proposed model is up to 92.65%. Further, it can also identify various attacks with the accuracy of 81.28%. The performance of our model is better than some competing machine learning methods and some deep learning methods. We published our code at https://github.co-m/cKiNg37/IDS-model-DAL.

S. Kanumalli,L. K,Rajeswari A,Tejaswi M,Samyuktha P

DOI: https://doi.org/10.1109/ICAIS56108.2023.10073719

2023-02-02

Abstract:As cloud technologies are used more frequently, network intrusion detection systems are becoming increasingly well-liked. Due to ever-increasing network traffic and the regular emergence of new types of assaults, Network Intrusion Detection (NIDS) came into existence as a key aspect of network security and must be extremely effective. These kind of IDS systems employ either an anomaly detection system based on machine learning or a system for matching patterns. The False Positive Rate for pattern matching approaches is high, but AI/ML-based systems determine the possibility of an attack by identifying a metric or characteristic or a connection between a number of metrics or characteristics. The most popular models include KNN, SVM, and others, they only work on a small range of traits, are not very accurate, and have a high False Positive Rate. This study created a deep learning system to learn the temporal and spatial data properties using the advantages of CNN and Bidirectional LSTM. The system present in this paper is trained and analyzed using the openly available dataset NSL-KDD. The proposed model has a high rate of detection and a low incidence of false positives. A lot of cutting-edge Network Intrusion Detection systems that use Machine Learning/Deep Learning models perform better than the suggested model.

Engineering,Computer Science

Noor Wali Khan,Mohammed S Alshehri,Muazzam A Khan,Sultan Almakdi,Naghmeh Moradpoor,Abdulwahab Alazeb,Safi Ullah,Naila Naz,Jawad Ahmad

DOI: https://doi.org/10.3934/mbe.2023602

2023-06-13

Abstract:The Internet of Things (IoT) is a rapidly evolving technology with a wide range of potential applications, but the security of IoT networks remains a major concern. The existing system needs improvement in detecting intrusions in IoT networks. Several researchers have focused on intrusion detection systems (IDS) that address only one layer of the three-layered IoT architecture, which limits their effectiveness in detecting attacks across the entire network. To address these limitations, this paper proposes an intelligent IDS for IoT networks based on deep learning algorithms. The proposed model consists of a recurrent neural network and gated recurrent units (RNN-GRU), which can classify attacks across the physical, network, and application layers. The proposed model is trained and tested using the ToN-IoT dataset, specifically collected for a three-layered IoT system, and includes new types of attacks compared to other publicly available datasets. The performance analysis of the proposed model was carried out by a number of evaluation metrics such as accuracy, precision, recall, and F1-measure. Two optimization techniques, Adam and Adamax, were applied in the evaluation process of the model, and the Adam performance was found to be optimal. Moreover, the proposed model was compared with various advanced deep learning (DL) and traditional machine learning (ML) techniques. The results show that the proposed system achieves an accuracy of 99% for network flow datasets and 98% for application layer datasets, demonstrating its superiority over previous IDS models.

Niraj Thapa,Zhipeng Liu,B. KC Dukka,Balakrishna Gokaraju,Kaushik Roy,Dukka B. KC

DOI: https://doi.org/10.3390/fi12100167

2020-09-30

Future Internet

Abstract:The development of robust anomaly-based network detection systems, which are preferred over static signal-based network intrusion, is vital for cybersecurity. The development of a flexible and dynamic security system is required to tackle the new attacks. Current intrusion detection systems (IDSs) suffer to attain both the high detection rate and low false alarm rate. To address this issue, in this paper, we propose an IDS using different machine learning (ML) and deep learning (DL) models. This paper presents a comparative analysis of different ML models and DL models on Coburg intrusion detection datasets (CIDDSs). First, we compare different ML- and DL-based models on the CIDDS dataset. Second, we propose an ensemble model that combines the best ML and DL models to achieve high-performance metrics. Finally, we benchmarked our best models with the CIC-IDS2017 dataset and compared them with state-of-the-art models. While the popular IDS datasets like KDD99 and NSL-KDD fail to represent the recent attacks and suffer from network biases, CIDDS, used in this research, encompasses labeled flow-based data in a simulated office environment with both updated attacks and normal usage. Furthermore, both accuracy and interpretability must be considered while implementing AI models. Both ML and DL models achieved an accuracy of 99% on the CIDDS dataset with a high detection rate, low false alarm rate, and relatively low training costs. Feature importance was also studied using the Classification and regression tree (CART) model. Our models performed well in 10-fold cross-validation and independent testing. CART and convolutional neural network (CNN) with embedding achieved slightly better performance on the CIC-IDS2017 dataset compared to previous models. Together, these results suggest that both ML and DL methods are robust and complementary techniques as an effective network intrusion detection system.

Jay Sinha,M. Manollas

DOI: https://doi.org/10.1145/3430199.3430224

2020-06-26

Abstract:The need for Network Intrusion Detection systems has risen since usage of cloud technologies has become mainstream. With the ever growing network traffic, Network Intrusion Detection is a critical part of network security and a very efficient NIDS is a must, given new variety of attack arises frequently. These Intrusion Detection systems are built on either a pattern matching system or AI/ML based anomaly detection system. Pattern matching methods usually have a high False Positive Rates whereas the AI/ML based method, relies on finding metric/feature or correlation between set of metrics/features to predict the possibility of an attack. The most common of these is KNN, SVM etc., operate on a limited set of features and have less accuracy and still suffer from higher False Positive Rates. In this paper, we propose a deep learning model combining the distinct strengths of a Convolutional Neural Network and a Bi-directional LSTM to incorporate learning of spatial and temporal features of the data. For this paper, we use publicly available datasets NSL-KDD and UNSW-NB15 to train and test the model. The proposed model offers a high detection rate and comparatively lower False Positive Rate. The proposed model performs better than many state-of-the-art Network Intrusion Detection systems leveraging Machine Learning/Deep Learning models.

Yakubu Imrana,Yanping Xiang,Liaqat Ali,Zaharawu Abdul-Rauf

DOI: https://doi.org/10.1016/j.eswa.2021.115524

IF: 8.5

2021-01-01

Expert Systems with Applications

Abstract:The rise in computer networks and internet attacks has become alarming for most service providers. It has triggered the need for the development and implementation of intrusion detection systems (IDSs) to help prevent and or mitigate the challenges posed by network intruders. Over the years, intrusion detection systems have played and continue to play a very significant role in spotting network attacks and anomalies. Numerous researchers around the globe have proposed many IDSs to combat the threat of network invaders. However, most of the previously proposed IDSs have high rates of raising false alarms. Additionally, most existing models suffer the difficulty of detecting the different attack types, especially User-to-Root (U2R) and Remote-to-Local (R2L) attacks. These two types of attacks often appear to have lower detection accuracy for the existing models. Hence, in this paper, we propose a bidirectional Long-Short-Term-Memory (BiDLSTM) based intrusion detection system to handle the challenges mentioned above. To train and measure our model's performance, we use the NSL-KDD dataset, a benchmark dataset for most IDSs. Experimental results show and validate the effectiveness of the BiDLSTM approach. It outperforms conventional LSTM and other state-of-the-art models in terms of accuracy, precision, recall, and F-score values. It also has a much more reduced false alarm rate than the existing models. Furthermore, the BiDLSTM model achieves a higher detection accuracy for U2R and R2L attacks than the conventional LSTM.

Kai Jin,Lei Zhang,Yujie Zhang,Duo Sun,Xiaoyuan Zheng

DOI: https://doi.org/10.3390/electronics12204329

IF: 2.9

2023-10-19

Electronics

Abstract:The current mainstream intrusion detection models often have a high false negative rate, significantly affecting intrusion detection systems' (IDSs) practicability. To address this issue, we propose an intrusion detection model based on a multi-scale one-dimensional convolutional neural network module (MS1DCNN), an efficient channel attention module (ECA), and two bidirectional long short-term memory modules (BiLSTMs). The proposed hybrid MS1DCNN-ECA-BiLSTM model uses the MS1DCNN module to extract features with a different granularity from the input data and uses the ECA module to enhance the weight of important features. Finally, the model carries out sequence learning through two BiLSTM layers. We use the dung beetle optimizer (DBO) to optimize the hyperparameters in the model to obtain better classification results. Additionally, we use the synthetic minority oversampling technique (SMOTE) to fill several samples to reduce the local false negative rate. In this paper, we train and test the model using accurate network data from a water storage industrial control system. In the multi-classification experiment, the model's accuracy was 97.04%, the precision was 97.17%, and the false negative rate was 2.95%; in the binary classification experiment, the accuracy and false negative rate were 99.30% and 0.7%. Compared with other mainstream methods, our model has a higher score. This study provides a new algorithm for the intrusion detection of industrial control systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Arshad Hashmi,Omar M Barukab,Ahmad Hamza Osman

DOI: https://doi.org/10.1371/journal.pone.0302294

IF: 3.7

2024-05-23

PLoS ONE

Abstract:Due to the recent advances in the Internet and communication technologies, network systems and data have evolved rapidly. The emergence of new attacks jeopardizes network security and make it really challenging to detect intrusions. Multiple network attacks by an intruder are unavoidable. Our research targets the critical issue of class imbalance in intrusion detection, a reflection of the real-world scenario where legitimate network activities significantly out number malicious ones. This imbalance can adversely affect the learning process of predictive models, often resulting in high false-negative rates, a major concern in Intrusion Detection Systems (IDS). By focusing on datasets with this imbalance, we aim to develop and refine advanced algorithms and techniques, such as anomaly detection, cost-sensitive learning, and oversampling methods, to effectively handle such disparities. The primary goal is to create models that are highly sensitive to intrusions while minimizing false alarms, an essential aspect of effective IDS. This approach is not only practical for real-world applications but also enhances the theoretical understanding of managing class imbalance in machine learning. Our research, by addressing these significant challenges, is positioned to make substantial contributions to cybersecurity, providing valuable insights and applicable solutions in the fight against digital threats and ensuring robustness and relevance in IDS development. An intrusion detection system (IDS) checks network traffic for security, availability, and being non-shared. Despite the efforts of many researchers, contemporary IDSs still need to further improve detection accuracy, reduce false alarms, and detect new intrusions. The mean convolutional layer (MCL), feature-weighted attention (FWA) learning, a bidirectional long short-term memory (BILSTM) network, and the random forest algorithm are all parts of our unique hybrid model called MCL-FWA-BILSTM. The CNN-MCL layer for feature extraction receives data after preprocessing. After convolution, pooling, and flattening phases, feature vectors are obtained. The BI-LSTM and self-attention feature weights are used in the suggested method to mitigate the effects of class imbalance. The attention layer and the BI-LSTM features are concatenated to create mapped features before feeding them to the random forest algorithm for classification. Our methodology and model performance were validated using NSL-KDD and UNSW-NB-15, two widely available IDS datasets. The suggested model's accuracies on binary and multi-class classification tasks using the NSL-KDD dataset are 99.67% and 99.88%, respectively. The model's binary and multi-class classification accuracies on the UNSW-NB15 dataset are 99.56% and 99.45%, respectively. Further, we compared the suggested approach with other previous machine learning and deep learning models and found it to outperform them in detection rate, FPR, and F-score. For both binary and multiclass classifications, the proposed method reduces false positives while increasing the number of true positives. The model proficiently identifies diverse network intrusions on computer networks and accomplishes its intended purpose. The suggested model will be helpful in a variety of network security research fields and applications.

Chia-Ming Hsu,Muhammad Zulfan Azhari,He-Yen Hsieh,Setya Widyawan Prakosa,Jenq-Shiou Leu

DOI: https://doi.org/10.1007/s11036-020-01623-2

2020-07-21

Mobile Networks and Applications

Abstract:The intrusion detection system (IDS) is a crucial part in the network administration system to detect some types of cyber attack. IDS is categorized as a classifying machine thus it is likely to engage with the machine learning schemes. Many studies have demonstrated how to apply machine learning schemes to IDS even though they cannot provide optimum results. To tackle this issue, deep learning schemes can be considered as the solution due to its achievement in several fields. Therefore, in this study, we propose a deep learning model which is constructed based on convolutional neural network (CNN) layers and using Long-Short Term Memory (LSTM) layers called CNN-LSTM to classify every single traffic network. We use NSL-KDD dataset as the benchmark thus we can compare the performance of our proposed method with other existing works. This dataset includes two testing sets which are the first one is <i>K</i><i>D</i><i>D</i><i>T</i><i>e</i><i>s</i><i>t</i>⁺ while the second one is <i>K</i><i>D</i><i>D</i><i>T</i><i>e</i><i>s</i><i>t</i>^− 21 which is more difficult to be classified. The results show that our proposed method outperforms other existing works.

computer science, information systems,telecommunications, hardware & architecture

Yanfang Fu,Yishuai Du,Zijian Cao,Qiang Li,Wei Xiang

DOI: https://doi.org/10.3390/electronics11060898

IF: 2.9

2022-03-14

Electronics

Abstract:With an increase in the number and types of network attacks, traditional firewalls and data encryption methods can no longer meet the needs of current network security. As a result, intrusion detection systems have been proposed to deal with network threats. The current mainstream intrusion detection algorithms are aided with machine learning but have problems of low detection rates and the need for extensive feature engineering. To address the issue of low detection accuracy, this paper proposes a model for traffic anomaly detection named a deep learning model for network intrusion detection (DLNID), which combines an attention mechanism and the bidirectional long short-term memory (Bi-LSTM) network, first extracting sequence features of data traffic through a convolutional neural network (CNN) network, then reassigning the weights of each channel through the attention mechanism, and finally using Bi-LSTM to learn the network of sequence features. In intrusion detection public data sets, there are serious imbalance data generally. To address data imbalance issues, this paper employs the method of adaptive synthetic sampling (ADASYN) for sample expansion of minority class samples, to eventually form a relatively symmetric dataset, and uses a modified stacked autoencoder for data dimensionality reduction with the objective of enhancing information fusion. DLNID is an end-to-end model, so it does not need to undergo the process of manual feature extraction. After being tested on the public benchmark dataset on network intrusion detection NSL-KDD, experimental results show that the accuracy and F1 score of this model are better than those of other comparison methods, reaching 90.73% and 89.65%, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Salwa Elsayed,Khalil Mohamed,Mohamed Ashraf Madkour

DOI: https://doi.org/10.1109/access.2024.3389096

IF: 3.9

2024-05-03

IEEE Access

Abstract:This study introduces a deep learning approach for network intrusion detection (NIDS), which excels in both binary and multi-classification tasks. This approach combines the strengths of six distinct deep learning algorithms: DNN, CNN, RNN, LSTM, GRU, and a Hybrid CNN-LSTM architecture. The NSL-KDD dataset, a widely recognized benchmark for intrusion detection research, was utilized for implementation and evaluation. In binary classification, the approach demonstrates exceptional capabilities, with the GRU approach outperforming others. Similarly, the DNN, LSTM, CNN, and RNN approaches exhibit robust performance, showcasing their efficacy in detecting anomalies within network data. In the multi-classification setting, the DNN approach stands out with outstanding performance. While other approaches, including RNN, CNN, LSTM, GRU, and the Hybrid CNN-LSTM approach, also maintain commendable results, the DNN approach proves to be the most effective in handling complex network patterns. This research provides valuable insights into the application of deep learning approaches using the NSL-KDD dataset for network anomaly detection, emphasizing their versatility and reliability across different classification scenarios. The findings lay the groundwork for further exploration and utilization of deep learning methodologies in enhancing network security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chao Liu,Zhaojun Gu,Jialiang Wang

DOI: https://doi.org/10.1109/access.2021.3082147

IF: 3.9

2021-01-01

IEEE Access

Abstract:Digital assets have come under various network security threats in the digital age. As a kind of security equipment to protect digital assets, intrusion detection system (IDS) is less efficient if the alert is not timely and IDS is useless if the accuracy cannot meet the requirements. Therefore, an intrusion detection model that combines machine learning with deep learning is proposed in this paper. The model uses the k-means and the random forest (RF) algorithms for the binary classification, and distributed computing of these algorithms is implemented on the Spark platform to quickly classify normal events and attack events. Then, by using the convolutional neural network (CNN), long short-term memory (LSTM), and other deep learning algorithms, the events judged as abnormal are further classified into different attack types finally. At this stage, adaptive synthetic sampling (ADASYN) is adopted to solve the unbalanced dataset. The NSL-KDD and CIS-IDS2017 datasets are used to evaluate the performance of the proposed model. The experimental results show that the proposed model has better TPR for most of attack events, faster data preprocessing speed, and potentially less training time. In particular, the accuracy of multi-target classification can reach as high as 85.24% in the NSL-KDD dataset and 99.91% in the CIC-IDS2017 dataset.

computer science, information systems,telecommunications,engineering, electrical & electronic