A bidirectional LSTM deep learning approach for intrusion detection

Abstract The rise in computer networks and internet attacks has become alarming for most service providers. It has triggered the need for the development and implementation of intrusion detection systems (IDSs) to help prevent and or mitigate the challenges posed by network intruders. Over the years, intrusion detection systems have played and continue to play a very significant role in spotting network attacks and anomalies. Numerous researchers around the globe have proposed many IDSs to combat the threat of network invaders. However, most of the previously proposed IDSs have high rates of raising false alarms. Additionally, most existing models suffer the difficulty of detecting the different attack types, especially User-to-Root (U2R) and Remote-to-Local (R2L) attacks. These two types of attacks often appear to have lower detection accuracy for the existing models. Hence, in this paper, we propose a bidirectional Long-Short-Term-Memory (BiDLSTM) based intrusion detection system to handle the challenges mentioned above. To train and measure our model’s performance, we use the NSL-KDD dataset, a benchmark dataset for most IDSs. Experimental results show and validate the effectiveness of the BiDLSTM approach. It outperforms conventional LSTM and other state-of-the-art models in terms of accuracy, precision, recall, and F-score values. It also has a much more reduced false alarm rate than the existing models. Furthermore, the BiDLSTM model achieves a higher detection accuracy for U2R and R2L attacks than the conventional LSTM.

[1]  Neeraj Kumar,et al.  A feature reduced intrusion detection system using ANN classifier , 2017, Expert Syst. Appl..

[2]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[3]  Ahmad Sharieh,et al.  A feature selection algorithm for intrusion detection system based on Pigeon Inspired Optimizer , 2020 .

[4]  Ralf C. Staudemeyer,et al.  Applying long short-term memory recurrent neural networks to intrusion detection , 2015 .

[5]  Elidon Beqiri,et al.  Neural Networks for Intrusion Detection Systems , 2009 .

[6]  Yuefei Zhu,et al.  A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks , 2017, IEEE Access.

[7]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[8]  Sanyam Shukla,et al.  An analysis of "A feature reduced intrusion detection system using ANN classifier" by Akashdeep et al. expert systems with applications (2017) , 2019, Expert Syst. Appl..

[9]  Yang Yu,et al.  A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks , 2016, Sensors.

[10]  Julian Jang,et al.  A survey of emerging threats in cybersecurity , 2014, J. Comput. Syst. Sci..

[11]  Leonard Barolli,et al.  Application of Deep Recurrent Neural Networks for Prediction of User Behavior in Tor Networks , 2017, 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA).

[12]  Ce Zhu,et al.  Early diagnosis of Parkinson's disease from multiple voice recordings by simultaneous sample and feature selection , 2019, Expert Syst. Appl..

[13]  Mounir Ghogho,et al.  Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks , 2018, 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft).

[14]  Björn W. Schuller,et al.  Contextual Bidirectional Long Short-Term Memory Recurrent Neural Network Language Models: A Generative Approach to Sentiment Analysis , 2017, EACL.

[15]  Yixian Yang,et al.  Building an Effective Intrusion Detection System Using the Modified Density Peak Clustering Algorithm and Deep Belief Networks , 2019, Applied Sciences.

[16]  Cherukuri Aswani Kumar,et al.  Improving Accuracy of Intrusion Detection Model Using PCA and optimized SVM , 2016, J. Comput. Inf. Technol..

[17]  Shahram Sarkani,et al.  A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier , 2012, Expert Syst. Appl..

[18]  Mounir Ghogho,et al.  Deep learning approach for Network Intrusion Detection in Software Defined Networking , 2016, 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[19]  Feng Jiang,et al.  An Intelligent Network Attack Detection Method Based on RNN , 2018, 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC).

[20]  Yanxia Sun,et al.  A Deep Learning Method With Filter Based Feature Engineering for Wireless Intrusion Detection System , 2019, IEEE Access.

[21]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[22]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[23]  Howon Kim,et al.  An Effective Intrusion Detection Classifier Using Long Short-Term Memory with Gradient Descent Optimization , 2017, 2017 International Conference on Platform Technology and Service (PlatCon).

[24]  Pascal Vincent,et al.  Representation Learning: A Review and New Perspectives , 2012, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[25]  Anamika Yadav,et al.  Performance analysis of NSL-KDD dataset using ANN , 2015, 2015 International Conference on Signal Processing and Communication Engineering Systems.

[26]  Howon Kim,et al.  Applying Recurrent Neural Network to Intrusion Detection with Hessian Free Optimization , 2015, WISA.

[27]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[28]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[29]  Yoshua Bengio,et al.  Learning long-term dependencies with gradient descent is difficult , 1994, IEEE Trans. Neural Networks.

[30]  Barak A. Pearlmutter Gradient calculations for dynamic recurrent neural networks: a survey , 1995, IEEE Trans. Neural Networks.

[31]  Adeeb Noor,et al.  A Feature-Driven Decision Support System for Heart Failure Prediction Based on χ2 Statistical Model and Gaussian Naive Bayes , 2019, Comput. Math. Methods Medicine.

[32]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[33]  Mohammad Zulkernine,et al.  A hybrid network intrusion detection technique using random forests , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[34]  K. V. N. Sunitha,et al.  Effective discriminant function for intrusion detection using SVM , 2016, 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[35]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[36]  Ralf C. Staudemeyer,et al.  Evaluating performance of long short-term memory recurrent neural networks on intrusion detection data , 2013, SAICSIT '13.

[37]  Daniel S. Berman,et al.  A Survey of Deep Learning Methods for Cyber Security , 2019, Inf..

[38]  Moses Garuba,et al.  Big Data Analytics for User-Activity Analysis and User-Anomaly Detection in Mobile Wireless Network , 2017, IEEE Transactions on Industrial Informatics.

[39]  Geoffrey E. Hinton,et al.  Speech recognition with deep recurrent neural networks , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.

[40]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[41]  Fernando J. Pineda,et al.  Generalization of Back propagation to Recurrent and Higher Order Neural Networks , 1987, NIPS.

[42]  Howon Kim,et al.  Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection , 2016, 2016 International Conference on Platform Technology and Service (PlatCon).

[43]  Zhihan Lv,et al.  Modeling network traffic for traffic matrix estimation and anomaly detection based on Bayesian network in cloud computing networks , 2017, Ann. des Télécommunications.

[44]  Jürgen Schmidhuber,et al.  LSTM can Solve Hard Long Time Lag Problems , 1996, NIPS.