Yıl: 2022 Cilt: 30 Sayı: 3 Sayfa Aralığı: 629 - 643 Metin Dili: İngilizce DOI: 10.3906/elk-2104-50 İndeks Tarihi: 01-07-2022

Performance analysis and feature selection for network-based intrusion detection with deep learning

Öz:
An intrusion detection system is an automated monitoring tool that analyzes network traffic and detects malicious activities by looking out either for known patterns of attacks or for an anomaly. In this study, intrusion detection and classification performances of different deep learning based systems are examined. For this purpose, 24 deep neural networks with four different architectures are trained and evaluated on CICIDS2017 dataset. Furthermore, the best performing model is utilized to inspect raw network traffic features and rank them with respect to their contributions to success rates. By selecting features with respect to their ranks, sets of varying size from 3 to 77 are assessed in terms of classification accuracy and time efficiency. The results show that recurrent neural networks with a certain level of complexity can achieve comparable success rates with state-of-the-art systems using a small feature set of size 9; while the average time required to classify a test sample is halved compared to the complete set.
Anahtar Kelime:

Belge Türü: Makale Makale Türü: Araştırma Makalesi Erişim Türü: Erişime Açık
0
0
0
  • [1] Sharafaldin I, Lashkarin AH, Ghorbani AA. Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: International Conference on Information Systems Security and Privacy; Funchal, Madeira, Portugal; 2018. pp. 108-116.
  • [2] Ivakhnenko AG, Lapa VG. Cybernetics and Forecasting Techniques: Modern Analytic and Computational Methods in Science and Mathematics. New York, USA: American Elsevier Publishing Company, 1967.
  • [3] Glorot X, Bordes A, Bengio Y. Deep sparse rectifier neural networks. In: International Conference on Artificial Intelligence and Statistics; Fort Lauderdale, Florida, USA; 2011. pp. 315-323.
  • [4] He K, Zhang X, Ren S, Sun J. Deep residual learning for image recognition. In: IEEE Conference on Computer Vision and Pattern Recognition; Las Vegas, Nevada, USA; 2016. pp. 770-778.
  • [5] Srivastava N, Hinton G, Krizhevsky A, Sutskever I, Salakhutdinov R. Dropout: A simple way to prevent neural networks from overfitting. The Journal of Machine Learning Research 2014; 15 (1): 1929-1958.
  • [6] Gümüşbaş D, Yıldırım T, Genovese A, Scotti F. A comprehensive survey of databases and deep learning methods for cybersecurity and intrusion detection systems. IEEE Systems Journal 2020; 15 (2): 1717-1731. doi: 10.1109/JSYST.2020.2992966
  • [7] Asharf J, Moustafa N, Khurshid H, Debie E, Haider W, et al. A review of intrusion detection systems using machine and deep learning in Internet of Things: Challenges, solutions and future directions. MDPI Electronics 2020; 9 (7): 1177. doi: 10.3390/electronics9071177
  • [8] Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Elsevier Journal of Information Security and Applications 2020; 50: 102419. doi: j.jisa.2019.102419
  • [9] Gamage S, Samarabandu J. Deep learning methods in network intrusion detection: A survey and an objective comparison. Elsevier Journal of Network and Computer Applications 2020; 169: 102767. doi: j.jnca.2020.102767
  • [10] Li J, Qu Y, Chao F, Shum HP, Ho ES, et al. Machine learning algorithms for network intrusion detection. In: Sikos L. (editor). AI in Cybersecurity. Cham, Switzerland: Springer International Publishing A&G, 2019, pp. 151-179.
  • [11] Uikey R, Gyanchandani M. Survey on classification techniques applied to intrusion detection system and its comparative analysis. In: International Conference on Communication and Electronics Systems; Cairo, Egypt; 2019. pp. 1451-1456.
  • [12] Koroniotis N, Moustafa N, Sitnikova E, Turnbull B. Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset. Elsevier Future Generation Computer Systems 2019; 100: 779-796. doi: j.future.2019.05.041
  • [13] Tavallaee M, Bagheri E, Lu W, Ghorbani AA. A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications; Ottawa, ON, Canada; 2009. pp. 1-6.
  • [14] Toupas P, Chamou D, Giannoutakis KM, Drosou A, Tzovaras D. An intrusion detection system for multi-class classification based on deep neural networks. In: IEEE International Conference On Machine Learning And Applications; Boca Raton, Florida, USA; 2019. pp. 1253-1258.
  • [15] Vinayakumar R, Alazab M, Soman K, Poornachandran P, Al-Nemrat A, Venkatraman S. Deep learning approach for intelligent intrusion detection system. IEEE Access 2019; 7: 41525-41550. doi: 10.1109/ACCESS.2019.2895334
  • [16] Zhang H, Huang L, Wu CQ, Li Z. An effective convolutional neural network based on SMOTE and Gaussian Mixture Model for intrusion detection in imbalanced dataset. Elsevier Computer Networks 2020; 177: 107315. doi: 10.1016/j.comnet.2020.107315
  • [17] Elmasry W, Akbulut A, Zaim AH. Evolving deep learning architectures for network intrusion detection using a double PSO metaheuristic. Elsevier Computer Networks 2020; 168: 107042. doi: 10.1016/j.comnet.2019.107042
  • [18] Zhang Y, Chen X, Jin L, Wang X, Guo D. Network intrusion detection: Based on deep hierarchical network and original flow data. IEEE Access 2019; 7: 37004-37016. doi: 10.1109/ACCESS.2019.2905041
  • [19] Vijayanand R, Devaraj D. A novel feature selection method using whale optimization algorithm and genetic operators for intrusion detection system in wireless mesh network. IEEE Access 2020; 8: 56847-56854. doi: 10.1109/ACCESS.2020.2978035
  • [20] Pérez D, Alonso S, Morán A, Prada MA, Fuertes JJ, Domínguez M. Comparison of network intrusion detection performance using feature representation. In: International Conference on Engineering Applications of Neural Networks; Xersonisos, Crete, Greece; 2019. pp. 463-475.
  • [21] Khammassi C, Krichen S. A NSGA2-LR wrapper approach for feature selection in network intrusion detection. Elsevier Computer Networks 2020; 172: 107183. doi: 10.1016/j.comnet.2020.107183
  • [22] Abdulhammed R, Musafer H, Alessa A, Faezipour M, Abuzneid A. Features dimensionality reduction approaches for machine learning based network intrusion detection. MDPI Electronics 2019; 8 (3): 322. doi: 10.3390/electronics8030322
  • [23] Lee J, Park K. AE-CGAN model based high performance network intrusion detection system. MDPI Applied Sciences 2019; 9 (20): 4221. doi: 10.3390/app9204221
  • [24] Lee J, Park K. GAN-based imbalanced data intrusion detection system. Springer Personal and Ubiquitous Computing 2019; 25: 121-128. doi: 10.1007/s00779-019-01332-y
  • [25] Zhou Y, Cheng G, Jiang S, Dai M. Building an efficient intrusion detection system based on feature selection and ensemble classifier. Elsevier Computer Networks 2020; 174: 107247. doi: 10.1016/j.comnet.2020.107247
  • [26] Wang A, Gong X, Lu J. Deep feature extraction in intrusion detection system. In: IEEE International Conference on Smart Cloud; Tokyo, Japan; 2019. pp. 104-109.
  • [27] Li X, Chen W, Zhang Q, Wu L. Building auto-encoder intrusion detection system based on random forest feature selection. Elsevier Computers & Security 2020; 95: 101851. doi: 10.1016/j.cose.2020.101851
  • [28] Alinn F, Chemchem A, Nolot F, Flauzac O, Krajecki M. Towards a hierarchical deep learning approach for intrusion detection. In: International Conference on Machine Learning for Networking; Paris, France; 2019. pp. 15-27.
  • [29] Ramsbrock D, Berthier R, Cukier M. Profiling attacker behavior following SSH compromises. In: IEEE/IFIP International Conference on Dependable Systems and Networks; Edinburgh, Scotland, UK; 2007. pp. 119-124.
  • [30] Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP. SMOTE: synthetic minority over-sampling technique. Journal of Artificial Intelligence Research 2002; 16: 321-357. doi: 10.1613/jair.953
  • [31] Lin Z, Shi Y, Xue Z. Idsgan: Generative adversarial networks for attack generation against intrusion detection. arXiv preprint, arXiv:1809.02077, 2018.
  • [32] Svozil D, Kvasnicka V, Pospichal J. Introduction to multi-layer feed-forward neural networks. Chemometrics and Intelligent Laboratory Systems 1997; 39 (1): 43-62.
  • [33] Hochreiter S, Schmidhuber J. Long short-term memory. Neural Computation 1997; 9 (8): 1735-1780. doi: 10.1162/neco.1997.9.8.1735
  • [34] Cho K, Van Merriënboer B, Bahdanau D, Bengio Y. On the properties of neural machine translation: Encoderdecoder approaches. arXiv preprint, arXiv:1409.1259; 2014.
  • [35] Maas AL, Hannun AY, Ng AY. Rectifier nonlinearities improve neural network acoustic models. In: ICML Workshop on Deep Learning for Audio, Speech and Language Processing; Atlanta, USA; 2013. pp. 3.
  • [36] Kingma DP, Ba J. Adam: A method for stochastic optimization. arXiv preprint, arXiv:1412.6980; 2014.
APA CANER S, ERDOĞMUŞ N, ERTEN Y (2022). Performance analysis and feature selection for network-based intrusion detection with deep learning. , 629 - 643. 10.3906/elk-2104-50
Chicago CANER Serhat,ERDOĞMUŞ Nesli,ERTEN Y. Murat Performance analysis and feature selection for network-based intrusion detection with deep learning. (2022): 629 - 643. 10.3906/elk-2104-50
MLA CANER Serhat,ERDOĞMUŞ Nesli,ERTEN Y. Murat Performance analysis and feature selection for network-based intrusion detection with deep learning. , 2022, ss.629 - 643. 10.3906/elk-2104-50
AMA CANER S,ERDOĞMUŞ N,ERTEN Y Performance analysis and feature selection for network-based intrusion detection with deep learning. . 2022; 629 - 643. 10.3906/elk-2104-50
Vancouver CANER S,ERDOĞMUŞ N,ERTEN Y Performance analysis and feature selection for network-based intrusion detection with deep learning. . 2022; 629 - 643. 10.3906/elk-2104-50
IEEE CANER S,ERDOĞMUŞ N,ERTEN Y "Performance analysis and feature selection for network-based intrusion detection with deep learning." , ss.629 - 643, 2022. 10.3906/elk-2104-50
ISNAD CANER, Serhat vd. "Performance analysis and feature selection for network-based intrusion detection with deep learning". (2022), 629-643. https://doi.org/10.3906/elk-2104-50
APA CANER S, ERDOĞMUŞ N, ERTEN Y (2022). Performance analysis and feature selection for network-based intrusion detection with deep learning. Turkish Journal of Electrical Engineering and Computer Sciences, 30(3), 629 - 643. 10.3906/elk-2104-50
Chicago CANER Serhat,ERDOĞMUŞ Nesli,ERTEN Y. Murat Performance analysis and feature selection for network-based intrusion detection with deep learning. Turkish Journal of Electrical Engineering and Computer Sciences 30, no.3 (2022): 629 - 643. 10.3906/elk-2104-50
MLA CANER Serhat,ERDOĞMUŞ Nesli,ERTEN Y. Murat Performance analysis and feature selection for network-based intrusion detection with deep learning. Turkish Journal of Electrical Engineering and Computer Sciences, vol.30, no.3, 2022, ss.629 - 643. 10.3906/elk-2104-50
AMA CANER S,ERDOĞMUŞ N,ERTEN Y Performance analysis and feature selection for network-based intrusion detection with deep learning. Turkish Journal of Electrical Engineering and Computer Sciences. 2022; 30(3): 629 - 643. 10.3906/elk-2104-50
Vancouver CANER S,ERDOĞMUŞ N,ERTEN Y Performance analysis and feature selection for network-based intrusion detection with deep learning. Turkish Journal of Electrical Engineering and Computer Sciences. 2022; 30(3): 629 - 643. 10.3906/elk-2104-50
IEEE CANER S,ERDOĞMUŞ N,ERTEN Y "Performance analysis and feature selection for network-based intrusion detection with deep learning." Turkish Journal of Electrical Engineering and Computer Sciences, 30, ss.629 - 643, 2022. 10.3906/elk-2104-50
ISNAD CANER, Serhat vd. "Performance analysis and feature selection for network-based intrusion detection with deep learning". Turkish Journal of Electrical Engineering and Computer Sciences 30/3 (2022), 629-643. https://doi.org/10.3906/elk-2104-50