Affiliation:
1. Department of Information and Communication Engineering, Yeungnam University, Gyeongsan 38541, Republic of Korea
Abstract
Most existing network intrusion detection systems (NIDSs) perform intrusion detection using only a partial packet data of fixed size, but they suffer to increase the detection rate. In this study, in order to find the cause of a limited detection rate, accurate intrusion detection performance was analyzed by adjusting the amount of information used as features according to the size of the packet and length of the session. The results indicate that the total packet data and all packets in the session should be used for the maximum detection rate. However, existing NIDS cannot be extended to use all packet data of each session because the model could be too large owing to the excessive number of features, hampering realistic training and classification speeds. Therefore, in this paper, we present a novel approach for the classifier of NIDSs. The proposed NIDS can effectively handle the entire packet information using the hierarchical long short-term memory and achieves higher detection accuracy than existing methods. Performance evaluation confirms that detection performance can be greatly improved compared to existing NIDSs that use only partial packet information. The proposed NIDS achieves a detection rate of 95.16% and 99.70% when the existing NIDS show the highest detection rate of 93.49% and 98.31% based on the F1-score using two datasets. The proposed method can improve the limitations of existing NIDS and safeguard the network from malicious users by utilizing information on the entire packet.
Funder
National Research Foundation of Korea
Subject
Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science
Cited by
9 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献