Learning Spatial Features Using CNN in Network Intrusion Detection System

Authors

Corressponding author's email:

vanntth@hcmute.edu.vn

DOI:

https://doi.org/10.54644/jte.2024.1552

Keywords:

Intrusion detection system, Learning feature, Deep learning, CNN, CICIDS2017

Abstract

Today, modern communication networks and the diversity of network services have created a large growth in data transmitted through many different devices and communication protocols. This has raised serious security concerns, which in turn has increased the importance of developing advanced network intrusion detection systems (IDS). Although various techniques are applied to IDS, they face several challenges such as accuracy and efficient handling of highly variable big data. To increase the effectiveness of detecting attacks in network traffic, we need good features, but we also need to reduce the cost of feature construction techniques. Recently, Deep learning has been used as an effective way to analyze and discover knowledge in large data systems to create models with good classification capabilities. Many studies used Deep learning models to learn features automatically and effectively. In this paper, we used Convolution neural network (CNN) that exploits the visual properties of the input data to obtain features from network traffic, thereby achieving good intrusion detection performance. Our research was experimented on the CICIDS2017 dataset, achieving the highest accuracy of 91.53%.

Downloads: 0

Download data is not yet available.

Author Biography

Thanh Van Nguyen, Ho Chi Minh City University of Technology and Education, Vietnam

Nguyen Thanh Van graduated from university in Infomatics in 1998 at Hue University’s College of Education,  Hue University,  and received a master's degree in  computer  science  in 2005 at Da Nang University. She is currently working at the Faculty of Information Technology, HCMC University of Technology and Education. Her research interests include Information and Network security, machine learning technologies. Email: vanntth@hcmute.edu.vn. ORCID:  https://orcid.org/0009-0003-9686-606X

References

H. Liu and B. Lang, “Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey,” Appl. Sci., vol. 9, p. 4396, 2019, doi: 10.3390/app9204396. DOI: https://doi.org/10.3390/app9204396

Y. Bengio, A. Courville, and P. Vincent, “Representation Learning: A Review and New Perspectives,” in IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 35, no. 8, pp. 1798-1828, Aug. 2013, doi: 10.1109/TPAMI.2013.50. DOI: https://doi.org/10.1109/TPAMI.2013.50

A. Krizhevsky, I. Sutskever, and G. Hinton, “ImageNet classification with deep CNN,” Communications of the ACM, vol. 60, no. 6, pp. 84-90, Jun. 2017, doi: 10.1145/3065386. DOI: https://doi.org/10.1145/3065386

M. D. Zeiler and R. Fergus, “Visualizing and understanding convolutional networks,” in Computer Vision – ECCV 2014, vol. 8689, Lecture Notes in Computer Science, Springer, 2014, pp. 818-833, doi: 10.1007/978-3-319-10590-1_53. DOI: https://doi.org/10.1007/978-3-319-10590-1_53

G. Gilberto, “A comprehensive survey on network anomaly detection,” Telecommun. Syst., vol. 70, pp. 447-489, 2019, doi: 10.1007/s11235-018-0414-7. DOI: https://doi.org/10.1007/s11235-018-0475-8

R. C. Aygun and A. G. Yavuz, "Network Anomaly Detection with Stochastically Improved Autoencoder Based Model," in IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), 2017, pp. 193-198, doi: 10.1109/CSCloud.2017.32. DOI: https://doi.org/10.1109/CSCloud.2017.39

S. Farahnakian and J. Heikkonen, "A deep auto-encoder based approach for intrusion detection system," in Int. Conf. on Advanced Communication Technology (ICACT), 2018, pp. 178-183, doi: 10.23919/ICACT.2018.8323744. DOI: https://doi.org/10.23919/ICACT.2018.8323687

S. Potluri and C. Diedrich, "Accelerated deep neural networks for enhanced intrusion detection system," in Int. Conf. on Emerging Technologies and Factory Automation (ETFA), 2016, pp. 1-8, doi: 10.1109/ETFA.2016.7733704. DOI: https://doi.org/10.1109/ETFA.2016.7733515

Q. Niyaz, W. Sun, A. Javaid, and M. Alam, "A Deep Learning Approach for NIDS," in Bio-inspired Information and Communications Technologies (BIONETICS), Brussels, Belgium, 2015, pp. 21-26, doi: 10.4108/eai.3-12-2015.2262516. DOI: https://doi.org/10.4108/eai.3-12-2015.2262516

B. Zhang, Y. Yu, and J. Li, "Network intrusion detection based on stacked sparse autoencoder and binary tree ensemble method," in IEEE Int. Conf. on Communications (ICC), 2018, pp. 1-6, doi: 10.1109/ICC.2018.8422406. DOI: https://doi.org/10.1109/ICCW.2018.8403759

I. O. Lopes, “Effective network intrusion detection via representation learning: A Denoising AutoEncoder approach,” Computer Communications, vol. 194, pp. 55-65, Oct. 2022, doi: 10.1016/j.comcom.2022.07.004. DOI: https://doi.org/10.1016/j.comcom.2022.07.027

Y. Song, S. Hyun, and Y.-G. Cheong, “Analysis of Autoencoders for Network Intrusion Detection,” Sensors, vol. 21, no. 4294, 2021, doi: 10.3390/s21134294. DOI: https://doi.org/10.3390/s21134294

H. Choi, M. Kim, G. Lee, et al., “Unsupervised learning approach for NIDS using autoencoders,” Journal of Supercomputing, vol. 75, pp. 5597–5621, 2019, doi: 10.1007/s11227-019-02873-2. DOI: https://doi.org/10.1007/s11227-019-02805-w

K. Ji, J. Kim, L.T.T. Huong, et al., "LSTM - RNN Classifier for Intrusion Detection," in International Conference Platform Technology and Service (PlatCon), South Korea, 2016, pp. 1-5, doi: 10.1109/PlatCon.2016.7456801. DOI: https://doi.org/10.1109/PlatCon.2016.7456801

R. C. Staudemeyer, "Applying LSTM RNN to intrusion detection," South African Computer Journal, vol. 56, pp. 6-15, 2015, doi: 10.18489/sacj.v56i0.225. DOI: https://doi.org/10.18489/sacj.v56i1.248

L. Bontemps, C. Van Cao, J. McDermott, et al., "Collective Anomaly Detection based on LSTM RNN," in International Conference on Future Data and Security Engineering, 2016, pp. 141-152, doi: 10.1007/978-3-319-49358-9_10. DOI: https://doi.org/10.1007/978-3-319-48057-2_9

M. Chen, X. Qi, and J. Liu, "MS-LSTM: a Multi-Scale LSTM Model for BGP anomaly detection," in 24th International Conference on Network Protocols (ICNP), 2016, pp. 1-6, doi: 10.1109/ICNP.2016.7784448. DOI: https://doi.org/10.1109/ICNP.2016.7785326

F. Laghrissi, et al., “Intrusion detection systems using long short-term memory (LSTM),” Journal of Big Data, vol. 8, no. 65, pp. 1-14, 2021, doi: 10.1186/s40537-021-00466-3. DOI: https://doi.org/10.1186/s40537-021-00448-4

J. Kim, J. Kim, H. Kim, M. Shim, and E. Choi, “CNN-Based Network Intrusion Detection against Denial-of-Service Attacks,” Electronics, vol. 9, no. 916, 2020, doi: 10.3390/electronics9060916. DOI: https://doi.org/10.3390/electronics9060916

V. R. Varanasi and S. Razia, “CNN Implementation for IDS,” in 2021 3rd International Conference on Advances in Computing, Communication Control and Networking (ICAC3N), pp. 1585-1589, doi: 10.1109/ICAC3N53548.2021.9725426. DOI: https://doi.org/10.1109/ICAC3N53548.2021.9725426

S. N. Nguyen, Q. V. Nguyen, and K. Kim, "Design and implementation of intrusion detection system using CNN for DoS detection," in International Conference on Machine Learning and Soft Computing, 2018, pp. 34-38, doi: 10.1145/3184066.3184094. DOI: https://doi.org/10.1145/3184066.3184089

Z. Li, Z. Qin, K. Huang, and X. Yang, "Intrusion Detection Using CNNs for Representation Learning," in Neural Information Processing (ICONIP), Lecture Notes in Computer Science, vol. 10638, Springer, Cham, 2017, pp. 103-111, doi: 10.1007/978-3-319-70096-0_11. DOI: https://doi.org/10.1007/978-3-319-70096-0_11

T. Kim, S. C. Suh, H. Kim, et al., "An Encoding Technique for CNN-based Network Anomaly Detection," in IEEE International Conference on Big Data (Big Data), 2018, pp. 2960-2963, doi: 10.1109/BigData.2018.8622337. DOI: https://doi.org/10.1109/BigData.2018.8622568

Y. Zhang, X. Chen, D. Guo, et al., "Parallel Cross CNN for Abnormal Network Traffic flows Detection in multi-class imbalanced," IEEE Access, vol. 7, pp. 119904-119916, 2019, doi: 10.1109/ACCESS.2019.2936982. DOI: https://doi.org/10.1109/ACCESS.2019.2933165

I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” in ICISSP, pp. 108–116, 2018, doi: 10.5220/0006639801080116. DOI: https://doi.org/10.5220/0006639801080116

K. M. He, X. Y. Zhang, S. Q. Ren, and J. Sun, “Deep residual learning for image recognition,” in Proceedings IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas, NV, USA, 2016, pp. 770-778, doi: 10.1109/CVPR.2016.90. DOI: https://doi.org/10.1109/CVPR.2016.90

C. Szegedy, W. Liu, Y. Jia, P. Sermanet, S. Reed, D. Anguelov, D. Erhan, V. Vanhoucke, and A. Rabinovich, “Going deeper with convolutions,” in Proceedings of the IEEE conference on computer vision and pattern recognition, 2015, pp. 1–9, doi: 10.1109/CVPR.2015.7298594. DOI: https://doi.org/10.1109/CVPR.2015.7298594

Downloads

Published

28-08-2024

How to Cite

[1]
Nguyễn Thanh Vân, “Learning Spatial Features Using CNN in Network Intrusion Detection System”, JTE, vol. 19, no. 04, pp. 103–113, Aug. 2024.

Issue

Vol. 19 No. 04 (2024)

Section

Research Article

Categories

License

Copyright (c) 2024 Journal of Technical Education Science

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Copyright © JTE.

Crossref
Scopus
Google Scholar
Europe PMC