Deep Learning Applications for Intrusion Detection in Network Traffic

The paper discusses the issues of applying deep learning methods for detecting computer attacks in network traffic. The results of the analysis of relevant studies and reviews of deep learning applications for intrusion detection are presented. The most used deep learning methods are discussed and compared. The classification system of deep learning methods for intrusion detection is proposed. Current trends and challenges of applying deep learning methods for detecting computer attacks in network traffic are identified. The CNN-BiLSTM neural network is synthesized to assess the applicability of deep learning methods for intrusion detection. The synthesized neural network is compared to the previously developed model based on the use of the Random Forest classifier. The usage of the deep learning method enabled to simplify the feature engineering stage, and evaluation metrics of Random Forest and CNN-BiLSTM models are close. This confirms the prospects for the application of deep learning methods for intrusion detection.

1. Mohammadi S., Namadchian A. Anomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism. The ISC International Journal of Information Security, vol. 12, issue 1, 2020, pp. 44-54. DOI: 10.22042/isecure.2020.199009.479.

2. Web attack detection using CNN-BiLSTM neural network and CICIDS2017 dataset. Доступно по ссылке: https://github.com/fisher85/ml-cybersecurity/blob/master/python-web-attack-detection/web-attack-detection-using-CNN-BiLSTM.ipynb, 04.10.2023.

3. Горюнов М.Н., Мацкевич А.Г., Рыболовлев Д.А. Синтез модели машинного обучения для обнаружения компьютерных атак на основе набора данных CICIDS2017. Труды ИСП РАН, том 32, вып. 5, 2020 г., стр. 81-94 / Goryunov M.N., Matskevich A.G., Rybolovlev D.A. Synthesis of a machine learning model for detecting computer attacks based on the CICIDS2017 dataset. Trudy ISP RAN/Proc. ISP RAS, vol. 32, issue 5, 2020, pp. 81-94 (in Russian). DOI: 10.15514/ISPRAS–2020–32(5)–6.

4. Intrusion Detection Evaluation Dataset (CICIDS2017). Available at: https://www.unb.ca/cic/datasets/ids-2017.html, accessed 04.10.2023.

5. Гайфулина Д.А., Котенко И.В. Применение методов глубокого обучения в задачах кибербезопасности. Часть 1 // Вопросы кибербезопасности, вып. №3 (37), 2020 г., стр. 76-86. DOI: 10.21681/2311-3456-2020-03-76-86.

6. Rosenblatt F. The perceptron: a probabilistic model for information storage and organization in the brain. Psychological review, vol. 65, issue 6, 1958, pp. 386-408. DOI: 10.1037/H0042519.

7. Rumelhart D.E., Hinton G.E., Williams R.J. Learning Internal Representations by Error Propagation. In: Rumelhart, D.E. and McClelland, J.L., The PDP Group, Eds., Parallel Distributed Processing: Explorations in the Microstructure of Cognition, Volume 1, Foundations, MIT Press, Cambridge, 1985, pp. 318-362.

8. Goodfellow I., Bengio Y., Courville A. Deep Learning. MIT Press, 2016. Available at: http://www.deeplearningbook.org.

9. Culurciello E. The fall of RNN / LSTM (2018). Available at: https://towardsdatascience.com/the-fall-of-rnn-lstm-2d1594c74ce0.

10. Harzing A.W. Publish or Perish (2007). Available at: https://harzing.com/resources/publish-or-perish.

11. Google Scholar. Available at: https://scholar.google.com, accessed 04.10.2023.

12. Jiang K., Wang W., Wang A., Wu H. Network Intrusion Detection Combined Hybrid Sampling With Deep Hierarchical Network. IEEE Access, vol. 8, 2020, pp. 32464-32476. DOI: 10.1109/ACCESS.2020.2973730.

13. Vigneswaran R.K., Vinayakumar R., Soman K.P., Poornachandran P. Evaluating Shallow and Deep Neural Networks for Network Intrusion Detection Systems in Cyber Security. 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), 2018, pp. 1-6. DOI: 10.1109/ICCCNT.2018.8494096.

14. Intrusion-Detection-Systems. Available at: https://github.com/rahulvigneswaran/Intrusion-Detection-Systems, accessed 04.10.2023.

15. Khan M.A. HCRNNIDS: Hybrid Convolutional Recurrent Neural Network-Based Network Intrusion Detection System. Processes, vol. 9, issue 5: 834, 2021, 14 p. DOI: 10.3390/pr9050834.

16. Hybrid-Convolutional-Recurrent-Neural-Network-Based-Network-IDS. Available at: https://github.com/Ashfaqjiskani/Hybrid-Convolutional-Recurrent-Neural-Network-Based-Network-IDS, accessed 04.10.2023.

17. Xiao Y., Xing C., Zhang T., Zhao Z. An Intrusion Detection Model Based on Feature Reduction and Convolutional Neural Networks. IEEE Access, vol. 7, 2019, pp. 42210-42219. DOI: 10.1109/ACCESS.2019.2904620.

18. Wang W., Sheng Y., Wang J., Zeng X., Ye X., Huang Y., Zhu M. HAST-IDS: Learning Hierarchical Spatial-Temporal Features Using Deep Neural Networks to Improve Intrusion Detection. IEEE Access, vol. 6, 2018, pp. 1792-1806. DOI: 10.1109/ACCESS.2017.2780250.

19. Li Z., Qin Z., Huang K., Yang X., Ye S. Intrusion Detection Using Convolutional Neural Networks for Representation Learning. In: Liu D., Xie S., Li Y., Zhao D., El-Alfy ES. (eds) Neural Information Processing. ICONIP 2017. Lecture Notes in Computer Science, vol. 10638. Springer, Cham, 2017, pp. 858-866. DOI: 10.1007/978-3-319-70139-4_87.

20. Vartouni A.M., Teshnehlab M., Kashi S.S. Leveraging Deep Neural Networks for Anomaly-Based Web Application Firewall. IET Information Security, vol. 13, issue 4, 2019, pp. 352-361. DOI: 10.1049/iet-ifs.2018.5404.

21. Yin C., Zhu Y., Fei J., He X. A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks. IEEE Access, vol. 5, 2017, pp. 21954-21961. DOI: 10.1109/ACCESS.2017.2762418.

22. Sheikhan M., Jadidi Z., Farrokhi A. Intrusion detection using reduced-size RNN based on feature grouping. Neural Computing and Applications - NCA, vol. 21, no. 6, 2012, pp. 1185–1190. DOI: 10.1007/s00521-010-0487-0.

23. Vinayakumar R., Soman K.P., Poornachandran P. Evaluation of Recurrent Neural Network and its Variants for Intrusion Detection System (IDS). International Journal of Information System Modeling and Design, vol. 8, no. 3, 2017, pp. 43-63. DOI: 10.4018/IJISMD.2017070103.

24. Sumaiya Thaseen I., Saira Banu J., Lavanya K., Rukunuddin Ghalib M., Abhishek K. An integrated intrusion detection system using correlation-based attribute selection and artificial neural network. Transactions on Emerging Telecommunications Technologies, vol. 32, issue 2: e4014, 2021, 15 p. DOI: 10.1002/ett.4014.

25. Ramaiah M., Chandrasekaran V., Ravi V., Kumar N. An intrusion detection system using optimized deep neural network architecture. Transactions on Emerging Telecommunications Technologies, vol. 32, issue 4: e4221, 2021, 17 p. DOI: 10.1002/ett.4221.

26. Xu C., Shen J., Du X., Zhang F. An Intrusion Detection System Using a Deep Neural Network With Gated Recurrent Units. IEEE Access, vol. 6, 2018, pp. 48697-48707. DOI: 10.1109/ACCESS.2018.2867564.

27. Le T.-T.-H., Kim Y., Kim H. Network Intrusion Detection Based on Novel Feature Selection Model and Various Recurrent Neural Networks. Applied Sciences, vol. 9, no. 7: 1392, 2019, 29 p. DOI: 10.3390/app9071392.

28. Drewek-Ossowicka A., Pietrołaj M., Rumiński J. A survey of neural networks usage for intrusion detection systems. Journal of Ambient Intelligence and Humanized Computing, vol. 12, 2021, pp. 497–514. DOI: 10.1007/s12652-020-02014-x.

29. Liu H., Lang B. Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey. Applied Sciences, vol. 9, no. 20: 4396, 2019, 28 p. DOI: 10.3390/app9204396.

30. Гайфулина Д.А., Котенко И.В. Применение методов глубокого обучения в задачах кибербезопасности. Часть 2 // Вопросы кибербезопасности, вып. №4 (38), 2020 г., стр. 11-21. DOI: 10.21681/2311-3456-2020-04-11-21

31. Sinha J., Manollas M. Efficient Deep CNN-BiLSTM Model for Network Intrusion Detection. Proceedings of the 2020 3rd International Conference on Artificial Intelligence and Pattern Recognition (AIPR 2020), Association for Computing Machinery, New York, NY, USA, 2020, pp. 223–231. DOI: 10.1145/3430199.3430224.

32. Efficient-CNN-BiLSTM-for-Network-IDS. Available at: https://github.com/razor08/Efficient-CNN-BiLSTM-for-Network-IDS/blob/master/NSL_KDD_Final.ipynb, accessed 04.10.2023.

33. Kostas K. Anomaly Detection in Networks Using Machine Learning. Master’s Thesis. University of Essex, 2018, 70 p.

34. Kingma D.P., Ba J. Adam: A Method for Stochastic Optimization. The International Conference on Learning Representations (ICLR), San Diego, 2015, 15 p. DOI: 10.48550/arXiv.1412.6980.

35. Web attack detection using CICIDS2017 dataset. Доступно по ссылке: https://github.com/fisher85/ml-cybersecurity/blob/master/python-web-attack-detection/web-attack-detection.ipynb, 04.10.2023.