Network Traffic Anomaly Detection Based on Information Gain and Deep Learning

With the rapid development of the Internet, the network traffic shows an explosive growth trend. Although the Internet facilitates people's lives, it also brings a lot of security threats. Thus, the analysis of abnormal behavior of network traffic becomes a crucial factor for ensuring the quality of Internet services and preventing network intrusion. This paper proposes a deep learning method that combines CNN and LSTM to detect abnormal network traffic, especially unknown intrusions. In the field of machine learning, the choice of features is the key ingredient to the effect and accuracy of the model. Therefore, this paper also proposes a feature selection method based on Information Gain (IG), extracting more valuable features, which are fed into the model. We use CNN to extract the higher dimensional features of the input data, and then use LSTM to learn the timing characteristics of the network traffic. We applied our model on the KDD99 dataset and assessed its accuracy. When the epoch greater than 4, the training accuracy reaches 0.99 and testing accuracy reaches 0.925, which showed a certain improvement compared with the traditional model. In the era when information volume is becoming more and more dense, the analysis of network traffic will become more and more necessary, which also proves broader application prospects.

[1]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[2]  Qingtao Wu,et al.  Evaluation of Network Connection Credibility based on Neural Network , 2011, J. Comput..

[3]  Shu Li,et al.  Complex-based optimization strategy for evasion attack , 2017, 2017 12th International Conference on Intelligent Systems and Knowledge Engineering (ISKE).

[4]  Jugal K. Kalita,et al.  Network Traffic Anomaly Detection and Prevention , 2017, Computer Communications and Networks.

[5]  Jinoh Kim,et al.  An Empirical Study on Network Anomaly Detection Using Convolutional Neural Networks , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[6]  Wang Jing,et al.  Intrusion Detection Technology Based on SVDD , 2009, 2009 Second International Conference on Intelligent Networks and Intelligent Systems.

[7]  Matthew Roughan,et al.  A BasisEvolution framework for network traffic anomaly detection , 2018, Comput. Networks.

[8]  Xiaowei Gu,et al.  Network Traffic Anomaly Detection Based on Dynamic Programming , 2017, 2017 International Conference on Computing Intelligence and Information System (CIIS).

[9]  Fang Liu,et al.  Real-time anomaly traffic monitoring based on dynamic k-NN cumulative-distance abnormal detection algorithm , 2014, 2014 IEEE 3rd International Conference on Cloud Computing and Intelligence Systems.

[10]  Baojiang Cui,et al.  Malware Detection Using Machine Learning Based on the Combination of Dynamic and Static Features , 2018, 2018 27th International Conference on Computer Communication and Networks (ICCCN).

[11]  Gao Yan,et al.  Network Anomaly Traffic Detection Method Based on Support Vector Machine , 2016, 2016 International Conference on Smart City and Systems Engineering (ICSCSE).

[12]  Yiqiang Sheng,et al.  HAST-IDS: Learning Hierarchical Spatial-Temporal Features Using Deep Neural Networks to Improve Intrusion Detection , 2018, IEEE Access.

[13]  Feng Jing,et al.  Research on Network Traffic Identification Technology for Big Data Platform , 2018, 2018 13th APCA International Conference on Control and Soft Computing (CONTROLO).

[14]  Jie Zhang,et al.  LSTM-EFG for wind power forecasting based on sequential correlation features , 2019, Future Gener. Comput. Syst..

[15]  K. P. Soman,et al.  Applying convolutional neural network for network intrusion detection , 2017, 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI).