Lightweight Convolutional Neural Network Based Intrusion Detection System

Identifying threats contained within encrypted network traffic poses a great challenge to Intrusion Detection Systems (IDS). Because traditional approaches like deep packet inspection could not operate on encrypted network traffic, machine learning-based IDS is a promising solution. However, machine learning-based IDS requires enormous amounts of statistical data based on network traffic flow as input data and also demands high computing power for processing, but is slow in detecting intrusions. We propose a lightweight IDS that transforms raw network traffic into representation images. We begin by inspecting the characteristics of malicious network traffic of the CSE-CIC-IDS2018 dataset. We then adapt methods for effectively representing those characteristics into image data. A Convolutional Neural Network (CNN) based detection model is used to identify malicious traffic underlying within image data. To demonstrate the feasibility of the proposed lightweight IDS, we conduct three simulations on two datasets that contain encrypted traffic with current network attack scenarios. The experiment results show that our proposed IDS is capable of achieving 95% accuracy with a reasonable detection time while requiring relatively small size training data.

Download Full-text

CNID: Research of Network Intrusion Detection Based on Convolutional Neural Network

Discrete Dynamics in Nature and Society ◽

10.1155/2020/4705982 ◽

2020 ◽

Vol 2020 ◽

pp. 1-11

Author(s):

Guojie Liu ◽

Jianbiao Zhang

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Convolutional Neural Network ◽

Detection System ◽

False Positive Rate ◽

Network Intrusion Detection ◽

Test Results ◽

Softmax Classifier ◽

Detection Model ◽

Network Intrusion

Network intrusion detection system can effectively detect network attack behaviour, which is very important to network security. In this paper, a multiclassification network intrusion detection model based on convolutional neural network is proposed, and the algorithm is optimized. First, the data is preprocessed, the original one-dimensional network intrusion data is converted into two-dimensional data, and then the effective features are learned using optimized convolutional neural networks, and, finally, the final test results are produced in conjunction with the Softmax classifier. In this paper, KDD-CUP 99 and NSL-KDD standard network intrusion detection dataset were used to carry out the multiclassification network intrusion detection experiment; the experimental results show that the multiclassification network intrusion detection model proposed in this paper improves the accuracy and check rate, reduces the false positive rate, and also obtains better test results for the detection of unknown attacks.

Download Full-text

An Intrusion Detection System Based on Convolutional Neural Network for Imbalanced Network Traffic

2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT) ◽

10.1109/iccsnt47585.2019.8962490 ◽

2019 ◽

Cited By ~ 1

Author(s):

Xiaoxuan Zhang ◽

Jing Ran ◽

Jize Mi

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Convolutional Neural Network ◽

Network Traffic ◽

Intrusion Detection System ◽

Detection System

Download Full-text

Study on Intrusion detection model based on improved convolutional neural network

Journal of Physics Conference Series ◽

10.1088/1742-6596/1865/4/042097 ◽

2021 ◽

Vol 1865 (4) ◽

pp. 042097

Author(s):

Kaiyan He

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Convolutional Neural Network ◽

Detection Model ◽

Model Based

Download Full-text

DCNN-IDS : Deep Convolutional Neural Network based Intrusion Detection System

10.36227/techrxiv.12151734.v1 ◽

2020 ◽

Author(s):

Sriram Srinivasan ◽

Shashank A ◽

vinayakumar R ◽

Soman KP

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Convolutional Neural Network ◽

Intrusion Detection System ◽

Input Data ◽

Detection System ◽

Deep Convolutional Neural Network ◽

Traffic Data ◽

Data Set ◽

Research Problems

In the present era, cyberspace is growing tremendously and the intrusion detection system (IDS) plays a key role in it to ensure information security. The IDS, which works in network and host level, should be capable of identifying various malicious attacks. The job of network-based IDS is to differentiate between normal and malicious traffic data and raise an alert in case of an attack. Apart from the traditional signature and anomaly-based approaches, many researchers have employed various deep learning (DL) techniques for detecting intrusion as DL models are capable of extracting salient features automatically from the input data. The application of deep convolutional neural network (DCNN), which is utilized quite often for solving research problems in image processing and vision fields, is not explored much for IDS. In this paper, a DCNN architecture for IDS which is trained on KDDCUP 99 data set is proposed. This work also shows that the DCNN-IDS model performs superior when compared with other existing works.

Download Full-text

IntruDTree: A Machine Learning-Based Cyber Security Intrusion Detection Model

10.20944/preprints202004.0481.v1 ◽

2020 ◽

Author(s):

Iqbal H. Sarker ◽

Yoosef B. Abushark ◽

Fawaz Alsolami ◽

Asif Irshad Khan

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Cyber Security ◽

Intrusion Detection System ◽

Detection System ◽

Machine Learning Techniques ◽

Support Vector ◽

Security Model ◽

K Nearest Neighbor ◽

Detection Model

Cyber security has recently received enormous attention in today’s security concerns, due to the popularity of the Internet-of-Things (IoT), the tremendous growth of computer networks, and the huge number of relevant applications. Thus, detecting various cyber-attacks or anomalies in a network and building an effective intrusion detection system that performs an essential role in today’s security is becoming more important. Artificial intelligence, particularly machine learning techniques, can be used for building such a data-driven intelligent intrusion detection system. In order to achieve this goal, in this paper, we present an Intrusion Detection Tree (“IntruDTree”) machine-learning-based security model that first takes into account the ranking of security features according to their importance and then build a tree-based generalized intrusion detection model based on the selected important features. This model is not only effective in terms of prediction accuracy for unseen test cases but also minimizes the computational complexity of the model by reducing the feature dimensions. Finally, the effectiveness of our IntruDTree model was examined by conducting experiments on cybersecurity datasets and computing the precision, recall, fscore, accuracy, and ROC values to evaluate. We also compare the outcome results of IntruDTree model with several traditional popular machine learning methods such as the naive Bayes classifier, logistic regression, support vector machines, and k-nearest neighbor, to analyze the effectiveness of the resulting security model.

Download Full-text

Adaptive Ensemble Multi-Agent Based Intrusion Detection Model

Developing Advanced Web Services through P2P Computing and Autonomous Agents - Advances in Web Technologies and Engineering ◽

10.4018/978-1-61520-973-6.ch003 ◽

2010 ◽

pp. 36-48 ◽

Cited By ~ 1

Author(s):

Tarek Helmy

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Machine Learning Algorithms ◽

Agent Based ◽

Detection Model ◽

Detection Analysis ◽

Proposed Model ◽

Multi Agent

The system that monitors the events occurring in a computer system or a network and analyzes the events for sign of intrusions is known as intrusion detection system. The performance of the intrusion detection system can be improved by combing anomaly and misuse analysis. This chapter proposes an ensemble multi-agent-based intrusion detection model. The proposed model combines anomaly, misuse, and host-based detection analysis. The agents in the proposed model use rules to check for intrusions, and adopt machine learning algorithms to recognize unknown actions, to update or create new rules automatically. Each agent in the proposed model encapsulates a specific classification technique, and gives its belief about any packet event in the network. These agents collaborate to determine the decision about any event, have the ability to generalize, and to detect novel attacks. Empirical results indicate that the proposed model is efficient, and outperforms other intrusion detection models.

Download Full-text

Convolutional Neural Network

10.4018/978-1-6684-2408-7.ch077 ◽

2022 ◽

pp. 1559-1575

Author(s):

Mário Pereira Véstias

Keyword(s):

Neural Network ◽

Machine Learning ◽

Neural Networks ◽

Artificial Neural Networks ◽

Deep Learning ◽

Convolutional Neural Network ◽

Machine Learning Algorithms ◽

Training Data ◽

Machine Learning Model ◽

Artificial Neural

Machine learning is the study of algorithms and models for computing systems to do tasks based on pattern identification and inference. When it is difficult or infeasible to develop an algorithm to do a particular task, machine learning algorithms can provide an output based on previous training data. A well-known machine learning model is deep learning. The most recent deep learning models are based on artificial neural networks (ANN). There exist several types of artificial neural networks including the feedforward neural network, the Kohonen self-organizing neural network, the recurrent neural network, the convolutional neural network, the modular neural network, among others. This article focuses on convolutional neural networks with a description of the model, the training and inference processes and its applicability. It will also give an overview of the most used CNN models and what to expect from the next generation of CNN models.

Download Full-text

Building-damage detection method based on machine learning utilizing aerial photographs of the Kumamoto earthquake

Earthquake Spectra ◽

10.1177/8755293019901309 ◽

2020 ◽

Vol 36 (3) ◽

pp. 1166-1187 ◽

Cited By ~ 4

Author(s):

Shohei Naito ◽

Hiromitsu Tomozawa ◽

Yuji Mori ◽

Takeshi Nagata ◽

Naokazu Monma ◽

...

Keyword(s):

Neural Network ◽

Machine Learning ◽

Convolutional Neural Network ◽

Training Data ◽

Aerial Photographs ◽

Learning Models ◽

Visual Interpretation ◽

Damage Classification ◽

Kumamoto Earthquake ◽

Machine Learning Models

This article presents a method for detecting damaged buildings in the event of an earthquake using machine learning models and aerial photographs. We initially created training data for machine learning models using aerial photographs captured around the town of Mashiki immediately after the main shock of the 2016 Kumamoto earthquake. All buildings are classified into one of the four damage levels by visual interpretation. Subsequently, two damage discrimination models are developed: a bag-of-visual-words model and a model based on a convolutional neural network. Results are compared and validated in terms of accuracy, revealing that the latter model is preferable. Moreover, for the convolutional neural network model, the target areas are expanded and the recalls of damage classification at the four levels range approximately from 66% to 81%.

Download Full-text

Chained Anomaly Detection Models for Federated Learning: An Intrusion Detection Case Study

Applied Sciences ◽

10.3390/app8122663 ◽

2018 ◽

Vol 8 (12) ◽

pp. 2663 ◽

Cited By ~ 11

Author(s):

Davy Preuveneers ◽

Vera Rimmer ◽

Ilias Tsingenopoulos ◽

Jan Spooren ◽

Wouter Joosen ◽

...

Keyword(s):

Neural Network ◽

Machine Learning ◽

Intrusion Detection ◽

Anomaly Detection ◽

Training Data ◽

Learning Models ◽

Traditional System ◽

Blockchain Technology ◽

Malicious Behavior ◽

Machine Learning Models

The adoption of machine learning and deep learning is on the rise in the cybersecurity domain where these AI methods help strengthen traditional system monitoring and threat detection solutions. However, adversaries too are becoming more effective in concealing malicious behavior amongst large amounts of benign behavior data. To address the increasing time-to-detection of these stealthy attacks, interconnected and federated learning systems can improve the detection of malicious behavior by joining forces and pooling together monitoring data. The major challenge that we address in this work is that in a federated learning setup, an adversary has many more opportunities to poison one of the local machine learning models with malicious training samples, thereby influencing the outcome of the federated learning and evading detection. We present a solution where contributing parties in federated learning can be held accountable and have their model updates audited. We describe a permissioned blockchain-based federated learning method where incremental updates to an anomaly detection machine learning model are chained together on the distributed ledger. By integrating federated learning with blockchain technology, our solution supports the auditing of machine learning models without the necessity to centralize the training data. Experiments with a realistic intrusion detection use case and an autoencoder for anomaly detection illustrate that the increased complexity caused by blockchain technology has a limited performance impact on the federated learning, varying between 5 and 15%, while providing full transparency over the distributed training process of the neural network. Furthermore, our blockchain-based federated learning solution can be generalized and applied to more sophisticated neural network architectures and other use cases.

Download Full-text