Benchmarking Deep Learning Methods for Behaviour-Based Network Intrusion Detection-Reference-Cited by-同舟云学术

Benchmarking Deep Learning Methods for Behaviour-Based Network Intrusion Detection

Published:2022-03-20 Issue:1 Volume:9 Page:29
ISSN:2227-9709
Container-title:Informatics
language:en
Short-container-title:Informatics

Author:

Antunes Mário^ORCID,Oliveira Luís^ORCID,Seguro Afonso,Veríssimo João,Salgado Ruben,Murteira Tiago

Abstract

Network security encloses a wide set of technologies dealing with intrusions detection. Despite the massive adoption of signature-based network intrusion detection systems (IDSs), they fail in detecting zero-day attacks and previously unseen vulnerabilities exploits. Behaviour-based network IDSs have been seen as a way to overcome signature-based IDS flaws, namely through the implementation of machine-learning-based methods, to tolerate new forms of normal network behaviour, and to identify yet unknown malicious activities. A wide set of machine learning methods has been applied to implement behaviour-based IDSs with promising results on detecting new forms of intrusions and attacks. Innovative machine learning techniques have emerged, namely deep-learning-based techniques, to process unstructured data, speed up the classification process, and improve the overall performance obtained by behaviour-based network intrusion detection systems. The use of realistic datasets of normal and malicious networking activities is crucial to benchmark machine learning models, as they should represent real-world networking scenarios and be based on realistic computers network activity. This paper aims to evaluate CSE-CIC-IDS2018 dataset and benchmark a set of deep-learning-based methods, namely convolutional neural networks (CNN) and long short-term memory (LSTM). Autoencoder and principal component analysis (PCA) methods were also applied to evaluate features reduction in the original dataset and its implications in the overall detection performance. The results revealed the appropriateness of using the CSE-CIC-IDS2018 dataset to benchmark supervised deep learning models. It was also possible to evaluate the robustness of using CNN and LSTM methods to detect unseen normal activity and variations of previously trained attacks. The results reveal that feature reduction methods decreased the processing time without loss of accuracy in the overall detection performance.

Publisher

MDPI AG

Subject

Computer Networks and Communications,Human-Computer Interaction,Communication

Link

https://www.mdpi.com/2227-9709/9/1/29/pdf

Reference45 articles.

1. KDD 1999 generation faults: a review and analysis

2. Testing Intrusion detection systems

3. A Realistic Cyberdefense Dataset (CSE-CIC-IDS2018)https://registry.opendata.aws/cse-cic-ids2018/

Cited by 11 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Cost-sensitive stacked long short-term memory with an evolutionary framework for minority class detection;Applied Soft Computing;2024-11

2. An enhanced strategy for minority class detection using bidirectional GRU employing penalized cross-entropy and self-attention mechanisms for imbalance network traffic;The European Physical Journal Plus;2024-06-17

3. Intelligent monitoring of malicious intrusion behavior for power communication network channel;Fourth International Conference on Mechanical, Electronics, and Electrical and Automation Control (METMS 2024);2024-06-05

4. An effective deep CNN-LSTM based intrusion detection system for network security;2024 International Conference on Control, Automation and Diagnosis (ICCAD);2024-05-15

5. Team Work Optimizer Based Bidirectional LSTM Model for Designing a Secure Cybersecurity Model;2024 International Conference on Distributed Computing and Optimization Techniques (ICDCOT);2024-03-15