nach oben

Neural Computing and Applications

Erschienen in:

13.04.2021 | Original Article

A novel context-aware feature extraction method for convolutional neural network-based intrusion detection systems

verfasst von: Erfan A. Shams, Ahmet Rizaner, Ali Hakan Ulusoy

Erschienen in: Neural Computing and Applications | Ausgabe 20/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

To create a safe and secure cyberspace, many researchers have created and proposed Intrusion Detection Systems (IDSs). Different types of IDSs are either designed to address only a single kind of intrusion or multiple variants. In this paper, we proposed a new context-aware feature extraction method as a pre-processing step for Convolutional Neural Network (CNN)-based multiclass intrusion detection. Feature selection is also used to reduce the feature space and classification time. For attack-type classification, we used CNN which is generally well-known for its better classification ability on image recognition tasks. We have exploited this ability to develop an IDS that can identify different types of intrusions ranging from 4 to 12 types. In our study, we evaluated our proposed Context-aware Feature Extraction-based CNN IDS on different datasets with multiple classes where it was able to successfully improve classification accuracy compared to the models with no preprocessing steps and other existing methods. We carried out the performance evaluation and comparison using four different datasets, NSL-KDD, CICIDS2017, ADFA-LD, and ADFA-WD. These datasets have either host-based or network-based features, which is another area that we investigated in this paper.

Vorheriger Artikel DGM: a data generative model to improve minority class presence in anomaly detection domain

Nächster Artikel A hybrid artificial bee colony with whale optimization algorithm for improved breast cancer diagnosis

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

KDD Cup (1999) http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 25 Oct 2019

Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on computational intelligence for security and defense applications, CISDA 2009. IEEE, pp 1–6

NSL-KDD. https://www.unb.ca/cic/datasets/nsl.html. Accessed 25 Oct 2019

Lippmann RP, Fried DJ, Graf I, et al (2000) Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings - DARPA information survivability conference and exposition, DISCEX 2000 2:12–26. https://doi.org/10.1109/DISCEX.2000.821506

Creech G, Hu J (2013) Generation of a new IDS test dataset: time to retire the KDD collection. In: IEEE wireless communications and networking conference, WCNC 4487–4492. https://doi.org/10.1109/WCNC.2013.6555301

Sharafaldin I, Habibi Lashkari A, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th international conference on information systems security and privacy. SCITEPRESS - science and technology publications, pp 108–116

Creech G, Hu J (2014) A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Trans Comput 63:807–819. https://doi.org/10.1109/TC.2013.13MathSciNetCrossRefMATH

Creech G (2014) Developing a high-accuracy cross platform host-based intrusion detection system capable of reliably detecting zero-day attacks. University of New South Wales

Kyoto University (2015) Kyoto 2006+. http://www.takakura.com/Kyoto_data/. Accessed 25 Feb 2020

10.

University of New South Wales (2017) UNSW-NB15. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/. Accessed 25 Feb 2020

11.

University of the Aegean (2018) AWID Dataset. http://icsdweb.aegean.gr/awid/features.html. Accessed 25 Feb 2020

12.

Choi H, Kim M, Lee G, Kim W (2019) Unsupervised learning approach for network intrusion detection system using autoencoders. J Supercomput 75:5597–5621. https://doi.org/10.1007/s11227-019-02805-wCrossRef

13.

Kaur A, Pal SK, Singh AP (2018) Hybridization of K-means and firefly algorithm for intrusion detection system. Int J Syst Assur Eng Manag 9:901–910. https://doi.org/10.1007/s13198-017-0683-8CrossRef

14.

Latah M, Toker L (2018) Towards an efficient anomaly-based intrusion detection for software-defined networks. IET Netw 7:453–459. https://doi.org/10.1049/iet-net.2018.5080CrossRef

15.

Shams EA, Rizaner A, Ulusoy AH (2018) Trust aware support vector machine intrusion detection and prevention system in vehicular ad hoc networks. Comput Secur 78:245–254. https://doi.org/10.1016/j.cose.2018.06.008CrossRef

16.

Alabdallah A, Awad M (2018) Using weighted support vector machine to address the imbalanced classes problem of intrusion detection system. KSII Trans Internet Inf Syst 12:5143–5158. https://doi.org/10.3837/tiis.2018.10.027CrossRef

17.

Ambusaidi MA, He X, Nanda P, Tan Z (2016) Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans Comput 65:2986–2998. https://doi.org/10.1109/TC.2016.2519914MathSciNetCrossRefMATH

18.

Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961. https://doi.org/10.1109/ACCESS.2017.2762418CrossRef

19.

Singh P, Krishnamoorthy S, Nayyar A et al (2019) Soft-computing-based false alarm reduction for hierarchical data of intrusion detection system. Int J Distrib Sens Netw. https://doi.org/10.1177/1550147719883132CrossRef

20.

Blanco R, Malagon P, Cilla JJ, Moya JM (2018) Multiclass network attack classifier using cnn tuned with genetic algorithms. In: 2018 28th international symposium on power and timing modeling, optimization and simulation (PATMOS). IEEE, pp 177–182

21.

Ding Y, Zhai Y (2018) Intrusion detection system for NSL-KDD dataset using convolutional neural networks. In: ACM international conference proceeding series, pp 81–85. https://doi.org/10.1145/3297156.3297230

22.

Li Y, Xu Y, Liu Z et al (2020) Robust detection for network intrusion of industrial IoT based on multi-CNN fusion. Meas J Int Meas Confed 154:107450. https://doi.org/10.1016/j.measurement.2019.107450CrossRef

23.

Kurniabudi K, Stiawan D, Darmawijoyo D et al (2020) CICIDS-2017 dataset feature analysis with information gain for anomaly detection. IEEE Access 8:132911–132921. https://doi.org/10.1109/ACCESS.2020.3009843CrossRef

24.

Chiba Z, Abghour N, Moussaid K et al (2019) Intelligent approach to build a Deep Neural Network based IDS for cloud environment using combination of machine learning algorithms. Comput Secur 86:291–317. https://doi.org/10.1016/j.cose.2019.06.013CrossRef

25.

Malik J, Akhunzada A, Bibi I et al (2020) Hybrid deep learning: an efficient reconnaissance and surveillance detection mechanism in SDN. IEEE Access 8:134695–134706. https://doi.org/10.1109/ACCESS.2020.3009849CrossRef

26.

Sun P, Liu P, Li Q et al (2020) DL-IDS: extracting features using CNN-LSTM hybrid network for intrusion detection system. Secur Commun Netw 2020:1–11. https://doi.org/10.1155/2020/8890306CrossRef

27.

Zhang Y, Chen X, Jin L et al (2019) Network intrusion detection: based on deep hierarchical network and original flow data. IEEE Access 7:37004–37016. https://doi.org/10.1109/ACCESS.2019.2905041CrossRef

28.

Ferrag MA, Maglaras L (2020) DeepCoin: a novel deep learning and blockchain-based energy exchange framework for smart grids. IEEE Trans Eng Manag 67:1285–1297. https://doi.org/10.1109/TEM.2019.2922936CrossRef

29.

Elmasry W, Akbulut A, Zaim AH (2019) Empirical study on multiclass classification-based network intrusion detection. Comput Intell. https://doi.org/10.1111/coin.12220MathSciNetCrossRef

30.

Lv S, Wang J, Yang Y, Liu J (2018) Intrusion Prediction with system-call sequence-to-sequence model. IEEE Access 6:71413–71421. https://doi.org/10.1109/ACCESS.2018.2881561CrossRef

31.

Serpen G, Aghaei E (2018) Host-based misuse intrusion detection using PCA feature extraction and kNN classification algorithms. Intell Data Anal 22:1101–1114. https://doi.org/10.3233/IDA-173493CrossRef

32.

Vijayanand R, Devaraj D, Kannapiran B (2018) A novel intrusion detection system for wireless mesh network with hybrid feature selection technique based on GA and MI. J Intell Fuzzy Syst 34:1243–1250. https://doi.org/10.3233/JIFS-169421CrossRef

33.

Tran NN, Sarker R, Hu J (2018) An approach for host-based intrusion detection system design using convolutional neural network. In: Lecture notes of the institute for computer sciences, social-informatics and telecommunications engineering, LNICST. pp 116–126

34.

Shin Y, Kim K (2020) Comparison of anomaly detection accuracy of host-based intrusion detection systems based on different machine learning algorithms. Int J Adv Comput Sci Appl 11:252–259. https://doi.org/10.14569/ijacsa.2020.0110233CrossRef

35.

Khater BS, Wahab AWBA, Bin IMYI et al (2019) A lightweight perceptron-based intrusion detection system for fog computing. Appl Sci (Switz). https://doi.org/10.3390/app9010178CrossRef

36.

Mahdavifar S, Ghorbani AA (2019) Application of deep learning to cybersecurity: a survey. Neurocomputing 347:149–176. https://doi.org/10.1016/j.neucom.2019.02.056CrossRef

37.

CICFlowMeter (formerly ISCXFlowMeter). In: Canadian institute for cybersecurity. https://www.unb.ca/cic/research/applications.html

38.

Panigrahi R, Borah S (2018) A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems. Int J Eng Technol (UAE) 7:479–482

39.

Jolliffe IT (2002) Principal component analysis, 2nd edn. Springer, New YorkMATH

40.

Martinez AM, Kak AC (2001) PCA versus LDA. IEEE Trans Pattern Anal Mach Intell 23:228–233. https://doi.org/10.1109/34.908974CrossRef

41.

Lv L, Wang W, Zhang Z, Liu X (2020) A novel intrusion detection system based on an optimal hybrid kernel extreme learning machine. Knowl Based Syst. https://doi.org/10.1016/j.knosys.2020.105648CrossRef

42.

Ubuntu 11.04. http://old-releases.ubuntu.com/releases/11.04/. Accessed 25 Oct 2019

43.

Geurts P, Ernst D, Wehenkel L (2006) Extremely randomized trees. Mach Learn 63:3–42. https://doi.org/10.1007/s10994-006-6226-1CrossRefMATH

44.

Pedregosa F, Varoquaux G, Gramfort A et al (2011) Scikit-learn: machine learning in python. J Mach Learn Res 12:2825–2830MathSciNetMATH

45.

Li Z, Qin Z, Huang K et al (2017) Intrusion detection using convolutional neural networks for representation learning. In: Liu D, Xie S, Li Y et al (eds) Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics). Springer International Publishing, Cham, pp 858–866

46.

Kim T, Suh SC, Kim H, et al (2018) An Encoding Technique for CNN-based network anomaly detection. In: 2018 IEEE international conference on big data (Big Data). IEEE, pp 2960–2965

47.

Chollet F (2019) keras. GitHub repository

48.

Keras: The python deep learning library. https://keras.io/. Accessed 25 Oct 2019

49.

Abadi M, Agarwal A, Barham P, et al (2016) TensorFlow: large-scale machine learning on heterogeneous distributed systems

50.

Tibshirani R (1996) Regression shrinkage and selection via the lasso. J Royal Stat Soc Ser B (Methodol) 58:267–288. https://doi.org/10.1111/j.2517-6161.1996.tb02080.xMathSciNetCrossRefMATH

51.

Hoerl AE, Kennard RW (1970) Ridge regression: biased estimation for nonorthogonal problems. Technometrics 12:55–67. https://doi.org/10.1080/00401706.1970.10488634CrossRefMATH

52.

Hinton GE, Krizhevsky A, Sutskever I (2016) System and method for addressing overfitting in a Neural Network. 1:4–6

53.

Akila Agnes S, Anitha J (2019) Analyzing the effect of optimization strategies in deep convolutional neural network. In: Hemanth J, Balas VE (eds) Nature inspired optimization techniques for image processing applications. Springer International Publishing, Cham, pp 235–253CrossRef

54.

Kingma DP, Ba J (2014) Adam: a method for stochastic optimization. http://arxiv.org/abs/14126980

55.

Mehdipour Ghazi M, Yanikoglu B, Aptoula E (2017) Plant identification using deep neural networks via optimization of transfer learning parameters. Neurocomputing 235:228–235. https://doi.org/10.1016/j.neucom.2017.01.018CrossRef

56.

Tajbakhsh N, Shin JY, Gurudu SR et al (2016) Convolutional neural networks for medical image analysis: full training or fine tuning? IEEE Trans Med Imaging 35:1299–1312. https://doi.org/10.1109/TMI.2016.2535302CrossRef

57.

Haider W, Creech G, Xie Y, Hu J (2016) Windows based data sets for evaluation of robustness of Host based Intrusion Detection Systems (IDS) to zero-day and stealth attacks. Futur Internet. https://doi.org/10.3390/fi8030029CrossRef

Titel: A novel context-aware feature extraction method for convolutional neural network-based intrusion detection systems
verfasst von: Erfan A. Shams
Ahmet Rizaner
Ali Hakan Ulusoy
Publikationsdatum: 13.04.2021
Verlag: Springer London
Erschienen in: Neural Computing and Applications / Ausgabe 20/2021
Print ISSN: 0941-0643
Elektronische ISSN: 1433-3058
DOI: https://doi.org/10.1007/s00521-021-05994-9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 20/2021

A nonautonomous-differential-inclusion neurodynamic approach for nonsmooth distributed optimization on multi-agent systems

Text mining using nonnegative matrix factorization and latent semantic analysis

An implementation of sign language alphabet hand posture recognition using geometrical features through artificial neural network (part 2)

A wavelet-based neural network scheme for supervised and unsupervised learning

A multi-branch deep convolutional fusion architecture for 3D microwave inverse scattering: stored grain application

Real-time analysis of adaptive fuzzy predictive controller for chaotification under varying payload and noise conditions

Premium Partner