Network Intrusion Detection Methods Based on Deep Learning

2020 ◽  
Vol 14 ◽  
Author(s):  
Xiangwen Li ◽  
Shuang Zhang
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
False Positive Rate ◽  
Detection Algorithm ◽  
Detection Methods ◽  
Network Intrusion Detection ◽  
Test Time ◽  
Data Set ◽  
Network Intrusion ◽  
Kdd Cup 99

: To detect network attacks more effectively, this study uses Honeypot techniques to collect the latest network attack data and proposes network intrusion detection classification models based on deep learning combined with DNN and LSTM models. Experiments showed that the data set training models gave better results than the KDD CUP 99 training model’s detection rate and false positive rate. The DNN-LSTM intrusion detection algorithm proposed in this study gives better results than KDD CUP 99 training model. Compared to other algorithms such as LeNet, DNN-LSTM intrusion detection algorithm exhibits shorter classification test time along with better accuracy and recall rate of intrusion detection.

A Comparative Analysis of Deep Learning Approaches for Network Intrusion Detection Systems (N-IDSs)

2019 ◽  
Vol 11 (3) ◽  
pp. 65-89 ◽  
Author(s):  
Vinayakumar R ◽  
Soman KP ◽  
Prabaharan Poornachandran
Keyword(s):  
Neural Network ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Recurrent Neural Network ◽  
Network Architecture ◽  
Series Data ◽  
Network Intrusion Detection ◽  
Data Set ◽  
Deep Model ◽  
Network Intrusion

Recently, due to the advance and impressive results of deep learning techniques in the fields of image recognition, natural language processing and speech recognition for various long-standing artificial intelligence (AI) tasks, there has been a great interest in applying towards security tasks too. This article focuses on applying these deep taxonomy techniques to network intrusion detection system (N-IDS) with the aim to enhance the performance in classifying the network connections as either good or bad. To substantiate this to NIDS, this article models network traffic as a time series data, specifically transmission control protocol / internet protocol (TCP/IP) packets in a predefined time-window with a supervised deep learning methods such as recurrent neural network (RNN), identity matrix of initialized values typically termed as identity recurrent neural network (IRNN), long short-term memory (LSTM), clock-work RNN (CWRNN) and gated recurrent unit (GRU), utilizing connection records of KDDCup-99 challenge data set. The main interest is given to evaluate the performance of RNN over newly introduced method such as LSTM and IRNN to alleviate the vanishing and exploding gradient problem in memorizing the long-term dependencies. The efficient network architecture for all deep models is chosen based on comparing the performance of various network topologies and network parameters. The experiments of such chosen efficient configurations of deep models were run up to 1,000 epochs by varying learning-rates between 0.01-05. The observed results of IRNN are relatively close to the performance of LSTM on KDDCup-99 NIDS data set. In addition to KDDCup-99, the effectiveness of deep model architectures are evaluated on refined version of KDDCup-99: NSL-KDD and most recent one, UNSW-NB15 NIDS datasets.

scholarly journals Network intrusion detection method based on deep learning

2021 ◽  
Vol 1966 (1) ◽  
pp. 012051
Author(s):  
Shuai Zou ◽  
Fangwei Zhong ◽  
Bing Han ◽  
Hao Sun ◽  
Tao Qian ◽  
...  
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Detection Method ◽  
Network Intrusion Detection ◽  
Network Intrusion

Power information network intrusion detection based on deep learning and cloud computing

2021 ◽  
pp. 1-9
Author(s):  
Xiangbing Zhao ◽  
Jianhui Zhou
Keyword(s):  
Cloud Computing ◽  
Deep Learning ◽  
Intrusion Detection ◽  
High Speed ◽  
Information Networks ◽  
Network Intrusion Detection ◽  
Information Network ◽  
Advantages And Disadvantages ◽  
Network Intrusion ◽  
Capture Mechanism

With the advent of the computer network era, people like to think in deeper ways and methods. In addition, the power information network is facing the problem of information leakage. The research of power information network intrusion detection is helpful to prevent the intrusion and attack of bad factors, ensure the safety of information, and protect state secrets and personal privacy. In this paper, through the NRIDS model and network data analysis method, based on deep learning and cloud computing, the demand analysis of the real-time intrusion detection system for the power information network is carried out. The advantages and disadvantages of this kind of message capture mechanism are compared, and then a high-speed article capture mechanism is designed based on the DPDK research. Since cloud computing and power information networks are the most commonly used tools and ways for us to obtain information in our daily lives, our lives will be difficult to carry out without cloud computing and power information networks, so we must do a good job to ensure the security of network information network intrusion detection and defense measures.

scholarly journals CBAM: A Contextual Model for Network Anomaly Detection

Computers ◽  
2021 ◽  
Vol 10 (6) ◽  
pp. 79
Author(s):  
Henry Clausen ◽  
Gudmund Grov ◽  
David Aspinall
Keyword(s):  
Intrusion Detection ◽  
Network Flows ◽  
Concept Drift ◽  
False Positive Rate ◽  
Real Life ◽  
Remote Access ◽  
Detection Methods ◽  
Short Term ◽  
Deep Model ◽  
Network Intrusion

Anomaly-based intrusion detection methods aim to combat the increasing rate of zero-day attacks, however, their success is currently restricted to the detection of high-volume attacks using aggregated traffic features. Recent evaluations show that the current anomaly-based network intrusion detection methods fail to reliably detect remote access attacks. These are smaller in volume and often only stand out when compared to their surroundings. Currently, anomaly methods try to detect access attack events mainly as point anomalies and neglect the context they appear in. We present and examine a contextual bidirectional anomaly model (CBAM) based on deep LSTM-networks that is specifically designed to detect such attacks as contextual network anomalies. The model efficiently learns short-term sequential patterns in network flows as conditional event probabilities. Access attacks frequently break these patterns when exploiting vulnerabilities, and can thus be detected as contextual anomalies. We evaluated CBAM on an assembly of three datasets that provide both representative network access attacks, real-life traffic over a long timespan, and traffic from a real-world red-team attack. We contend that this assembly is closer to a potential deployment environment than current NIDS benchmark datasets. We show that, by building a deep model, we are able to reduce the false positive rate to 0.16% while effectively detecting six out of seven access attacks, which is significantly lower than the operational range of other methods. We further demonstrate that short-term flow structures remain stable over long periods of time, making the CBAM robust against concept drift.

Sign in / Sign up

Export Citation Format

Share Document