A Multiple-Layer Representation Learning Model for Network-Based Attack Detection

Accurate detection of network-based attacks is crucial to prevent security breaches of information systems. The recent application of deep learning approaches for network intrusion detection has shown promising. However, the challenges remain on how to deal with imbalance data and small samples as well as reducing false alarm rate (FAR). To address these issues, this work has proposed a multiple-layer representation learning model for accurate end-to-end network intrusion detection by combining deep convolutional neural networks (CNN) with gcForest. The contributions of this work lie in 1) a new data encoding scheme based on P-Zigzag to encode network traffic data into two-dimensional gray-scale images for representation learning without loss of original information; 2) The combination of gcForest and CNN allows accurate detection on imbalanced data and small scale data with fewer hyperparamters comparing to most existing deep learning models, which increase computational efficiency. The proposed approach is based on a multiple-layer approach consisting of a coarse layer and a fine layer, in which the coarse layer with the improved CNN model (GoogLeNetNP) focuses on identification of N abnormal classes and a normal class. While in the fine layer, an improved model based on gcForest (caXGBoost) further classifies the abnormal classes into N-1 subclasses. This ensures fine-grained detection of various attacks. The proposed framework has been compared with the existing deep learning models using three real datasets (a new dataset NBC, a combination of UNSW-NB15 and CICIDS2017 consisting of 101 classes). The experimental results show that our proposed method outperforms other single deep learning methods (i.e., AlexNet, VGG19, GoogleNet, InceptionV3, ResNet18) in terms of accuracy, detection rate, and FAR, which demonstrates its effectiveness in detecting fine-grained attacks and handling imbalanced datasets with high-precision and low FAR

A Spectrogram Image-Based Network Anomaly Detection System Using Deep Convolutional Neural Network

The dynamics of computer networks have changed rapidly over the past few years due to a tremendous increase in the volume of the connected devices and the corresponding applications. This growth in the network’s size and our dependence on it for all aspects of our life have therefore resulted in the generation of many attacks on the network by malicious parties that are either novel or the mutations of the older attacks. These attacks pose many challenges for network security personnel to protect the computer and network nodes and corresponding data from possible intrusions. A network intrusion detection system (NIDS) can act as one of the efficient security solutions by constantly monitoring the network traffic to secure the entry points of a network. Despite enormous efforts by researchers, NIDS still suffers from a high false alarm rate (FAR) in detecting novel attacks. In this paper, we propose a novel NIDS framework based on a deep convolution neural network that utilizes network spectrogram images generated using the short-time Fourier transform. To test the efficiency of our proposed solution, we evaluated it using the CIC-IDS2017 dataset. The experimental results have shown about 2.5% - 4% improvement in accurately detecting intrusions compared to other deep learning (DL) algorithms while at the same time reducing the FAR by 4.3%-6.7% considering binary classification scenario. We also observed its efficiency for a 7-class classification scenario by achieving almost 98.75% accuracy with 0.56% - 3.72% improvement compared to other DL methodologies

Network Intrusion Detection System:A systematic study of Machine Learning and Deep Learning approaches

The rapid advances in the internet and communication fields have resulted in ahuge increase in the network size and the corresponding data. As a result, manynovel attacks are being generated and have posed challenges for network secu-rity to accurately detect intrusions. Furthermore, the presence of the intruderswiththeaimtolaunchvariousattackswithinthenetworkcannotbeignored.Anintrusion detection system (IDS) is one such tool that prevents the network frompossible intrusions by inspecting the network traffic, to ensure its confidential-ity, integrity, and availability. Despite enormous efforts by the researchers, IDSstillfaceschallengesinimprovingdetectionaccuracywhilereducingfalsealarmrates and in detecting novel intrusions. Recently, machine learning (ML) anddeep learning (DL)-based IDS systems are being deployed as potential solutionsto detect intrusions across the network in an efficient manner. This article firstclarifiestheconceptofIDSandthenprovidesthetaxonomybasedonthenotableML and DL techniques adopted in designing network-based IDS (NIDS) sys-tems. A comprehensive review of the recent NIDS-based articles is provided bydiscussing the strengths and limitations of the proposed solutions. Then, recenttrends and advancements of ML and DL-based NIDS are provided in terms ofthe proposed methodology, evaluation metrics, and dataset selection. Using theshortcomings of the proposed methods, we highlighted various research chal-lenges and provided the future scope for the research in improving ML andDL-based NIDS