High Performance Network Intrusion Detection System Using Two-Stage LSTM and Incremental Created Hybrid Features-Reference-Cited by-同舟云学术

High Performance Network Intrusion Detection System Using Two-Stage LSTM and Incremental Created Hybrid Features

Published:2023-02-15 Issue:4 Volume:12 Page:956
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Han Jonghoo¹,Pak Wooguil¹^ORCID

Affiliation:

1. Department of Information and Communication Engineering, Yeungnam University, Gyeongsan 38541, Republic of Korea

Abstract

Currently, most network intrusion detection systems (NIDSs) use information about an entire session to detect intrusion, which has the fatal disadvantage of delaying detection. To solve this problem, studies have been proposed to detect intrusions using only some packets belonging to the session but have limited effectiveness in increasing the detection performance compared to conventional methods. In addition, space complexity is high because all packets used for classification must be stored. Therefore, we propose a novel NIDS that requires low memory storage space and exhibits high detection performance without detection delay. The proposed method does not need to store packets for the current session and uses only some packets, as in conventional methods, but achieves very high detection performance. Through experiments, it was confirmed that the proposed NIDS uses only a small memory of 25.8% on average compared to existing NIDSs by minimizing memory consumption for feature creation, while its intrusion detection performance is equal to or higher than those of existing ones. As a result, this method is expected to significantly help increase network safety by overcoming the disadvantages of machine-learning-based NIDSs using existing sessions and packets.

Funder

National Research Foundation of Korea

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/4/956/pdf

Reference26 articles.

1. Kruegel, C., and Toth, T. (2003, January 8–10). Using decision trees to improve signature-based intrusion detection. Proceedings of the 2003 International Workshop on Recent Advances in Intrusion Detection, Pittsburgh, PA, USA.

2. The use of computational intelligence in intrusion detection systems: A review;Wu;Appl. Soft Comput.,2010

3. Ektefa, M., Memar, S., Sidi, F., and Affendey, L.S. (2010, January 16–18). Intrusion detection using data mining techniques. Proceedings of the 2010 Information Retrieval & Knowledge Management (CAMP), Selangor, Malaysia.

4. Bilge, L., and Dumitras, T. (2012, January 16–18). Before we knew it: An empirical study of zero-day attacks in the real world. Proceedings of the 2012 ACM Conference on Computer and Communications Security, Raleigh, NC, USA.

5. HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection;Wang;IEEE Access,2017

Cited by 9 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. AI-Driven Network Security and Privacy;Electronics;2024-06-13

2. Research on Simulation of Camouflage Intrusion Detection Model Based on Improved RF Algorithm;2024 International Conference on Optimization Computing and Wireless Communication (ICOCWC);2024-01-29

3. Research on Intrusion Detection Method Based on Machine Learning Algorithm and Big Data Technology;2023 3rd International Conference on Smart Generation Computing, Communication and Networking (SMART GENCON);2023-12-29

4. Detecting Cyber Threats With a Graph-Based NIDPS;Advances in Logistics, Operations, and Management Science;2023-12-29

5. ELM-KL-LSTM: a robust and general incremental learning method for efficient classification of time series data;PeerJ Computer Science;2023-12-21