A Comparative Analysis of Deep Learning Approaches for Network Intrusion Detection Systems (N-IDSs): Deep Learning for N-IDSs

Recently,due to theadvanceand impressive resultsofdeep learning techniques in the fieldsof imagerecognition,natural languageprocessingandspeechrecognitionforvarious long-standing artificialintelligence(AI)tasks,therehasbeenagreatinterestinapplyingtowardssecuritytasks too.Thisarticlefocusesonapplyingthesedeeptaxonomytechniquestonetworkintrusiondetection system(N-IDS)withtheaimtoenhancetheperformanceinclassifyingthenetworkconnectionsas eithergoodorbad.TosubstantiatethistoNIDS,thisarticlemodelsnetworktrafficasatimeseries data,specificallytransmissioncontrolprotocol/internetprotocol(TCP/IP)packetsinapredefined time-windowwithasuperviseddeep learningmethodssuchasrecurrentneuralnetwork(RNN), identitymatrixofinitializedvaluestypicallytermedasidentityrecurrentneuralnetwork(IRNN), longshort-termmemory (LSTM),clock-workRNN(CWRNN)andgated recurrentunit (GRU), utilizingconnectionrecordsofKDDCup-99challengedataset.Themaininterestisgiventoevaluate theperformanceofRNNovernewlyintroducedmethodsuchasLSTMandIRNNtoalleviatethe vanishingandexplodinggradientprobleminmemorizingthelong-termdependencies.Theefficient networkarchitectureforalldeepmodelsischosenbasedoncomparingtheperformanceofvarious networktopologiesandnetworkparameters.Theexperimentsofsuchchosenefficientconfigurations ofdeepmodelswererunupto1,000epochsbyvaryinglearning-ratesbetween0.01-05.Theobserved resultsofIRNNarerelativelyclosetotheperformanceofLSTMonKDDCup-99NIDSdataset. InadditiontoKDDCup-99,theeffectivenessofdeepmodelarchitecturesareevaluatedonrefined versionofKDDCup-99:NSL-KDDandmostrecentone,UNSW-NB15NIDSdatasets. KeywoRDS Clock-Work Recurrent Neural Network, Deep Learning, Gated Recurrent Unit, Identity-Recurrent Neural Network, KDDCup-99, Long Short-Term Memory, NSL-KDD and UNSW-NB15, Recurrent Neural Network International Journal of Digital Crime and Forensics Volume 11 • Issue 3 • July-September 2019

[1]  Hervé Debar,et al.  An application of a recurrent network to an intrusion detection system , 1992, [Proceedings 1992] IJCNN International Joint Conference on Neural Networks.

[2]  Ajith Abraham,et al.  Intrusion Detection Using Ensemble of Soft Computing Paradigms , 2003 .

[3]  N. Chowdhury,et al.  A comparative analysis of Feed-forward neural network & Recurrent Neural network to detect intrusion , 2008, 2008 International Conference on Electrical and Computer Engineering.

[4]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[5]  Ralf C. Staudemeyer,et al.  Extracting salient features for network intrusion detection using machine learning methods , 2014, South Afr. Comput. J..

[6]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[7]  Andrew Zisserman,et al.  Deep Inside Convolutional Networks: Visualising Image Classification Models and Saliency Maps , 2013, ICLR.

[8]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[9]  Dirk Ourston,et al.  Applications of hidden Markov models to detecting multi-stage network attacks , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[10]  Jeffrey L. Elman,et al.  Finding Structure in Time , 1990, Cogn. Sci..

[11]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[12]  Sara Matzner,et al.  An application of machine learning to network intrusion detection , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[13]  V. Golovko,et al.  Neural Network Ensembles for Intrusion Detection , 2007, 2007 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications.

[14]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[15]  Yoshua Bengio,et al.  Learning Phrase Representations using RNN Encoder–Decoder for Statistical Machine Translation , 2014, EMNLP.

[16]  Ronald J. Williams,et al.  A Learning Algorithm for Continually Running Fully Recurrent Neural Networks , 1989, Neural Computation.

[17]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[18]  Geoffrey E. Hinton,et al.  A Simple Way to Initialize Recurrent Networks of Rectified Linear Units , 2015, ArXiv.

[19]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[20]  Richard Lippmann,et al.  Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation , 2000, Recent Advances in Intrusion Detection.

[21]  Geoffrey E. Hinton,et al.  Visualizing Data using t-SNE , 2008 .

[22]  Robert C. Atkinson,et al.  Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey , 2017, ArXiv.

[23]  Dit-Yan Yeung,et al.  Parzen-window network intrusion detectors , 2002, Object recognition supported by user interaction for service robots.

[24]  Mohammad Zulkernine,et al.  The Power of Temporal Pattern Processing in Anomaly Intrusion Detection , 2007, 2007 IEEE International Conference on Communications.

[25]  Patrick Lallement,et al.  The cybercrime process : an overview of scientific challenges and methods , 2013 .

[26]  Jing Peng,et al.  An Efficient Gradient-Based Algorithm for On-Line Training of Recurrent Network Trajectories , 1990, Neural Computation.

[27]  Howon Kim,et al.  An Effective Intrusion Detection Classifier Using Long Short-Term Memory with Gradient Descent Optimization , 2017, 2017 International Conference on Platform Technology and Service (PlatCon).

[28]  Tavish Vaidya 2001-2013: Survey and Analysis of Major Cyberattacks , 2015, ArXiv.

[29]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[30]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[31]  Jürgen Schmidhuber,et al.  Learning Precise Timing with LSTM Recurrent Networks , 2003, J. Mach. Learn. Res..

[32]  James Martens,et al.  Deep learning via Hessian-free optimization , 2010, ICML.

[33]  Sugata Sanyal,et al.  Adaptive neuro-fuzzy intrusion detection systems , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..