CNN-Based Network Intrusion Detection against Denial-of-Service Attacks

As cyberattacks become more intelligent, it is challenging to detect advanced attacks in a variety of fields including industry, national defense, and healthcare. Traditional intrusion detection systems are no longer enough to detect these advanced attacks with unexpected patterns. Attackers bypass known signatures and pretend to be normal users. Deep learning is an alternative to solving these issues. Deep Learning (DL)-based intrusion detection does not require a lot of attack signatures or the list of normal behaviors to generate detection rules. DL defines intrusion features by itself through training empirical data. We develop a DL-based intrusion model especially focusing on denial of service (DoS) attacks. For the intrusion dataset, we use KDD CUP 1999 dataset (KDD), the most widely used dataset for the evaluation of intrusion detection systems (IDS). KDD consists of four types of attack categories, such as DoS, user to root (U2R), remote to local (R2L), and probing. Numerous KDD studies have been employing machine learning and classifying the dataset into the four categories or into two categories such as attack and benign. Rather than focusing on the broad categories, we focus on various attacks belonging to same category. Unlike other categories of KDD, the DoS category has enough samples for training each attack. In addition to KDD, we use CSE-CIC-IDS2018 which is the most up-to-date IDS dataset. CSE-CIC-IDS2018 consists of more advanced DoS attacks than that of KDD. In this work, we focus on the DoS category of both datasets and develop a DL model for DoS detection. We develop our model based on a Convolutional Neural Network (CNN) and evaluate its performance through comparison with an Recurrent Neural Network (RNN). Furthermore, we suggest the optimal CNN design for the better performance through numerous experiments.

[1]  Chih-Jer Lin,et al.  Detection and Classification of Advanced Persistent Threats and Attacks Using the Support Vector Machine , 2019, Applied Sciences.

[2]  Quoc-Tuan Vien,et al.  A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks , 2017, Comput..

[3]  Carlos Serrão,et al.  SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks , 2019, Inf..

[4]  Ray-I Chang,et al.  INTRUSION DETECTION BY BACKPROPAGATION NEURAL NETWORKS WITH SAMPLE-QUERY AND ATTRIBUTE-QUERY , 2007 .

[5]  Jiyeon Kim,et al.  An Intrusion Detection Model based on a Convolutional Neural Network , 2019, J. Multim. Inf. Syst..

[6]  Kai Ye,et al.  Key Feature Recognition Algorithm of Network Intrusion Signal Based on Neural Network and Support Vector Machine , 2019, Symmetry.

[7]  Longqing Li,et al.  Wireless Sensor Networks Intrusion Detection Based on SMOTE and the Random Forest Algorithm , 2019, Sensors.

[8]  A. Halim Zaim,et al.  A hybrid intrusion detection system design for computer network security , 2009, Comput. Electr. Eng..

[9]  Noorhaniza Wahid,et al.  A hybrid network intrusion detection system using simplified swarm optimization (SSO) , 2012, Appl. Soft Comput..

[10]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[11]  Jamal Bentahar,et al.  Optimal Load Distribution for the Detection of VM-Based DDoS Attacks in the Cloud , 2020, IEEE Transactions on Services Computing.

[12]  S. Selvakumar,et al.  Deep Radial Intelligence with Cumulative Incarnation approach for detecting Denial of Service attacks , 2019, Neurocomputing.

[13]  Baihai Zhang,et al.  Research on Network Intrusion Detection Based on Incremental Extreme Learning Machine and Adaptive Principal Component Analysis , 2019, Energies.

[14]  Hala H. Zayed,et al.  Intrusion Detection: Supervised Machine Learning , 2011, J. Comput. Sci. Eng..

[15]  Karim Afdel,et al.  Semi-supervised machine learning approach for DDoS detection , 2018, Applied Intelligence.

[16]  Jamal Bentahar,et al.  Resource-Aware Detection and Defense System against Multi-Type Attacks in the Cloud: Repeated Bayesian Stackelberg Game , 2019, IEEE Transactions on Dependable and Secure Computing.

[17]  Gerhard P. Hancke,et al.  A Survey of Anomaly Detection in Industrial Wireless Sensor Networks with Critical Water System Infrastructure as a Case Study , 2018, Sensors.

[18]  Jae-Hyun Seo A Study on the Performance Evaluation of Unbalanced Intrusion Detection Dataset Classification based on Machine Learning , 2017 .

[19]  M. A. Jabbar,et al.  Random Forest Modeling for Network Intrusion Detection System , 2016 .

[20]  Shahram Sarkani,et al.  A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier , 2012, Expert Syst. Appl..

[21]  Ralf C. Staudemeyer,et al.  Extracting salient features for network intrusion detection using machine learning methods , 2014, South Afr. Comput. J..

[22]  Snehal A. Mulay,et al.  Intrusion Detection System using Support Vector Machine and Decision Tree , 2010 .

[23]  Mansour Sheikhan,et al.  Intrusion detection using reduced-size RNN based on feature grouping , 2010, Neural Computing and Applications.

[24]  Victor I. Chang,et al.  From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions , 2017, Algorithms.