KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Enhanced Network Intrusion Detection using Deep Convolutional Neural Networks

  • Naseer, Sheraz (Department of Computer Science & Engineering, University of Engineering and Technology) ;
  • Saleem, Yasir (Department of Computer Science & Engineering, University of Engineering and Technology)
  • Received : 2017.09.21
  • Accepted : 2018.05.13
  • Published : 2018.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Network Intrusion detection is a rapidly growing field of information security due to its importance for modern IT infrastructure. Many supervised and unsupervised learning techniques have been devised by researchers from discipline of machine learning and data mining to achieve reliable detection of anomalies. In this paper, a deep convolutional neural network (DCNN) based intrusion detection system (IDS) is proposed, implemented and analyzed. Deep CNN core of proposed IDS is fine-tuned using Randomized search over configuration space. Proposed system is trained and tested on NSLKDD training and testing datasets using GPU. Performance comparisons of proposed DCNN model are provided with other classifiers using well-known metrics including Receiver operating characteristics (RoC) curve, Area under RoC curve (AuC), accuracy, precision-recall curve and mean average precision (mAP). The experimental results of proposed DCNN based IDS shows promising results for real world application in anomaly detection systems.

Keywords

References

  1. D. E. Denning, "An intrusion-detection model," IEEE Trans. Softw. Eng., no. 2, pp. 222-232, 1987.
  2. M. Luo, L. Wang, H. Zhang, and J. Chen, "A Research on Intrusion Detection Based on Unsupervised Clustering and Support Vector Machine," in Proc. of Information and Communications Security: 5th International Conference, ICICS 2003, Huhehaote, China, October 10-13, 2003. Proceedings, S. Qing, D. Gollmann, and J. Zhou, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 325-336, 2003.
  3. X. Zhu and A. B. Goldberg, "Introduction to Semi-Supervised Learning," Synth. Lect. Artif. Intell. Mach. Learn., vol. 3, no. 1, pp. 1-130, Jan. 2009.
  4. I. Goodfellow, Y. Bengio, and A. Courville, Deep Learning. MIT Press, 2016.
  5. M. Minsky and S. Papert, "Perceptrons.," 1969.
  6. A. Krizhevsky, I. Sutskever, and G. E. Hinton, "Imagenet classification with deep convolutional neural networks," Advances in neural information processing systems, pp. 1097-1105, 2012.
  7. O. Russakovsky et al., "ImageNet Large Scale Visual Recognition Challenge," Int. J. Comput. Vis. IJCV, vol. 115, no. 3, pp. 211-252, 2015. https://doi.org/10.1007/s11263-015-0816-y
  8. M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A Detailed Analysis of the KDD CUP 99 Data Set," in Proc. of the Second IEEE International Conference on Computational Intelligence for Security and Defense Applications, Piscataway, NJ, USA, pp. 53-58, 2009.
  9. S. D. Bay, D. F. Kibler, M. J. Pazzani, and P. Smyth, "The UCI KDD Archive of Large Data Sets for Data Mining Research and Experimentation," SIGKDD Explor., vol. 2, p. 81, 2000. https://doi.org/10.1145/380995.381030
  10. G.-B. Huang, Q.-Y. Zhu, and C.-K. Siew, "Extreme learning machine: Theory and applications," Neurocomputing, vol. 70, no. 1-3, pp. 489-501, Dec. 2006. https://doi.org/10.1016/j.neucom.2005.12.126
  11. Y. Liao and V. R. Vemuri, "Use of K-Nearest Neighbor classifier for intrusion detection," Comput. Secur., vol. 21, no. 5, pp. 439-448, Oct. 2002. https://doi.org/10.1016/S0167-4048(02)00514-X
  12. S. Mukkamala, G. Janoski, and A. Sung, "Intrusion detection using neural networks and support vector machines,", pp. 1702-1707, 2002.
  13. W. L. Al-Yaseen, Z. A. Othman, and M. Z. A. Nazri, "Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system," Expert Syst. Appl., vol. 67, pp. 296-303, Jan. 2017. https://doi.org/10.1016/j.eswa.2016.09.041
  14. D. K. Bhattacharyya and J. K. Kalita, Network anomaly detection: A machine learning perspective. CRC Press, 2013.
  15. A. A. Ghorbani, W. Lu, and M. Tavallaee, "Network Intrusion Detection and Prevention," Boston, MA: Springer US, vol. 47., 2010.
  16. M. Tavallaee, "An adaptive hybrid intrusion detection system," University of New Brunswick, 2011.
  17. A. Solanas and A. Martinez-Balleste, "Advances in artificial intelligence for privacy protection and security," Hackensack, N.J.: World Scientific, ISBN: 978-981-4472-03-6, 2010.
  18. P. Laskov, P. Düssel, C. Schafer, and K. Rieck, "Learning Intrusion Detection: Supervised or Unsupervised?," in Proc. of Image Analysis and Processing - ICIAP 2005: 13th International Conference, Cagliari, Italy, September 6-8, 2005. Proceedings, F. Roli and S. Vitulano, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 50-57, 2005.
  19. O. E. David and N. S. Netanyahu, "Deepsign: Deep learning for automatic malware signature generation and classification," in Proc. of 2015 International Joint Conference on Neural Networks (IJCNN), pp. 1-8, 2015.
  20. N. Gao, L. Gao, Q. Gao, and H. Wang, "An Intrusion Detection Model Based on Deep Belief Networks," pp. 247-252, 2014.
  21. Z. Wang, "The Applications of Deep Learning on Traffic Identification," blackhat 2015, 2015.
  22. R. A. R. Ashfaq, X.-Z. Wang, J. Z. Huang, H. Abbas, and Y.-L. He, "Fuzziness based semi-supervised learning approach for intrusion detection system," Inf. Sci., vol. 378, pp. 484-497, Feb. 2017. https://doi.org/10.1016/j.ins.2016.04.019
  23. J. Kim, N. Shin, S. Y. Jo, and S. H. Kim, "Method of intrusion detection using deep neural network," in Proc. of Big Data and Smart Computing (BigComp), 2017 IEEE International Conference on, pp. 313-316, 2017.
  24. K. Alrawashdeh and C. Purdy, "Toward an Online Anomaly Intrusion Detection System Based on Deep Learning," in Proc. of Machine Learning and Applications (ICMLA), 2016 15th IEEE International Conference on, pp. 195-200, 2016.
  25. M. Yousefi-Azar, V. Varadharajan, L. Hamey, and U. Tupakula, "Autoencoder-based feature learning for cyber security applications," in Proc. of Neural Networks (IJCNN), 2017 International Joint Conference on, pp. 3854-3861, 2017.
  26. O. Zhang, "Strategies to encode categorical variables with many categories," Feb-2017.
  27. K. Weinberger, A. Dasgupta, J. Langford, A. Smola, and J. Attenberg, "Feature hashing for large scale multitask learning," in Proc. of Proceedings of the 26th Annual International Conference on Machine Learning, pp. 1113-1120, 2009.
  28. Statistical Consulting Group, "Contrast Coding Systems for categorical variables," Feb-2011. [Online].
  29. W. Mcginnis, "Beyond One-Hot: an exploration of categorical variables," Jul-2017.
  30. W. Mcginnis, "BaseN Encoding and Grid Search in categorical variables," Jul-2017.
  31. Y. LeCun, L. Bottou, Y. Bengio, and P. Haffner, "Gradient-based learning applied to document recognition," IEEE, vol. 86, no. 11, pp. 2278-2324, 1998. https://doi.org/10.1109/5.726791
  32. N. Srivastava, G. Hinton, A. Krizhevsky, I. Sutskever, and R. Salakhutdinov, "Dropout: A Simple Way to Prevent Neural Networks from Overfitting," J. Mach. Learn. Res., vol. 15, pp. 1929-1958, 2014.
  33. J. Bergstra and Y. Bengio, "Random search for hyper-parameter optimization," JMLR, p. 305, 2012.
  34. Theano Development Team, "Theano: A Python framework for fast computation of mathematical expressions," ArXiv E-Prints, vol. abs/1605.02688, May 2016.
  35. J. Nickolls, I. Buck, M. Garland, and K. Skadron, "Scalable Parallel Programming with CUDA," Queue, vol. 6, no. 2, pp. 40-53, Mar. 2008. https://doi.org/10.1145/1365490.1365500
  36. K. He, X. Zhang, S. Ren, and J. Sun, "Delving deep into rectifiers: Surpassing human-level performance on imagenet classification," in Proc. of Proceedings of the IEEE international conference on computer vision, pp. 1026-1034, 2015.
  37. X. Glorot and Y. Bengio, "Understanding the difficulty of training deep feedforward neural networks," in Proc. of Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics, pp. 249-256, 2010.
  38. M. D. Zeiler, "ADADELTA: An Adaptive Learning Rate Method," CoRR, vol. abs/1212.5701, 2012.
  39. F. Pedregosa et al., "Scikit-learn: Machine Learning in Python," J. Mach. Learn. Res., vol. 12, pp. 2825-2830, 2011.
  40. F. Fernandez-Navarro, C. Hervas-Martinez, J. Sanchez-Monedero, and P. A. Gutierrez, "MELM-GRBF: A modified version of the extreme learning machine for generalized radial basis function neural networks," Neurocomputing, vol. 74, pp. 2502-2510, 2011. https://doi.org/10.1016/j.neucom.2010.11.032
  41. R. C. Aygun and A. G. Yavuz, "Network Anomaly Detection with Stochastically Improved Autoencoder Based Models," in Proc. of Proceedings of the International Conference on Cyber Security and Cloud Computing, pp. 193-198, 2017.

Cited by

  1. Building an Effective Intrusion Detection System Using the Modified Density Peak Clustering Algorithm and Deep Belief Networks vol.9, pp.2, 2018, https://doi.org/10.3390/app9020238
  2. Sign Language Translation Using Deep Convolutional Neural Networks vol.14, pp.2, 2018, https://doi.org/10.3837/tiis.2020.02.009
  3. Learning Representations of Network Traffic Using Deep Neural Networks for Network Anomaly Detection: A Perspective towards Oil and Gas IT Infrastructures vol.12, pp.11, 2018, https://doi.org/10.3390/sym12111882
  4. iAmideV-Deep: Valine Amidation Site Prediction in Proteins Using Deep Learning and Pseudo Amino Acid Compositions vol.13, pp.4, 2018, https://doi.org/10.3390/sym13040560