Abstract
The daily growth of computer networks usage increases the need to protect users from malware and other threats. This paper, presents a hybrid Intrusion Detecting System (IDS) comprising of a 2-Dimensional Convolutional Neural Network (2-D CNN), a Recurrent Neural Network (RNN) and a Multi-Layer Perceptron (MLP) for the detection of 9 Cyber Attacks versus normal flow. The timely Kitsune Network attack dataset was used in this research. The proposed model achieved an overall accuracy of 92.66%, 90.64% and 90.56% in the train, validation and testing phases respectively. The typical five classification indices Sensitivity, Specificity, Accuracy, F1-Score and Precision were calculated following the “One-Versus-All Strategy”. Their values clearly support the fact that the model can generalize and that it can be used as a prototype for further research on network security enhancement.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Agarap, A.F.: Deep learning using rectified linear units (ReLU). arXiv preprint arXiv:1803.08375 (2018)
Ahmim, A., Derdour, M., Ferrag, M.A.: An intrusion detection system based on combining probability predictions of a tree of classifiers. Int. J. Commun. Syst. 31(9), e3547 (2018)
Ahmim, A., Maglaras, L., Ferrag, M.A., Derdour, M., Janicke, H.: A novel hierarchical intrusion detection system based on decision tree and rules-based models. In: 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), pp. 228–233. IEEE, May 2019
Android Malware Dataset. https://www.unb.ca/cic/datasets/andmal2017.html
Berman, D.S., Buczak, A.L., Chavis, J.S., Corbett, C.L.: A survey of deep learning methods for cyber security. Information 10(4), 122 (2019)
Bot-IoT Dataset. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/bot_iot.php. Accessed 8 Mar 2021
Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2015)
Chambon, S., Galtier, M.N., Arnal, P.J., Wainrib, G., Gramfort, A.: A deep learning architecture for temporal sleep stage classification using multivariate and multimodal time series. IEEE Trans. Neural Syst. Rehabil. Eng. 26(4), 758–769 (2018)
Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)
Cordonsky, I., Rosenberg, I., Sicard, G., David, E.O.: DeepOrigin: end-to-end deep learning for detection of new malware families. In: 2018 International Joint Conference on Neural Networks (IJCNN), pp. 1–7. IEEE, July 2018
CSE-CIC-IDS2018 Dataset. https://www.unb.ca/cic/datasets/ids-2018.html. Accessed 30 May 2019
Ctu-13 Dataset. https://mcfp.weebly.com/the-ctu-13-dataset-a-labeleddataset-with-botnet-normal-and-background-traffic.html. Accessed 8 Mar 2021
Damopoulos, D., Menesidou, S.A., Kambourakis, G., Papadaki, M., Clarke, N., Gritzalis, S.: Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers. Secur. Commun. Netw. 5(1), 3–14 (2012)
Demertzis, K., Iliadis, L., Bougoudis, I.: Gryphon: a semi-supervised anomaly detection system based on one-class evolving spiking neural network. Neural Comput. Appl. 32(9), 4303–4314 (2019). https://doi.org/10.1007/s00521-019-04363-x
Demertzis, K., Iliadis, L., Tziritas, N., Kikiras, P.: Anomaly detection via blockchained deep learning smart contracts in industry 4.0. Neural Comput. Appl. 32(23), 17361–17378 (2020). https://doi.org/10.1007/s00521-020-05189-8
Demertzis, K., Tziritas, N., Kikiras, P., Sanchez, S.L., Iliadis, L.: The next generation cognitive security operations center: adaptive analytic lambda architecture for efficient defense against adversarial attacks. Big Data Cogn. Comput. 3(1), 6 (2019)
Dillon, J.V., et al.: Tensorflow distributions. arXiv preprint arXiv:1711.10604 (2017)
Gibert Llauradó, D.: Convolutional neural networks for malware classification. Master’s thesis, Universitat Politècnica de Catalunya (2016)
Kdd Cup (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 8 Mar 2021
Ketkar, N.: Introduction to Keras. In: Deep Learning with Python, pp. 97–111. Apress, Berkeley (2017)
Kitsune Network Attack Dataset. https://archive.ics.uci.edu/ml/datasets/Kitsune+Network+Attack+Dataset. Accessed 8 Mar 2021
Kolosnjaji, B., Zarras, A., Webster, G., Eckert, C.: Deep learning for classification of malware system call sequences. In: Kang, B.H., Bai, Q. (eds.) AI 2016. LNCS (LNAI), vol. 9992, pp. 137–149. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-50127-7_11
Kuypers, M.A., Maillart, T., Paté-Cornell, E.: An empirical analysis of cyber security incidents at a large organization. Department of Management Science and Engineering, Stanford University, School of Information, UC Berkeley, 30 (2016)
Li, Y., Xia, J., Zhang, S., Yan, J., Ai, X., Dai, K.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39(1), 424–430 (2012)
Loukas, G., Vuong, T., Heartfield, R., Sakellari, G., Yoon, Y., Gan, D.: Cloud-based cyber-physical intrusion detection for vehicles using deep learning. IEEE Access 6, 3491–3508 (2017)
Mahdavifar, S., Ghorbani, A.A.: Application of deep learning to cybersecurity: a survey. Neurocomputing 347, 149–176 (2019)
Martin, E., Cundy, C.: Parallelizing linear recurrent neural nets over sequence length. arXiv preprint arXiv:1709.04057 (2017)
Meidan, Y., et al.: N-BaIoT—network-based detection of IoT botnet attacks using deep autoencoders. IEEE Pervasive Comput. 17(3), 12–22 (2018)
Mirchev, A., Ahmadi, S.A.: Classification of sparsely labeled spatio-temporal data through semi-supervised adversarial learning. arXiv preprint arXiv:1801.08712 (2018)
Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089 (2018)
Mizuno, S., Hatada, M., Mori, T., Goto, S.: Botdetector: a robust and scalable approach toward detecting malware-infected devices. In: 2017 IEEE International Conference on Communications (ICC), pp. 1–7. IEEE, May 2017
Nsl kdd. https://www.unb.ca/cic/datasets/nsl.html. Accessed 8 Mar 2021
O’Shea, K., Nash, R.: An introduction to convolutional neural networks. arXiv preprint arXiv:1511.08458 (2015)
Pascanu, R., Stokes, J.W., Sanossian, H., Marinescu, M., Thomas, A.: Malware classification with recurrent networks. In: 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 1916–1920. IEEE, April 2015
Psathas, A., Papaleonidas, A., Iliadis, L.: Machine learning modeling of human activity using PPG signals. In: Nguyen, N.T., Hoang, B.H., Huynh, C.P., Hwang, D., Trawiński, B., Vossen, G. (eds.) ICCCI 2020. LNCS (LNAI), vol. 12496, pp. 543–557. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-63007-2_42
Psathas, A., Papaleonidas, A., Papathanassiou, G., Valkaniotis, S., Iliadis, L.: Classification of coseismic landslides using fuzzy and machine learning techniques. In: Iliadis, L., Angelov, P.P., Jayne, C., Pimenidis, E. (eds.) EANN 2020. PINNS, vol. 2, pp. 15–31. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-48791-1_2
Saleh, A.I., Talaat, F.M., Labib, L.M.: A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers. Artif. Intell. Rev. 51(3), 403–443 (2017). https://doi.org/10.1007/s10462-017-9567-1
Shon, T., Moon, J.: A hybrid machine learning approach to network anomaly detection. Inf. Sci. 177(18), 3799–3821 (2007)
Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 41–50 (2018)
Soe, Y.N., Feng, Y., Santosa, P.I., Hartanto, R., Sakurai, K.: Machine learning-based IoT-Botnet attack detection with sequential architecture. Sensors 20(16), 4372 (2020)
Tensorflow. https://www.tensorflow.org/. Accessed 8 Mar 2021
Thamilarasu, G., Chawla, S.: Towards deep-learning-driven intrusion detection for the internet of things. Sensors 19(9), 1977 (2019)
Tor-Nontor Dataset. https://www.unb.ca/cic/datasets/tor.html. Accessed 8 Mar 2021
Xie, M., Hu, J., Han, S., Chen, H.H.: Scalable hypergrid k-NN-based online anomaly detection in wireless sensor networks. IEEE Trans. Parallel Distrib. Syst. 24(8), 1661–1670 (2012)
Yeung, D.S., Li, J.C., Ng, W.W., Chan, P.P.: MLPNN training via a multiobjective optimization of training error and stochastic sensitivity. IEEE Trans. Neural Netw. Learn. Syst. 27(5), 978–992 (2015)
Zhang, C., Jiang, J., Kamel, M.: Intrusion detection using hierarchical neural networks. Pattern Recogn. Lett. 26(6), 779–791 (2005)
Zhang, Z.: Improved adam optimizer for deep neural networks. In: 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), pp. 1–2. IEEE, June 2018
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Psathas, A.P., Iliadis, L., Papaleonidas, A., Bountas, D. (2021). A Hybrid Deep Learning Ensemble for Cyber Intrusion Detection. In: Iliadis, L., Macintyre, J., Jayne, C., Pimenidis, E. (eds) Proceedings of the 22nd Engineering Applications of Neural Networks Conference. EANN 2021. Proceedings of the International Neural Networks Society, vol 3. Springer, Cham. https://doi.org/10.1007/978-3-030-80568-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-80568-5_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-80567-8
Online ISBN: 978-3-030-80568-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)