A novel context-aware feature extraction method for convolutional neural network-based intrusion detection systems

To create a safe and secure cyberspace, many researchers have created and proposed Intrusion Detection Systems (IDSs). Different types of IDSs are either designed to address only a single kind of intrusion or multiple variants. In this paper, we proposed a new context-aware feature extraction method as a pre-processing step for Convolutional Neural Network (CNN)-based multiclass intrusion detection. Feature selection is also used to reduce the feature space and classification time. For attack-type classification, we used CNN which is generally well-known for its better classification ability on image recognition tasks. We have exploited this ability to develop an IDS that can identify different types of intrusions ranging from 4 to 12 types. In our study, we evaluated our proposed Context-aware Feature Extraction-based CNN IDS on different datasets with multiple classes where it was able to successfully improve classification accuracy compared to the models with no preprocessing steps and other existing methods. We carried out the performance evaluation and comparison using four different datasets, NSL-KDD, CICIDS2017, ADFA-LD, and ADFA-WD. These datasets have either host-based or network-based features, which is another area that we investigated in this paper.

[1]  Ali A. Ghorbani,et al.  Application of deep learning to cybersecurity: A survey , 2019, Neurocomputing.

[2]  Wooju Kim,et al.  Unsupervised learning approach for network intrusion detection system using autoencoders , 2019, The Journal of Supercomputing.

[3]  Martín Abadi,et al.  TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems , 2016, ArXiv.

[4]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[5]  Sung Won Kim,et al.  Hybrid Deep Learning: An Efficient Reconnaissance and Surveillance Detection Mechanism in SDN , 2020, IEEE Access.

[6]  Jiankun Hu,et al.  Windows Based Data Sets for Evaluation of Robustness of Host Based Intrusion Detection Systems (IDS) to Zero-Day and Stealth Attacks , 2016, Future Internet.

[7]  Nima Tajbakhsh,et al.  Convolutional Neural Networks for Medical Image Analysis: Full Training or Fine Tuning? , 2016, IEEE Transactions on Medical Imaging.

[8]  Jiankun Hu,et al.  Generation of a new IDS test dataset: Time to retire the KDD collection , 2013, 2013 IEEE Wireless Communications and Networking Conference (WCNC).

[9]  Majd Latah,et al.  Towards an Efficient Anomaly-Based Intrusion Detection for Software-Defined Networks , 2018, IET Networks.

[10]  Yang Xin,et al.  Robust detection for network intrusion of industrial IoT based on multi-CNN fusion , 2020 .

[11]  Deris Stiawan,et al.  CICIDS-2017 Dataset Feature Analysis With Information Gain for Anomaly Detection , 2020, IEEE Access.

[12]  Jae Y. Shin,et al.  Convolutional Neural Networks for Medical Image Analysis: Full Training or Fine Tuning? , 2016, IEEE transactions on medical imaging.

[13]  Gürsel Serpen,et al.  Host-based misuse intrusion detection using PCA feature extraction and kNN classification algorithms , 2018, Intell. Data Anal..

[14]  Jiankun Hu,et al.  An Approach for Host-Based Intrusion Detection System Design Using Convolutional Neural Network , 2017, MONAMI.

[15]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[16]  Ainuddin Wahid Abdul Wahab,et al.  A Lightweight Perceptron-Based Intrusion Detection System for Fog Computing , 2019, Applied Sciences.

[17]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[18]  Pierre Geurts,et al.  Extremely randomized trees , 2006, Machine Learning.

[19]  A. E. Hoerl,et al.  Ridge regression: biased estimation for nonorthogonal problems , 2000 .

[20]  Heng Tao Shen,et al.  Principal Component Analysis , 2009, Encyclopedia of Biometrics.

[21]  Mohammed Awad,et al.  Using weighted Support Vector Machine to address the imbalanced classes problem of Intrusion Detection System , 2018, KSII Trans. Internet Inf. Syst..

[22]  Kai Huang,et al.  Intrusion Detection Using Convolutional Neural Networks for Representation Learning , 2017, ICONIP.

[23]  Roberto Blanco,et al.  Multiclass Network Attack Classifier Using CNN Tuned with Genetic Algorithms , 2018, 2018 28th International Symposium on Power and Timing Modeling, Optimization and Simulation (PATMOS).

[24]  Jian Wang,et al.  Intrusion Prediction With System-Call Sequence-to-Sequence Model , 2018, IEEE Access.

[25]  Yuefei Zhu,et al.  A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks , 2017, IEEE Access.

[26]  Xiangjian He,et al.  Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm , 2016, IEEE Transactions on Computers.

[27]  Arvinder Kaur,et al.  Hybridization of K-Means and Firefly Algorithm for intrusion detection system , 2018, Int. J. Syst. Assur. Eng. Manag..

[28]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[29]  Mohamed Rida,et al.  Intelligent approach to build a Deep Neural Network based IDS for cloud environment using combination of machine learning algorithms , 2019, Comput. Secur..

[30]  R. Vijayanand,et al.  A novel intrusion detection system for wireless mesh network with hybrid feature selection technique based on GA and MI , 2018, J. Intell. Fuzzy Syst..

[31]  Qi Li,et al.  DL-IDS: Extracting Features Using CNN-LSTM Hybrid Network for Intrusion Detection System , 2020, Secur. Commun. Networks.

[32]  Akhan Akbulut,et al.  Empirical study on multiclass classification‐based network intrusion detection , 2019, Comput. Intell..

[33]  Avinash C. Kak,et al.  PCA versus LDA , 2001, IEEE Trans. Pattern Anal. Mach. Intell..

[34]  Mostafa Mehdipour-Ghazi,et al.  Plant identification using deep neural networks via optimization of transfer learning parameters , 2017, Neurocomputing.

[35]  Jiankun Hu,et al.  A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns , 2014, IEEE Transactions on Computers.

[36]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[37]  Xu Chen,et al.  Network Intrusion Detection: Based on Deep Hierarchical Network and Original Flow Data , 2019, IEEE Access.

[38]  Lu Lv,et al.  A novel intrusion detection system based on an optimal hybrid kernel extreme learning machine , 2020, Knowl. Based Syst..

[39]  Yalei Ding,et al.  Intrusion Detection System for NSL-KDD Dataset Using Convolutional Neural Networks , 2018, CSAI '18.

[40]  Kangseok Kim,et al.  Comparison of Anomaly Detection Accuracy of Host-based Intrusion Detection Systems based on Different Machine Learning Algorithms , 2020 .

[41]  R. Tibshirani Regression Shrinkage and Selection via the Lasso , 1996 .

[42]  Jinoh Kim,et al.  An Encoding Technique for CNN-based Network Anomaly Detection , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[43]  Sujatha Krishnamoorthy,et al.  Soft-computing-based false alarm reduction for hierarchical data of intrusion detection system , 2019, Int. J. Distributed Sens. Networks.

[44]  J. Anitha,et al.  Analyzing the Effect of Optimization Strategies in Deep Convolutional Neural Network , 2018, Intelligent Systems Reference Library.

[45]  Ahmet Rizaner,et al.  Trust aware support vector machine intrusion detection and prevention system in vehicular ad hoc networks , 2018, Comput. Secur..

[46]  Mohamed Amine Ferrag,et al.  DeepCoin: A Novel Deep Learning and Blockchain-Based Energy Exchange Framework for Smart Grids , 2020, IEEE Transactions on Engineering Management.