Abstract
Recently developed machine learning techniques, with emphasis on deep learning, are finding their successful implementations in detection and classification of anomalies at both network- and host-levels. However, the utilisation of deep learning in Intrusion Detection Systems is still in its early stage, coping with problems like the emergence of unknown attacks, or dealing with imbalanced datasets. The existing solutions suffer from low detection rates and high false-positive rates. In this paper, a hybrid anomaly detection system that leverages a Classical AutoEncoder (CAE) method with a Deep Neural Network (DNN) is presented. To enhance the capabilities of the proposed model, the method works in two phases for network anomaly detection. In the first stage, a CAE is used for feature engineering. In the second phase, a DNN is used for classification. The efficacy of the proposed method is validated on a benchmark dataset UNSW-NB15. The results of its analysis are discussed in terms of accuracy, detection rate, false-positive rate, ROC, and F1-score and compared to other algorithms used for network anomaly detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aburomman, A.A., Reaz, M.B.I.: A survey of intrusion detection systems based on ensemble and hybrid classifiers. Comput. Secur. 65, 135–152 (2017)
Aljawarneh, S., Aldwairi, M., Yassein, M.B.: Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J. Comput. Sci. 25, 152–160 (2018)
Choraś, M., Kozik, R.: Machine learning techniques applied to detect cyber attacks on web applications. Logic J. IGPL 23(1), 45–56 (2015)
Dhanabal, L., Shantharajah, S.P.: A study on nsl-kdd dataset for intrusion detection system based on classification algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 4(6), 446–452 (2015)
Djenouri, Y., Belhadi, A., Lin, J.C.-W., Cano, A.: Adapted k-nearest neighbors for detecting anomalies on spatio-temporal traffic flow. IEEE Access 7, 10015–10027 (2019)
Ganeshan, R., Rodrigues, S.P.: I-AHSDT: intrusion detection using adaptive dynamic directive operative fractional lion clustering and hyperbolic secant-based decision tree classifier. J. Exp. Theoret. Artif. Intell. 30(6), 887–910 (2018)
Hashizume, K., Rosado, D.G., Fernández-Medina, E., Fernandez, E.B.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4(1), 5 (2013)
Jain, A., Verma, B., Rana, J.L.: Anomaly intrusion detection techniques: a brief review. Int. J. Sci. Eng. Res. 5(7), 1372–1383 (2014)
Jidiga, G.R., Sammulal, P.: Anomaly detection using machine learning with a case study. In: 2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies, pp. 1060–1065. IEEE (2014)
Karami, A.: An anomaly-based intrusion detection system in presence of benign outliers with visualization capabilities. Expert Syst. Appl. 108, 36–60 (2018)
Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the Third Annual Conference on Privacy, Security and Trust, vol. 94, pp. 1723–1722 (2005)
Kingma, D.P., Adam, J.B.: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)
Kozik, R., Choraś, M.: Current cyber security threats and challenges in critical infrastructures protection. In: 2013 Second International Conference on Informatics & Applications (ICIA), pp. 93–97. IEEE (2013)
Kozik, R., Choraś, M.: Protecting the application layer in the public domain with machine learning methods. Logic J. IGPL 27(2), 149–159 (2019)
Meidan, Y., et al.: N-baiot–network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput. 17(3), 12–22 (2018)
Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Global Perspect. 25(1–3), 18–31 (2016)
Panigrahi, R., Borah, S.: A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems. Int. J. Eng. Technol. 7(3.24), 479–482 (2018)
Ren, J., Guo, J., Qian, W., Yuan, H., Hao, X., Jingjing, H.: Building an effective intrusion detection system by using hybrid data optimization based on machine learning algorithms. Secur. Commun. Netw. 2019, 11 (2019)
Shang, W., Cui, J., Song, C., Zhao, J., Zeng, P.: Research on industrial control anomaly detection based on FCM and SVM. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 218–222. IEEE (2018)
Tian, Y., Mirzabagheri, M., Bamakan, S.M.H., Wang, H., Qiang, Q.: Ramp loss one-class support vector machine; a robust and effective approach to anomaly detection problems. Neurocomputing 310, 223–235 (2018)
Wongsuphasawat, K., et al.: Visualizing dataflow graphs of deep learning models in tensorflow. IEEE Trans. Vis. Comput. Graph. 24(1), 1–12 (2017)
Xin, Y., et al.: Machine learning and deep learning methods for cybersecurity. IEEE Access 6, 35365–35381 (2018)
Yang, Y., Zheng, K., Chunhua, W., Yang, Y.: Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network. Sensors 19(11), 2528 (2019)
Zhou, Y., Arpit, D., Nwogu, I., Govindaraju, V.: Is joint training better for deep auto-encoders? arXiv preprint arXiv:1405.1380 (2014)
Acknowledgement
This work is funded under InfraStress project, which has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 833088.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Dutta, V., Choraś, M., Kozik, R., Pawlicki, M. (2021). Hybrid Model for Improving the Classification Effectiveness of Network Intrusion Detection. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_38
Download citation
DOI: https://doi.org/10.1007/978-3-030-57805-3_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57804-6
Online ISBN: 978-3-030-57805-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)