Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study

Abstract In this paper, we present a survey of deep learning approaches for cyber security intrusion detection, the datasets used, and a comparative study. Specifically, we provide a review of intrusion detection systems based on deep learning approaches. The dataset plays an important role in intrusion detection, therefore we describe 35 well-known cyber datasets and provide a classification of these datasets into seven categories; namely, network traffic-based dataset, electrical network-based dataset, internet traffic-based dataset, virtual private network-based dataset, android apps-based dataset, IoT traffic-based dataset, and internet-connected devices-based dataset. We analyze seven deep learning models including recurrent neural networks, deep neural networks, restricted Boltzmann machines, deep belief networks, convolutional neural networks, deep Boltzmann machines, and deep autoencoders. For each model, we study the performance in two categories of classification (binary and multiclass) under two new real traffic datasets, namely, the CSE-CIC-IDS2018 dataset and the Bot-IoT dataset. In addition, we use the most important performance indicators, namely, accuracy, false alarm rate, and detection rate for evaluating the efficiency of several methods.

[1]  Mohamed Amine Ferrag,et al.  Deep Learning Techniques for Cyber Security Intrusion Detection : A Detailed Analysis , 2019 .

[2]  Jill Slay,et al.  Novel Geometric Area Analysis Technique for Anomaly Detection Using Trapezoidal Area Estimation on Large-Scale Networks , 2019, IEEE Transactions on Big Data.

[3]  Joshua Ojo Nehinbe,et al.  A Simple Method for Improving Intrusion Detections in Corporate Networks , 2009, ISDF.

[4]  Ali A. Ghorbani,et al.  Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling , 2017, Comput. Networks.

[5]  Michel Dagenais,et al.  A deep learning approach for proactive multi-cloud cooperative intrusion detection system , 2019, Future Gener. Comput. Syst..

[6]  Geethapriya Thamilarasu,et al.  Towards Deep-Learning-Driven Intrusion Detection for the Internet of Things , 2019, Sensors.

[7]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[8]  M. A. Novotny,et al.  An evaluation of the performance of Restricted Boltzmann Machines as a model for anomaly network intrusion detection , 2018, Comput. Networks.

[9]  Burak Kantarci,et al.  On the Feasibility of Deep Learning in Sensor Network Intrusion Detection , 2019, IEEE Networking Letters.

[10]  Howon Kim,et al.  Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection , 2016, 2016 International Conference on Platform Technology and Service (PlatCon).

[11]  Pietro Sabatino,et al.  Ensemble based collaborative and distributed intrusion detection systems: A survey , 2016, J. Netw. Comput. Appl..

[12]  Naveen K. Chilamkurti,et al.  Survey on SDN based network intrusion detection system using machine learning approaches , 2018, Peer-to-Peer Networking and Applications.

[13]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[14]  Yurong Liu,et al.  A survey of deep neural network architectures and their applications , 2017, Neurocomputing.

[15]  Alberto Dainotti,et al.  Millions of targets under attack: a macroscopic characterization of the DoS ecosystem , 2017, Internet Measurement Conference.

[16]  Kangfeng Zheng,et al.  Improving the Classification Effectiveness of Intrusion Detection by Using Improved Conditional Variational AutoEncoder and Deep Neural Network , 2019, Sensors.

[17]  Mounir Ghogho,et al.  Deep learning approach for Network Intrusion Detection in Software Defined Networking , 2016, 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[18]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[19]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[20]  Thomas H. Morris,et al.  Classification of Disturbances and Cyber-Attacks in Power Systems Using Heterogeneous Time-Synchronized Data , 2015, IEEE Transactions on Industrial Informatics.

[21]  Andreas Hotho,et al.  A Survey of Network-based Intrusion Detection Data Sets , 2019, Comput. Secur..

[22]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[23]  Aiko Pras,et al.  A Labeled Data Set for Flow-Based Intrusion Detection , 2009, IPOM.

[24]  Geoffrey E. Hinton Deep belief networks , 2009, Scholarpedia.

[25]  Roberto Therón,et al.  UGR'16: A new dataset for the evaluation of cyclostationarity-based network IDSs , 2018, Comput. Secur..

[26]  Carla Purdy,et al.  Toward an Online Anomaly Intrusion Detection System Based on Deep Learning , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).

[27]  Parvez Faruki,et al.  Network Intrusion Detection for IoT Security Based on Learning Techniques , 2019, IEEE Communications Surveys & Tutorials.

[28]  Geoffrey E. Hinton,et al.  Modeling Human Motion Using Binary Latent Variables , 2006, NIPS.

[29]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[30]  Ali A. Ghorbani,et al.  Characterization of Tor Traffic using Time based Features , 2017, ICISSP.

[31]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[32]  Anna Liao,et al.  Open μPMU: A real world reference distribution micro-phasor measurement unit data set for research and application development: , 2016 .

[33]  Dong Yu,et al.  Deep Learning: Methods and Applications , 2014, Found. Trends Signal Process..

[34]  Yuefei Zhu,et al.  A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks , 2017, IEEE Access.

[35]  Rob Fergus,et al.  Visualizing and Understanding Convolutional Networks , 2013, ECCV.

[36]  Harald Haas,et al.  Harnessing Nonlinearity: Predicting Chaotic Systems and Saving Energy in Wireless Communication , 2004, Science.

[37]  Jeffrey L. Elman,et al.  Finding Structure in Time , 1990, Cogn. Sci..

[38]  Ting Liu,et al.  Recent advances in convolutional neural networks , 2015, Pattern Recognit..

[39]  Yi Zeng,et al.  $Deep-Full-Range$ : A Deep Learning Based Network Encrypted Traffic Classification and Intrusion Detection Framework , 2019, IEEE Access.

[40]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[41]  Thomas H. Morris,et al.  Developing a Hybrid Intrusion Detection System Using Data Mining for Power Systems , 2015, IEEE Transactions on Smart Grid.

[42]  Brian Neil Levine,et al.  Forensic Identification of Anonymous Sources in OneSwarm , 2017, IEEE Transactions on Dependable and Secure Computing.

[43]  Pascal Vincent,et al.  Stacked Denoising Autoencoders: Learning Useful Representations in a Deep Network with a Local Denoising Criterion , 2010, J. Mach. Learn. Res..

[44]  Jin Wei,et al.  Real-Time Detection of False Data Injection Attacks in Smart Grid: A Deep Learning-Based Intelligent Mechanism , 2017, IEEE Transactions on Smart Grid.

[45]  Seth Blumsack,et al.  The Topological and Electrical Structure of Power Grids , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[46]  Yao Wang,et al.  A deep learning approach for detecting malicious JavaScript code , 2016, Secur. Commun. Networks.

[47]  Nathalie Japkowicz,et al.  Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks , 2016, 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[48]  Mohamed Amine Ferrag,et al.  A Novel Intrusion Detection Mechanism for SCADA systems which Automatically Adapts to Network Topology Changes , 2017, EAI Endorsed Trans. Ind. Networks Intell. Syst..

[49]  Heba F. Eid,et al.  Hybrid Intelligent Intrusion Detection Scheme , 2011 .

[50]  Michael I. Jordan Serial Order: A Parallel Distributed Processing Approach , 1997 .

[51]  Daniel S. Berman,et al.  A Survey of Deep Learning Methods for Cyber Security , 2019, Inf..

[52]  Xin Liu,et al.  Anomaly detection in ad-hoc networks based on deep learning model: A plug and play device , 2019, Ad Hoc Networks.

[53]  Liang Zhou,et al.  Cyber-Attack Classification in Smart Grid via Deep Neural Network , 2018, CSAE '18.

[54]  João Paulo Papa,et al.  Internet of Things: A survey on machine learning-based intrusion detection approaches , 2019, Comput. Networks.

[55]  Ling Gao,et al.  An Intrusion Detection Model Based on Deep Belief Networks , 2014 .

[56]  Ali A. Ghorbani,et al.  Application of deep learning to cybersecurity: A survey , 2019, Neurocomputing.

[57]  Xiaobo Zhang,et al.  A Model Based on Convolutional Neural Network for Online Transaction Fraud Detection , 2018, Secur. Commun. Networks.

[58]  Mohamed Amine Ferrag,et al.  DeepCoin: A Novel Deep Learning and Blockchain-Based Energy Exchange Framework for Smart Grids , 2020, IEEE Transactions on Engineering Management.

[59]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[60]  Christian Diedrich,et al.  Accelerated deep neural networks for enhanced Intrusion Detection System , 2016, 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA).

[61]  Ahmed Ahmim,et al.  A Novel Hierarchical Intrusion Detection System Based on Decision Tree and Rules-Based Models , 2018, 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS).

[62]  Dumitru Erhan,et al.  Going deeper with convolutions , 2014, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[63]  Kensuke Fukuda,et al.  MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking , 2010, CoNEXT.

[64]  Lijuan Zheng,et al.  Intrusion Detection Using Deep Belief Network and Probabilistic Neural Network , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[65]  George Loukas,et al.  A taxonomy and survey of cyber-physical intrusion detection approaches for vehicles , 2019, Ad Hoc Networks.

[66]  Mark A. Buckner,et al.  An Evaluation of Machine Learning Methods to Detect Malicious SCADA Communications , 2013, 2013 12th International Conference on Machine Learning and Applications.

[67]  Chunhua Wang,et al.  Machine Learning and Deep Learning Methods for Cybersecurity , 2018, IEEE Access.

[68]  István Szabó,et al.  On the Validation of Traffic Classification Algorithms , 2008, PAM.

[69]  Mounir Ghogho,et al.  Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks , 2018, 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft).

[70]  Xingrui Yu,et al.  Deep Adversarial Learning in Intrusion Detection: A Data Augmentation Enhanced Framework , 2019, ArXiv.

[71]  Wei Gao,et al.  A control system testbed to validate critical infrastructure protection concepts , 2011, Int. J. Crit. Infrastructure Prot..

[72]  Alejandro Zunino,et al.  An empirical comparison of botnet detection methods , 2014, Comput. Secur..

[73]  Max Mühlhäuser,et al.  Analyzing flow-based anomaly intrusion detection using Replicator Neural Networks , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[74]  Ali A. Ghorbani,et al.  Toward Developing a Systematic Approach to Generate Benchmark Android Malware Datasets and Classification , 2018, 2018 International Carnahan Conference on Security Technology (ICCST).

[75]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[76]  Samuel Kounev,et al.  Evaluating Computer Intrusion Detection Systems , 2015, ACM Comput. Surv..

[77]  Mamun Bin Ibne Reaz,et al.  A survey of intrusion detection systems based on ensemble and hybrid classifiers , 2017, Comput. Secur..

[78]  Jun Yang,et al.  Improved traffic detection with support vector machine based on restricted Boltzmann machine , 2017, Soft Comput..

[79]  Sara Eftekharnejad,et al.  Packet-data anomaly detection in PMU-based state estimator using convolutional neural network , 2019, International Journal of Electrical Power & Energy Systems.

[80]  Mohamed Amine Ferrag,et al.  Cyber security of critical infrastructures , 2018, ICT Express.

[81]  Aiko Pras,et al.  SSH Compromise Detection using NetFlow/IPFIX , 2014, CCRV.

[82]  Yang Yu,et al.  Network Intrusion Detection through Stacking Dilated Convolutional Autoencoders , 2017, Secur. Commun. Networks.

[83]  Jiankun Hu,et al.  Generation of a new IDS test dataset: Time to retire the KDD collection , 2013, 2013 IEEE Wireless Communications and Networking Conference (WCNC).

[84]  H. T. Mouftah,et al.  Adaptively Supervised and Intrusion-Aware Data Aggregation for Wireless Sensor Clusters in Critical Infrastructures , 2018, 2018 IEEE International Conference on Communications (ICC).

[85]  Yaser Jararweh,et al.  An intrusion detection system for connected vehicles in smart cities , 2019, Ad Hoc Networks.

[86]  Georgios Kambourakis,et al.  Introducing Deep Learning Self-Adaptive Misuse Network Intrusion Detection Systems , 2019, IEEE Access.

[87]  Alfredo De Santis,et al.  Network anomaly detection with the restricted Boltzmann machine , 2013, Neurocomputing.

[88]  Jean-Luc Gauvain,et al.  Optimization of RNN-Based Speech Activity Detection , 2018, IEEE/ACM Transactions on Audio, Speech, and Language Processing.

[89]  Ali A. Ghorbani,et al.  Towards effective feature selection in machine learning-based botnet detection approaches , 2014, 2014 IEEE Conference on Communications and Network Security.

[90]  Ali A. Ghorbani,et al.  Towards a Network-Based Framework for Android Malware Detection and Characterization , 2017, 2017 15th Annual Conference on Privacy, Security and Trust (PST).

[91]  Sang Hyun Kim,et al.  Method of intrusion detection using deep neural network , 2017, 2017 IEEE International Conference on Big Data and Smart Computing (BigComp).

[92]  Ali A. Ghorbani,et al.  A Detailed Analysis of the CICIDS2017 Data Set , 2018, ICISSP.

[93]  Carsten Maple,et al.  Intrusion Detection Systems for Intra-Vehicle Networks: A Review , 2019, IEEE Access.

[94]  Ahmed Ahmim,et al.  An intrusion detection system based on combining probability predictions of a tree of classifiers , 2018, Int. J. Commun. Syst..

[95]  P. Venkata Krishna,et al.  A Deep Learning Based Artificial Neural Network Approach for Intrusion Detection , 2017, ICMC.

[96]  Jiankun Hu,et al.  A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns , 2014, IEEE Transactions on Computers.

[97]  Ali A. Ghorbani,et al.  DroidKin: Lightweight Detection of Android Apps Similarity , 2014, SecureComm.

[98]  Milad Nasr,et al.  DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning , 2018, CCS.

[99]  Leandros A. Maglaras,et al.  Data Mining and Intrusion Detection Systems , 2016 .

[100]  Georgia Sakellari,et al.  Cloud-Based Cyber-Physical Intrusion Detection for Vehicles Using Deep Learning , 2018, IEEE Access.

[101]  Paul J. M. Havinga,et al.  Fusion of Smartphone Motion Sensors for Physical Activity Recognition , 2014, Sensors.

[102]  Sean Carlisto de Alvarenga,et al.  A survey of intrusion detection in Internet of Things , 2017, J. Netw. Comput. Appl..

[103]  Feng Jiang,et al.  Deep Learning Based Multi-Channel Intelligent Attack Detection for Data Security , 2020, IEEE Transactions on Sustainable Computing.

[104]  Elena Sitnikova,et al.  Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset , 2018, Future Gener. Comput. Syst..

[105]  Hugo Larochelle,et al.  Efficient Learning of Deep Boltzmann Machines , 2010, AISTATS.

[106]  Xu Chen,et al.  Network Intrusion Detection: Based on Deep Hierarchical Network and Original Flow Data , 2019, IEEE Access.

[107]  Md Zahangir Alom,et al.  Intrusion detection using deep belief networks , 2015, 2015 National Aerospace and Electronics Conference (NAECON).

[108]  Ali A. Ghorbani,et al.  Detecting Malicious URLs Using Lexical Analysis , 2016, NSS.

[109]  Ying Zhang,et al.  Intrusion Detection for IoT Based on Improved Genetic Algorithm and Deep Belief Network , 2019, IEEE Access.

[110]  Di Ma,et al.  A TWO-STAGE DEEP LEARNING APPROACH FOR CAN INTRUSION DETECTION , 2018 .

[111]  Liqing Zhang,et al.  Credit Card Fraud Detection Using Convolutional Neural Networks , 2016, ICONIP.

[112]  Henry Leung,et al.  A Deep and Scalable Unsupervised Machine Learning System for Cyber-Attack Detection in Large-Scale Smart Grids , 2019, IEEE Access.

[113]  Yanxia Sun,et al.  A Deep Learning Method With Filter Based Feature Engineering for Wireless Intrusion Detection System , 2019, IEEE Access.

[114]  Lianbing Deng,et al.  IoT data feature extraction and intrusion detection system for smart cities based on deep migration learning , 2019, Int. J. Inf. Manag..

[115]  Christian Igel,et al.  An Introduction to Restricted Boltzmann Machines , 2012, CIARP.