Siva Surya Narayana Chintapalli,Satya Prakash Singh,Jaroslav Frnda,Parameshachari Bidare Divakarachari,Vijaya Lakshmi Sarraju,Przemysław Falkowski-Gilski

DOI: https://doi.org/10.1016/j.heliyon.2024.e29410

IF: 3.776

2024-04-13

Heliyon

Abstract:Currently, the Internet of Things (IoT) generates a huge amount of traffic data in communication and information technology. The diversification and integration of IoT applications and terminals make IoT vulnerable to intrusion attacks. Therefore, it is necessary to develop an efficient Intrusion Detection System (IDS) that guarantees the reliability, integrity, and security of IoT systems. The detection of intrusion is considered a challenging task because of inappropriate features existing in the input data and the slow training process. In order to address these issues, an effective meta heuristic based feature selection and deep learning techniques are developed for enhancing the IDS. The Osprey Optimization Algorithm (OOA) based feature selection is proposed for selecting the highly informative features from the input which leads to an effective differentiation among the normal and attack traffic of network. Moreover, the traditional sigmoid and tangent activation functions are replaced with the Exponential Linear Unit (ELU) activation function to propose the modified Bi-directional Long Short Term Memory (Bi-LSTM). The modified Bi-LSTM is used for classifying the types of intrusion attacks. The ELU activation function makes gradients extremely large during back-propagation and leads to faster learning. This research is analysed in three different datasets such as N-BaIoT, Canadian Institute for Cybersecurity Intrusion Detection Dataset 2017 (CICIDS-2017), and ToN-IoT datasets. The empirical investigation states that the proposed framework obtains impressive detection accuracy of 99.98 %, 99.97 % and 99.88 % on the N-BaIoT, CICIDS-2017, and ToN-IoT datasets, respectively. Compared to peer frameworks, this framework obtains high detection accuracy with better interpretability and reduced processing time.

S. Kanumalli,L. K,Rajeswari A,Tejaswi M,Samyuktha P

DOI: https://doi.org/10.1109/ICAIS56108.2023.10073719

2023-02-02

Abstract:As cloud technologies are used more frequently, network intrusion detection systems are becoming increasingly well-liked. Due to ever-increasing network traffic and the regular emergence of new types of assaults, Network Intrusion Detection (NIDS) came into existence as a key aspect of network security and must be extremely effective. These kind of IDS systems employ either an anomaly detection system based on machine learning or a system for matching patterns. The False Positive Rate for pattern matching approaches is high, but AI/ML-based systems determine the possibility of an attack by identifying a metric or characteristic or a connection between a number of metrics or characteristics. The most popular models include KNN, SVM, and others, they only work on a small range of traits, are not very accurate, and have a high False Positive Rate. This study created a deep learning system to learn the temporal and spatial data properties using the advantages of CNN and Bidirectional LSTM. The system present in this paper is trained and analyzed using the openly available dataset NSL-KDD. The proposed model has a high rate of detection and a low incidence of false positives. A lot of cutting-edge Network Intrusion Detection systems that use Machine Learning/Deep Learning models perform better than the suggested model.

Engineering,Computer Science

Arshad Hashmi,Omar M Barukab,Ahmad Hamza Osman

DOI: https://doi.org/10.1371/journal.pone.0302294

IF: 3.7

2024-05-23

PLoS ONE

Abstract:Due to the recent advances in the Internet and communication technologies, network systems and data have evolved rapidly. The emergence of new attacks jeopardizes network security and make it really challenging to detect intrusions. Multiple network attacks by an intruder are unavoidable. Our research targets the critical issue of class imbalance in intrusion detection, a reflection of the real-world scenario where legitimate network activities significantly out number malicious ones. This imbalance can adversely affect the learning process of predictive models, often resulting in high false-negative rates, a major concern in Intrusion Detection Systems (IDS). By focusing on datasets with this imbalance, we aim to develop and refine advanced algorithms and techniques, such as anomaly detection, cost-sensitive learning, and oversampling methods, to effectively handle such disparities. The primary goal is to create models that are highly sensitive to intrusions while minimizing false alarms, an essential aspect of effective IDS. This approach is not only practical for real-world applications but also enhances the theoretical understanding of managing class imbalance in machine learning. Our research, by addressing these significant challenges, is positioned to make substantial contributions to cybersecurity, providing valuable insights and applicable solutions in the fight against digital threats and ensuring robustness and relevance in IDS development. An intrusion detection system (IDS) checks network traffic for security, availability, and being non-shared. Despite the efforts of many researchers, contemporary IDSs still need to further improve detection accuracy, reduce false alarms, and detect new intrusions. The mean convolutional layer (MCL), feature-weighted attention (FWA) learning, a bidirectional long short-term memory (BILSTM) network, and the random forest algorithm are all parts of our unique hybrid model called MCL-FWA-BILSTM. The CNN-MCL layer for feature extraction receives data after preprocessing. After convolution, pooling, and flattening phases, feature vectors are obtained. The BI-LSTM and self-attention feature weights are used in the suggested method to mitigate the effects of class imbalance. The attention layer and the BI-LSTM features are concatenated to create mapped features before feeding them to the random forest algorithm for classification. Our methodology and model performance were validated using NSL-KDD and UNSW-NB-15, two widely available IDS datasets. The suggested model's accuracies on binary and multi-class classification tasks using the NSL-KDD dataset are 99.67% and 99.88%, respectively. The model's binary and multi-class classification accuracies on the UNSW-NB15 dataset are 99.56% and 99.45%, respectively. Further, we compared the suggested approach with other previous machine learning and deep learning models and found it to outperform them in detection rate, FPR, and F-score. For both binary and multiclass classifications, the proposed method reduces false positives while increasing the number of true positives. The model proficiently identifies diverse network intrusions on computer networks and accomplishes its intended purpose. The suggested model will be helpful in a variety of network security research fields and applications.

Kanna, P. Rajesh,Santhi, P.

DOI: https://doi.org/10.1007/s11277-024-11607-0

IF: 2.017

2024-10-08

Wireless Personal Communications

Abstract:Recent advancements in information and communication technologies have led to a proliferation of online systems and services. To ensure these systems' trustworthiness and prevent cybersecurity threats, Intrusion Detection Systems (IDS) are essential. Therefore, developing advanced and intelligent IDS models has become crucial. However, most existing IDS models rely on traditional machine learning algorithms with shallow learning behaviours, resulting in less efficient feature selection and classification performance for new attacks. Another issue is that these approaches are either network-based or host-based, often leading to the detection module missing many known attacks. Additionally, they struggle to handle the massive amounts of network traffic data flexible and scalable due to high model complexity. To address these challenges, an efficient hybrid IDS model is introduced, utilizing a MapReduce-based Black Widow Optimized Convolutional-Long Short-Term Memory (BWO-CONV-LSTM) network. The first stage of this IDS model involves feature selection using the Artificial Bee Colony (ABC) algorithm. The second stage employs a hybrid deep learning classifier model of BWO-CONV-LSTM on a MapReduce framework for intrusion detection from system traffic data. The proposed BWO-CONV-LSTM network combines Convolutional and LSTM neural networks, with hyper-parameters optimized by BWO to achieve the ideal architecture. The BWO-CONV-LSTM-based IDS model performance evaluations were conducted on the NSL-KDD, ISCX-IDS, UNSWNB15, and CSE-CIC-IDS2018 datasets. The results show that the proposed model achieves high intrusion detection performance, with accuracy rates of 98.67%, 97.003%, 98.667%, and 98.25% for the NSL-KDD, ISCX-IDS, UNSWNB15, and CSE-CIC-IDS2018 datasets, respectively. It also demonstrates fewer false values, reduced computation time, and improved classification coefficients.

telecommunications

Ramkumar Devendiran,Anil V Turukmane

DOI: https://doi.org/10.1016/j.eswa.2023.123027

IF: 8.5

2024-01-13

Expert Systems with Applications

Abstract:Network intrusion is a huge harmful activity to the privacy of the data sharing network. The activity will result in a cyber-attack, which causes damage to the system as well as the user's data. Unauthorized activities such as data tampering, illegal access to data and theft of credentials are increasing on the internet world every day. The detection of intrusion may be done by multiple methodologies; still, it is the biggest issue in the networks. Hence, an automated attack classification model is required to promote classification accuracy with fewer error possibilities based on the input parameters. To get relief from the insecurity of data, this paper presents an innovative model using deep networks. The proposed model is a deep learning based network intrusion detection system using a chaotic optimization strategy . The method is pre-processed using data cleansing and M-squared normalization. After pre-processing, the unbalanced datasets are balanced using the Extended Synthetic Sampling approach. After balancing, the features of the dataset are taken out using kernel-assisted principal component analysis. The optimal features are selected by the Chaotic Honey Badger optimization algorithm . After all required features have been extracted, the attacks are classified by the Gated Attention Dual Long Short Term Memory (Dugat-LSTM). The above process is performed using the TON-IOT and NSL-KDD datasets. The prototype is evaluated using the following metrics: accuracy, precision, recall, and F1 score. The accuracy value of the proposed model is 98.76% in the TON-IOT dataset and 99.65% in the NSL-KDD dataset. Thus, the accuracy and robustness of the model show that it outperforms other existing models.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Jay Sinha,M. Manollas

DOI: https://doi.org/10.1145/3430199.3430224

2020-06-26

Abstract:The need for Network Intrusion Detection systems has risen since usage of cloud technologies has become mainstream. With the ever growing network traffic, Network Intrusion Detection is a critical part of network security and a very efficient NIDS is a must, given new variety of attack arises frequently. These Intrusion Detection systems are built on either a pattern matching system or AI/ML based anomaly detection system. Pattern matching methods usually have a high False Positive Rates whereas the AI/ML based method, relies on finding metric/feature or correlation between set of metrics/features to predict the possibility of an attack. The most common of these is KNN, SVM etc., operate on a limited set of features and have less accuracy and still suffer from higher False Positive Rates. In this paper, we propose a deep learning model combining the distinct strengths of a Convolutional Neural Network and a Bi-directional LSTM to incorporate learning of spatial and temporal features of the data. For this paper, we use publicly available datasets NSL-KDD and UNSW-NB15 to train and test the model. The proposed model offers a high detection rate and comparatively lower False Positive Rate. The proposed model performs better than many state-of-the-art Network Intrusion Detection systems leveraging Machine Learning/Deep Learning models.

S Sivamohan,S S Sridhar

DOI: https://doi.org/10.1007/s00521-023-08319-0

Abstract:Industry 4.0 enable novel business cases, such as client-specific production, real-time monitoring of process condition and progress, independent decision making and remote maintenance, to name a few. However, they are more susceptible to a broad range of cyber threats because of limited resources and heterogeneous nature. Such risks cause financial and reputational damages for businesses, well as the theft of sensitive information. The higher level of diversity in industrial network prevents the attackers from such attacks. Therefore, to efficiently detect the intrusions, a novel intrusion detection system known as Bidirectional Long Short-Term Memory based Explainable Artificial Intelligence framework (BiLSTM-XAI) is developed. Initially, the preprocessing task using data cleaning and normalization is performed to enhance the data quality for detecting network intrusions. Subsequently, the significant features are selected from the databases using the Krill herd optimization (KHO) algorithm. The proposed BiLSTM-XAI approach provides better security and privacy inside the industry networking system by detecting intrusions very precisely. In this, we utilized SHAP and LIME explainable AI algorithms to improve interpretation of prediction results. The experimental setup is made by MATLAB 2016 software using Honeypot and NSL-KDD datasets as input. The analysis result reveals that the proposed method achieves superior performance in detecting intrusions with a classification accuracy of 98.2%.

Kuljeet Singh,Amit Mahajan,Vibhakar Mansotra

DOI: https://doi.org/10.1504/ijsnet.2023.135851

2024-01-10

International Journal of Sensor Networks

Abstract:Due to the continued and unabated increase in the number of cyber-attacks, the need for improved network security architecture is more apparent. The deep learning approach plays a pivotal role by classifying network traffic and identifying malicious records. However, this approach is often met with twin challenges of the high dimensionality of data and imbalanced ratio of attack labels within the data. To mitigate these issues and achieve a better detection rate, this research has proposed a new intrusion detection framework based on three main components; feature selection, oversampling, and hybrid CNN-LSTM classifier. This study deployed information gain, chi-square, basic methods, L1 regularisation, and random forest classifier as five feature selection methods and SMOTE for handling class imbalance. The experimental results, conducted using the CICIDS2017 dataset, have shown that the proposed model has demonstrated better performance in the detection of network attacks with more than 99% detection rate. Results established that number of features can be significantly reduced without altering the accuracy and oversampling has helped in improving the detection rate of minority attack labels.

computer science, information systems,telecommunications

N. Faruk,Stephen Ojo,J. B. Awotunde,R. Jimoh,Jesufemi Ayotomide Bamigbaye,M. B. Akanbi,A. Imoize

DOI: https://doi.org/10.1109/ITED56637.2022.10051526

2022-11-01

Abstract:A diversity of harmful software has been created as a result of the dramatic increase in internet usage, posing major risks to computer security. There is a great probability that the numerous computing operations performed through the network will be interfered with or altered, and as a result, effective intrusion detection systems are imperative. In addition, the attacks on the network are unpredictable, something that emphasizes the value of creating effective classification and prediction models. Machine learning (ML) and Deep Learning techniques have been used to evaluate datasets for intrusion detection systems (IDS). The employment of the DL-based approach enabled by feature selection helps to address challenges with data quality, handling high-dimensional data, and other related issues. Therefore, due to the large nature and volume of the IDS datasets, and the ability of DL-based models to learn categories incrementally through their hidden layer architecture to produce more accurate results in big data, this study proposes a Long-Short-Term-Memory (LSTM) model, and to further enhance the classification capacity of the projected DL method, the cuckoo search algorithm was introduced to select optimal features from the wireframe. The accuracy and subsequent detection of the suggested model positive and negative rates were evaluated. The experimental results show that the LSTM outperformed some other existing models with the highest classification accuracy of 99.7% and an error rate of 0.006.

Engineering,Computer Science

Monika Khatkar,Kaushal Kumar,Brijesh Kumar,Asha Sohal,Kriti Sharma,Amita Bisht,B. Sankara Babu,Monica Gulati,M. Manasa,S. Swadesh Kumar

DOI: https://doi.org/10.1051/e3sconf/202343001182

2023-10-07

E3S Web of Conferences

Abstract:Concerns about cyber threats have emerged as the expansion of system connectivity and the proliferation of system applications intensified in the industry. This has underscored the necessity for a robust defense mechanism against various cyber threats, including potential intrusions from malicious actors within the network. A specially targeted system is the intrusion detection system (IDS), designed to safeguard the confidentiality, integrity, and availability of network traffic, especially in critical sectors like healthcare. Recent advancements in the area of IDS involve the utilization of artificial intelligence (AI) and deep learning (DL) based IDS to efficiently recognize network issues. Notably, the research at hand adopts a deep learning approach employing Long Short Term Memory (LSTM) models, applied to the CICIDS-2019 dataset that is sourced from New Brunswick University's website. The focal point of evaluation lies in the precision, recall, F1-score, and accuracy metrics, specifically analyzing its performance in identifying Denial-of-Service (DoS) cyber-attacks. The findings of this study lighten the superior performance of the Long Short Term Memory method in the realm of intrusion detection systems. The LSTM model showcases its proficiency, particularly in discerning Denial of Service attacks by giving a loss of less than 0.03%.

Jalaiah Saikam,Koteswararao Ch

DOI: https://doi.org/10.1109/access.2024.3350197

IF: 3.9

2024-02-07

IEEE Access

Abstract:Intrusion detection systems (IDS) are crucial to network security by identifying and stopping harmful actions. The network intrusion data are blended into many typical instances due to the dynamic and time-varying networking surroundings. This leads to a lack of instances for training models and detection outcomes with a high false detection rate. In response to the data imbalance issue, we provide a network intrusion detection (NIDS) technique that combines deep networks and hybrid sampling. With the help of the Difficult Set Sampling Technique (DSSTE) algorithm, we first reduce the noise samples in the majority category before applying Deep Convolutional Generative Adversarial Networks (DCGANs) to boost the minority sample size. Additionally, we create a deep network model using DenseNet169 to extract spatial characteristics and Self Attention-based Transformer (SAT-Net) to extract temporal features. This technique accurately extracts the distinctive characteristics of the data. Finally, we employed the Enhanced Elman Spike Neural Network (EESNN) to classify the attack categories. We undertake experiments on the more recent and comprehensive intrusion datasets BOT-IOT, ToN-IoT, and CICIDS2019 to validate the suggested technique. Results indicate that our suggested system outperforms comparable works regarding accuracy, false alarm rate, recall, and precision.

computer science, information systems,telecommunications,engineering, electrical & electronic

Asmaa Halbouni,Teddy Surya Gunawan,Mohamed Hadi Habaebi,Murad Halbouni,Mira Kartiwi,Robiah Ahmad

DOI: https://doi.org/10.1109/access.2022.3206425

IF: 3.9

2022-09-30

IEEE Access

Abstract:Network security becomes indispensable to our daily interactions and networks. As attackers continue to develop new types of attacks and the size of networks continues to grow, the need for an effective intrusion detection system has become critical. Numerous studies implemented machine learning algorithms to develop an effective IDS; however, with the advent of deep learning algorithms and artificial neural networks that can generate features automatically without human intervention, researchers began to rely on deep learning. In our research, we took advantage of the Convolutional Neural Network's ability to extract spatial features and the Long Short-Term Memory Network's ability to extract temporal features to create a hybrid intrusion detection system model. We added batch normalization and dropout layers to the model to increase its performance. Based on the binary and multiclass classification, the model was trained using three datasets: CIC-IDS 2017, UNSW-NB15, and WSN-DS. The confusion matrix determines the system's effectiveness, which includes evaluation criteria such as accuracy, precision, detection rate, F1-score, and false alarm rate (FAR). The effectiveness of the proposed model was demonstrated by experimental results showing a high detection rate, high accuracy, and a relatively low FAR.

S. Pavithra,K. Venkata Vikas

DOI: https://doi.org/10.1109/access.2024.3405187

IF: 3.9

2024-05-31

IEEE Access

Abstract:The growth of cyber threats demands a robust and adaptive intrusion detection system (IDS) capable of effectively recognizing malicious activities from network traffic. However, the existing imbalance of class in network data possesses a significant challenge to traditional IDS. To overcome these challenges, this project proposes a novel hybrid Intrusion Detection System using machine learning algorithms, which includes XGBoost, Long Short-Term Memory (LSTM), Mini-VGGNet, and AlexNet, which is used to handle the unbalanced network traffic data. Furthermore, the Random Forest Regressor is used to ascertain the importance of features for enhancing detection accuracy and interpretability. Addressing the inherent class imbalance in network data is crucial for ensuring the IDS's effectiveness. The proposed system employs a combination of oversampling techniques for minority classes and under sampling techniques for majority classes during data preprocessing. This balanced representation of network traffic data helps prevent the IDS from being biased towards the majority class and improves its ability to detect rare or novel intrusions. The utilization of Random Forest Regressor for feature extraction serves a dual purpose. It helps identify the most relevant features within the network traffic data that contribute significantly to detecting intrusions. It enables the system to prioritize and focus on these important features during model training, thereby enhancing detection accuracy while reducing computational complexity. This research contributes to the ongoing efforts to mitigate cyber threats and safeguard critical network infrastructures.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hafiza Anisa Ahmed,Anum Hameed,Narmeen Zakaria Bawany

DOI: https://doi.org/10.7717/peerj-cs.820

2022-01-07

PeerJ Computer Science

Abstract:The expeditious growth of the World Wide Web and the rampant flow of network traffic have resulted in a continuous increase of network security threats. Cyber attackers seek to exploit vulnerabilities in network architecture to steal valuable information or disrupt computer resources. Network Intrusion Detection System (NIDS) is used to effectively detect various attacks, thus providing timely protection to network resources from these attacks. To implement NIDS, a stream of supervised and unsupervised machine learning approaches is applied to detect irregularities in network traffic and to address network security issues. Such NIDSs are trained using various datasets that include attack traces. However, due to the advancement in modern-day attacks, these systems are unable to detect the emerging threats. Therefore, NIDS needs to be trained and developed with a modern comprehensive dataset which contains contemporary common and attack activities. This paper presents a framework in which different machine learning classification schemes are employed to detect various types of network attack categories. Five machine learning algorithms: Random Forest, Decision Tree, Logistic Regression, K-Nearest Neighbors and Artificial Neural Networks, are used for attack detection. This study uses a dataset published by the University of New South Wales (UNSW-NB15), a relatively new dataset that contains a large amount of network traffic data with nine categories of network attacks. The results show that the classification models achieved the highest accuracy of 89.29% by applying the Random Forest algorithm. Further improvement in the accuracy of classification models is observed when Synthetic Minority Oversampling Technique (SMOTE) is applied to address the class imbalance problem. After applying the SMOTE, the Random Forest classifier showed an accuracy of 95.1% with 24 selected features from the Principal Component Analysis method.

computer science, information systems, artificial intelligence, theory & methods

Pramita Sree Muhuri,Prosenjit Chatterjee,Xiaohong Yuan,Kaushik Roy,Albert Esterline

DOI: https://doi.org/10.3390/info11050243

2020-05-01

Information

Abstract:An intrusion detection system (IDS) identifies whether the network traffic behavior is normal or abnormal or identifies the attack types. Recently, deep learning has emerged as a successful approach in IDSs, having a high accuracy rate with its distinctive learning mechanism. In this research, we developed a new method for intrusion detection to classify the NSL-KDD dataset by combining a genetic algorithm (GA) for optimal feature selection and long short-term memory (LSTM) with a recurrent neural network (RNN). We found that using LSTM-RNN classifiers with the optimal feature set improves intrusion detection. The performance of the IDS was analyzed by calculating the accuracy, recall, precision, f-score, and confusion matrix. The NSL-KDD dataset was used to analyze the performances of the classifiers. An LSTM-RNN was used to classify the NSL-KDD datasets into binary (normal and abnormal) and multi-class (Normal, DoS, Probing, U2R, and R2L) sets. The results indicate that applying the GA increases the classification accuracy of LSTM-RNN in both binary and multi-class classification. The results of the LSTM-RNN classifier were also compared with the results using a support vector machine (SVM) and random forest (RF). For multi-class classification, the classification accuracy of LSTM-RNN with the GA model is much higher than SVM and RF. For binary classification, the classification accuracy of LSTM-RNN is similar to that of RF and higher than that of SVM.

D. Suja Mary,L. Jaya Singh Dhas,A.R. Deepa,Mousmi Ajay Chaurasia,C. Jaspin Jeba Sheela

DOI: https://doi.org/10.1016/j.eswa.2024.123919

IF: 8.5

2024-04-23

Expert Systems with Applications

Abstract:Managing enormous amounts of data, such as big data, and detecting network traffic intrusions are inefficiently handled by current computing technologies. Traditional analytical techniques cannot manage the incursions in continuous internet traffic and the enormous log data of server activity, leading to many inaccurate results and a prolonged training period. As a result, this research provides an efficient deep learning-based approach to enhance the attack identification task by addressing the basic big data complexity linked to many heterogeneous security data types. This framework employs a novel feature selection method incorporating the Aquila Optimizer (AO) and Fuzzy Entropy Mutual Information (FEMI) algorithms to pick distinctive characteristics. Subsequently, a modified canonical correlation-based technique is applied to combine selected characteristics. Then, the intrusion identification and categorization are carried out using the optimized ResNet152V2 method. Additionally, data augmentation using Auxiliary Classifier Generative Adversarial Network (ACGAN) is performed. Finally, we used the CICDDoS2019 and ToN-IoT datasets to validate the suggested methodology. By comparing the presented approach to several baseline methods, the effectiveness of the suggested methodology is assessed using various performance measures, including F1-score, recall, precision, accuracy, confusion matrix, and ROC curve. Finally, simulation results show that the suggested strategy is superior to other existing techniques and demonstrate that it is a resilient solution for network intrusion detection.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Kaiyuan Jiang,Wenya Wang,Aili Wang,Haibin Wu

DOI: https://doi.org/10.1109/access.2020.2973730

IF: 3.9

2020-01-01

IEEE Access

Abstract:Intrusion detection system (IDS) plays an important role in network security by discovering and preventing malicious activities. Due to the complex and time-varying network environment, the network intrusion samples are submerged into a large number of normal samples, which leads to insufficient samples for model training and detection results with a high false detection rate. According to the problem of data imbalance, we propose a network intrusion detection algorithm combined hybrid sampling with deep hierarchical network. Firstly, we use the one-side selection (OSS) to reduce the noise samples in majority category, and then increase the minority samples by Synthetic Minority Over-sampling Technique (SMOTE). In this way, a balanced dataset can be established to make the model fully learn the features of minority samples and greatly reduce the model training time. Secondly, we use convolution neural network (CNN) to extract spatial features and Bi-directional long short-term memory (BiLSTM) to extract temporal features, which forms a deep hierarchical network model. The proposed network intrusion detection algorithm was verified by experiments on the NSL-KDD and UNSW-NB15 dataset, and the classification accuracy can achieve 83.58% and 77.16%, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yanfang Fu,Yishuai Du,Zijian Cao,Qiang Li,Wei Xiang

DOI: https://doi.org/10.3390/electronics11060898

IF: 2.9

2022-03-14

Electronics

Abstract:With an increase in the number and types of network attacks, traditional firewalls and data encryption methods can no longer meet the needs of current network security. As a result, intrusion detection systems have been proposed to deal with network threats. The current mainstream intrusion detection algorithms are aided with machine learning but have problems of low detection rates and the need for extensive feature engineering. To address the issue of low detection accuracy, this paper proposes a model for traffic anomaly detection named a deep learning model for network intrusion detection (DLNID), which combines an attention mechanism and the bidirectional long short-term memory (Bi-LSTM) network, first extracting sequence features of data traffic through a convolutional neural network (CNN) network, then reassigning the weights of each channel through the attention mechanism, and finally using Bi-LSTM to learn the network of sequence features. In intrusion detection public data sets, there are serious imbalance data generally. To address data imbalance issues, this paper employs the method of adaptive synthetic sampling (ADASYN) for sample expansion of minority class samples, to eventually form a relatively symmetric dataset, and uses a modified stacked autoencoder for data dimensionality reduction with the objective of enhancing information fusion. DLNID is an end-to-end model, so it does not need to undergo the process of manual feature extraction. After being tested on the public benchmark dataset on network intrusion detection NSL-KDD, experimental results show that the accuracy and F1 score of this model are better than those of other comparison methods, reaching 90.73% and 89.65%, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied