A Comparative Analysis of Deep Learning Approaches for Network Intrusion Detection Systems (N-IDSs)

2019 ◽  
Vol 11 (3) ◽  
pp. 65-89 ◽  
Author(s):  
Vinayakumar R ◽  
Soman KP ◽  
Prabaharan Poornachandran
Keyword(s):  
Neural Network ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Recurrent Neural Network ◽  
Network Architecture ◽  
Series Data ◽  
Network Intrusion Detection ◽  
Data Set ◽  
Deep Model ◽  
Network Intrusion

Recently, due to the advance and impressive results of deep learning techniques in the fields of image recognition, natural language processing and speech recognition for various long-standing artificial intelligence (AI) tasks, there has been a great interest in applying towards security tasks too. This article focuses on applying these deep taxonomy techniques to network intrusion detection system (N-IDS) with the aim to enhance the performance in classifying the network connections as either good or bad. To substantiate this to NIDS, this article models network traffic as a time series data, specifically transmission control protocol / internet protocol (TCP/IP) packets in a predefined time-window with a supervised deep learning methods such as recurrent neural network (RNN), identity matrix of initialized values typically termed as identity recurrent neural network (IRNN), long short-term memory (LSTM), clock-work RNN (CWRNN) and gated recurrent unit (GRU), utilizing connection records of KDDCup-99 challenge data set. The main interest is given to evaluate the performance of RNN over newly introduced method such as LSTM and IRNN to alleviate the vanishing and exploding gradient problem in memorizing the long-term dependencies. The efficient network architecture for all deep models is chosen based on comparing the performance of various network topologies and network parameters. The experiments of such chosen efficient configurations of deep models were run up to 1,000 epochs by varying learning-rates between 0.01-05. The observed results of IRNN are relatively close to the performance of LSTM on KDDCup-99 NIDS data set. In addition to KDDCup-99, the effectiveness of deep model architectures are evaluated on refined version of KDDCup-99: NSL-KDD and most recent one, UNSW-NB15 NIDS datasets.

scholarly journals HCRNNIDS: Hybrid Convolutional Recurrent Neural Network-Based Network Intrusion Detection System

Processes ◽  
2021 ◽  
Vol 9 (5) ◽  
pp. 834
Author(s):  
Muhammad Ashfaq Khan
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
Recurrent Neural Network ◽  
Intrusion Detection System ◽  
Detection System ◽  
Attack Detection ◽  
Network Intrusion Detection ◽  
Complex Nature ◽  
Network Intrusion ◽  
Network Intrusion Detection System

Nowadays, network attacks are the most crucial problem of modern society. All networks, from small to large, are vulnerable to network threats. An intrusion detection (ID) system is critical for mitigating and identifying malicious threats in networks. Currently, deep learning (DL) and machine learning (ML) are being applied in different domains, especially information security, for developing effective ID systems. These ID systems are capable of detecting malicious threats automatically and on time. However, malicious threats are occurring and changing continuously, so the network requires a very advanced security solution. Thus, creating an effective and smart ID system is a massive research problem. Various ID datasets are publicly available for ID research. Due to the complex nature of malicious attacks with a constantly changing attack detection mechanism, publicly existing ID datasets must be modified systematically on a regular basis. So, in this paper, a convolutional recurrent neural network (CRNN) is used to create a DL-based hybrid ID framework that predicts and classifies malicious cyberattacks in the network. In the HCRNNIDS, the convolutional neural network (CNN) performs convolution to capture local features, and the recurrent neural network (RNN) captures temporal features to improve the ID system’s performance and prediction. To assess the efficacy of the hybrid convolutional recurrent neural network intrusion detection system (HCRNNIDS), experiments were done on publicly available ID data, specifically the modern and realistic CSE-CIC-DS2018 data. The simulation outcomes prove that the proposed HCRNNIDS substantially outperforms current ID methodologies, attaining a high malicious attack detection rate accuracy of up to 97.75% for CSE-CIC-IDS2018 data with 10-fold cross-validation.

scholarly journals CNN-Based Network Intrusion Detection against Denial-of-Service Attacks

Electronics ◽  
2020 ◽  
Vol 9 (6) ◽  
pp. 916 ◽  
Author(s):  
Jiyeon Kim ◽  
Jiwon Kim ◽  
Hyunjung Kim ◽  
Minsun Shim ◽  
Eunjung Choi
Keyword(s):  
Neural Network ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Denial Of Service ◽  
Intrusion Detection Systems ◽  
Network Intrusion Detection ◽  
National Defense ◽  
Dos Attacks ◽  
Detection Systems ◽  
Network Intrusion

As cyberattacks become more intelligent, it is challenging to detect advanced attacks in a variety of fields including industry, national defense, and healthcare. Traditional intrusion detection systems are no longer enough to detect these advanced attacks with unexpected patterns. Attackers bypass known signatures and pretend to be normal users. Deep learning is an alternative to solving these issues. Deep Learning (DL)-based intrusion detection does not require a lot of attack signatures or the list of normal behaviors to generate detection rules. DL defines intrusion features by itself through training empirical data. We develop a DL-based intrusion model especially focusing on denial of service (DoS) attacks. For the intrusion dataset, we use KDD CUP 1999 dataset (KDD), the most widely used dataset for the evaluation of intrusion detection systems (IDS). KDD consists of four types of attack categories, such as DoS, user to root (U2R), remote to local (R2L), and probing. Numerous KDD studies have been employing machine learning and classifying the dataset into the four categories or into two categories such as attack and benign. Rather than focusing on the broad categories, we focus on various attacks belonging to same category. Unlike other categories of KDD, the DoS category has enough samples for training each attack. In addition to KDD, we use CSE-CIC-IDS2018 which is the most up-to-date IDS dataset. CSE-CIC-IDS2018 consists of more advanced DoS attacks than that of KDD. In this work, we focus on the DoS category of both datasets and develop a DL model for DoS detection. We develop our model based on a Convolutional Neural Network (CNN) and evaluate its performance through comparison with an Recurrent Neural Network (RNN). Furthermore, we suggest the optimal CNN design for the better performance through numerous experiments.

Network Intrusion Detection Methods Based on Deep Learning

2020 ◽  
Vol 14 ◽  
Author(s):  
Xiangwen Li ◽  
Shuang Zhang
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
False Positive Rate ◽  
Detection Algorithm ◽  
Detection Methods ◽  
Network Intrusion Detection ◽  
Test Time ◽  
Data Set ◽  
Network Intrusion ◽  
Kdd Cup 99

: To detect network attacks more effectively, this study uses Honeypot techniques to collect the latest network attack data and proposes network intrusion detection classification models based on deep learning combined with DNN and LSTM models. Experiments showed that the data set training models gave better results than the KDD CUP 99 training model’s detection rate and false positive rate. The DNN-LSTM intrusion detection algorithm proposed in this study gives better results than KDD CUP 99 training model. Compared to other algorithms such as LeNet, DNN-LSTM intrusion detection algorithm exhibits shorter classification test time along with better accuracy and recall rate of intrusion detection.

scholarly journals Improved RBF Network Intrusion Detection Model Based on Edge Computing with Multi-algorithm Fusion

2021 ◽  
Vol 16 (4) ◽  
Author(s):  
Xuejun Liu ◽  
Kaili Li ◽  
Wenhui Wang ◽  
Yong Yan ◽  
Yun Sha ◽  
...  
Keyword(s):  
Neural Network ◽  
Intrusion Detection ◽  
Rbf Neural Network ◽  
Convergence Speed ◽  
Edge Computing ◽  
Network Intrusion Detection ◽  
Data Set ◽  
Rbf Network ◽  
Detection Model ◽  
Network Intrusion

Edge computing is difficult to deploy a complete and reliable security strategy due to its distributed computing architecture and inherent heterogeneity of equipment and limited resources. When malicious attacks occur, the loss will be immeasurable. RBF neural network has strong nonlinear representation ability and fast learning convergence speed, which is suitable for intrusion detection of edge detection industrial control network. In this paper, an improved RBF network intrusion detection model based on multi-algorithm fusion is proposed. kernel principal component analysis (KPCA) is used to extract data dimension and simplify data representation. Then subtractive clustering algorithm(SCM) and grey wolf algorithm(GWO) are used to jointly optimize RBF neural network parameters to avoid falling into local optimum, reduce the calculation of model training and improve the detection accuracy. The algorithm can better adapt to the edge computing platform with weak computing ability and bearing capacity, and realize real-time data analysis.The experimental results of BATADAL data set and Gas data set show that the accuracy of the algorithm is over 99% and the training time of larger samples is shortened by 50 times for BATADAL data set. The results show that the improved RBF network is effective in improving the convergence speed and accuracy in intrusion detection.

scholarly journals Network intrusion detection method based on deep learning

2021 ◽  
Vol 1966 (1) ◽  
pp. 012051
Author(s):  
Shuai Zou ◽  
Fangwei Zhong ◽  
Bing Han ◽  
Hao Sun ◽  
Tao Qian ◽  
...  
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Detection Method ◽  
Network Intrusion Detection ◽  
Network Intrusion

Power information network intrusion detection based on deep learning and cloud computing

2021 ◽  
pp. 1-9
Author(s):  
Xiangbing Zhao ◽  
Jianhui Zhou
Keyword(s):  
Cloud Computing ◽  
Deep Learning ◽  
Intrusion Detection ◽  
High Speed ◽  
Information Networks ◽  
Network Intrusion Detection ◽  
Information Network ◽  
Advantages And Disadvantages ◽  
Network Intrusion ◽  
Capture Mechanism

With the advent of the computer network era, people like to think in deeper ways and methods. In addition, the power information network is facing the problem of information leakage. The research of power information network intrusion detection is helpful to prevent the intrusion and attack of bad factors, ensure the safety of information, and protect state secrets and personal privacy. In this paper, through the NRIDS model and network data analysis method, based on deep learning and cloud computing, the demand analysis of the real-time intrusion detection system for the power information network is carried out. The advantages and disadvantages of this kind of message capture mechanism are compared, and then a high-speed article capture mechanism is designed based on the DPDK research. Since cloud computing and power information networks are the most commonly used tools and ways for us to obtain information in our daily lives, our lives will be difficult to carry out without cloud computing and power information networks, so we must do a good job to ensure the security of network information network intrusion detection and defense measures.

Sign in / Sign up

Export Citation Format

Share Document