Evaluating effectiveness of shallow and deep networks to intrusion detection system

Network intrusion detection system (NIDS) is a tool used to detect and classify the network breaches dynamically in information and communication technologies (ICT) systems in both academia and industries. Adopting a new and existing machine learning classifiers to NIDS has been a significant area in security research due to the fact that the enhancement in detection rate and accuracy is of important in large volume of security audit data including diverse and dynamic characteristics of attacks. This paper evaluates the effectiveness of various shallow and deep networks to NIDS. The shallow and deep networks are trained and evaluated on the KDDCup ‘99’ and NSL-KDD data sets in both binary and multi-class classification settings. The deep networks are performed well in comparison to the shallow networks in most of the experiment configurations. The main reason to this might be a deep network passes information through several layers to learn the underlying hidden patterns of normal and attack network connection records and finally aggregates these learned features of each layer together to effectively distinguish the normal and various attacks of network connection records. Additionally, deep networks have not only performed well in detecting and classifying the known attacks additionally in unknown attacks too. To achieve an acceptable detection rate, we used various configurations of network settings and its parameters in deep networks. All the various configurations of deep network are run up to 1000 epochs in training with a learning rate in the range [0.01-0.5] to effectively capture the time varying patterns of normal and various attacks.

[1]  Byung-Joo Kim,et al.  Kernel based intrusion detection system , 2005, Fourth Annual ACIS International Conference on Computer and Information Science (ICIS'05).

[2]  Md Zahangir Alom,et al.  Intrusion detection using deep belief networks , 2015, 2015 National Aerospace and Electronics Conference (NAECON).

[3]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[4]  Fabio Roli,et al.  Ensemble learning for Intrusion Detection in Computer Networks , 2002 .

[5]  Robert C. Atkinson,et al.  Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey , 2017, ArXiv.

[6]  R. C. Staudemeyer Feature Set Reduction for Automatic Network Intrusion Detection with Machine Learning Algorithms , 2009 .

[7]  A. Anou,et al.  RETRACTED: A Bayesian Networks in Intrusion Detection Systems , 2007 .

[8]  Dit-Yan Yeung,et al.  Parzen-window network intrusion detectors , 2002, Object recognition supported by user interaction for service robots.

[9]  Ramesh C. Agarwal,et al.  PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-Study in Network Intrusion Detection) , 2001, SDM.

[10]  Ralf C. Staudemeyer,et al.  Extracting salient features for network intrusion detection using machine learning methods , 2014, South Afr. Comput. J..

[11]  Zied Elouedi,et al.  Naive Bayesian Networks in Intrusion Detection Systems , 2003 .

[12]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[13]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[14]  Yee Whye Teh,et al.  A Fast Learning Algorithm for Deep Belief Nets , 2006, Neural Computation.

[15]  Wei Li,et al.  Using Genetic Algorithm for Network Intrusion Detection , 2004 .

[16]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[17]  Richard Lippmann,et al.  Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation , 2000, Recent Advances in Intrusion Detection.

[18]  Sugata Sanyal,et al.  Adaptive neuro-fuzzy intrusion detection systems , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[19]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[20]  Alfonso Valdes,et al.  Adaptive, Model-Based Monitoring for Cyber Attack Detection , 2000, Recent Advances in Intrusion Detection.

[21]  Ling Gao,et al.  An Intrusion Detection Model Based on Deep Belief Networks , 2014 .

[22]  Amaury Lendasse,et al.  High-Performance Extreme Learning Machines: A Complete Toolbox for Big Data Applications , 2015, IEEE Access.

[23]  Mehdi MORADI,et al.  A Neural Network Based System for Intrusion Detection and Classification of Attacks , 2004 .

[24]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[25]  Wei Hu,et al.  AdaBoost-Based Algorithm for Network Intrusion Detection , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[26]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[27]  Vipin Kumar,et al.  Finding Clusters of Different Sizes, Shapes, and Densities in Noisy, High Dimensional Data , 2003, SDM.

[28]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).