A Comparative Analysis of Deep Learning Approaches in Intrusion Detection System

Das, Abhijit; Sarojini, B.

doi:10.1109/rteict52294.2021.9573685

Cited by 9 publications

(4 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The associated transference and storage of vast volumes of data over computer networks have created new and evolving opportunities for cybercriminals [1]. From 2019 to 2022, the cost of repairing cyberattack damage increased by USD 6T, and the average detection time increased from 57.4 to 93.2 days [2]. Traditional cybersecurity methods (e.g., firewalls, user authentication, and data encryption) cannot handle the complex attacks that take place online.…”

Section: Introductionmentioning

confidence: 99%

“…(1) We apply a novel combination of data-and algorithm-level techniques to specifically reduce the FP rate while improving the model's recall rate. (2) We provide legitimate and reproducible results by applying our combined model to state-of-the-art NSL-KDD [7] and CICIDS2017 [8] benchmark intrusion detection datasets as our research objects. (3) To improve data-level class balancing, we provide an ingenious combination of random undersampling (RUS) and synthetic minority oversampling to adjust the data distribution structure and improve minority class detection.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Hybrid Intrusion Detection System Based on Data Resampling and Deep Learning

Chen,

You,

Shiue

2024

IJACSA

View full text Add to dashboard Cite

The growth of the internet has advanced information-sharing capabilities and vastly increased the importance of global network security. However, because new and inconspicuous abnormal behaviors are nearly impossible to detect in massive network access environments, modern intrusion detection systems have identified a high rate of false-positive (FP) and false-negative (FN) attacks. To overcome this, this paper proposes a hybrid deep learning model that significantly mitigates the disadvantages of consistently imbalanced sample attack data. First, it resolves imbalanced data using random undersampling and synthetic minority oversampling techniques. Then, convolutional neural networks (CNNs) extract local and spatial features, and a transformer encoder extracts global and temporal features. The novelty of this combination increases recognition accuracy at the algorithm level, which is crucial to reducing FPs and FNs. The model was subjected to multiclassification testing on the NSL-KDD and CICIDS2017 benchmark datasets, and the results show that our model has higher classification accuracy and lower FP rates than state-ofthe-art intrusion detection models. Moreover, it significantly improves the detection rate of low-frequency attacks.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Hybrid Intrusion Detection System Based on Data Resampling and Deep Learning

Chen,

You,

Shiue

2024

IJACSA

View full text Add to dashboard Cite

show abstract

“…Furthermore, it also focuses on the techniques of IDS and the datasets used by researchers to develop IDS. The studies [8][9][10][11][12] illustrate the comparative analysis of ML and DL approaches in intrusion detection. In articles [13][14][15][16], the authors comprehensively explain about the ML algorithms for intrusion detection along with the detailed explanation of the datasets and challenges for modern scenario.…”

Section: Introductionmentioning

confidence: 99%

A Systematic and Comprehensive Survey of Recent Advances in Intrusion Detection Systems Using Machine Learning: Deep Learning, Datasets, and Attack Taxonomy

2023

View full text Add to dashboard Cite

Recently, intrusion detection systems (IDS) have become an essential part of most organisations’ security architecture due to the rise in frequency and severity of network attacks. To identify a security breach, the target machine or network must be watched and analysed for signs of an intrusion. It is defined as efforts to compromise the confidentiality, integrity, or availability of a computer or network or to circumvent its security mechanisms. Several IDS have been proposed in the literature to efficiently detect such attempts exploiting different characteristics of cyberattacks. These systems can provide with timely sensing the network intrusions and, subsequently, notifying the manager or the responsible person in an organisation. Important actions are then carried out to reduce the degree of damage caused by the intrusion. Organisations use such techniques to defend their systems from the network disconnectivity and increase reliance on the information systems by employing intrusion detection. This paper presents a detailed summary of recent advances in IDS from the literature. Nevertheless, a review of future research directions for detecting malicious operations and launching different attacks on systems is discussed and highlighted. Furthermore, this study presents detailed description of well-known publicly available datasets and a variety of strategies developed for dealing with intrusions.

show abstract

“…Attacks between 100 Gbps and 400 Gbps increased by 776% globally between 2018 and 2019, and the total number of DDoS attacks will double from 7.9 million in 2018 to 15.4 million by 2023. NIDS must be constantly improved to avoid malicious activity before it occurs as attackers always come up with new ways to exploit the network [8]. The authors in [9] highlight the research challenges in the field of IDS as follows: (i) systematic construction of an up-to-date dataset with enough instances of almost all the attack types; (ii) lower detection accuracy due to the imbalance dataset; (iii) low performance in a real-world environment; (iv) most of the IDS approaches suggested by the researcher are based on extremely sophisticated models requiring a lot of processing time and computing power.…”

Section: Introductionmentioning

confidence: 99%

Framing Network Flow for Anomaly Detection Using Image Recognition and Federated Learning

et al. 2022

View full text Add to dashboard Cite

The intrusion detection system (IDS) must be able to handle the increase in attack volume, increasing Internet traffic, and accelerating detection speeds. Network flow feature (NTF) records are the input of flow-based IDSs that are used to determine whether network traffic is normal or malicious in order to avoid IDS from difficult and time-consuming packet content inspection processing since only flow records are examined. To reduce computational power and training time, this paper proposes a novel pre-processing method merging a specific amount of NTF records into frames, and frame transformation into images. Federated learning (FL) enables multiple users to share the learned models while maintaining the privacy of their training data. This research suggests federated transfer learning and federated learning methods for NIDS employing deep learning for image classification and conducting tests on the BOUN DDoS dataset to address the issue of training data privacy. Our experimental results indicate that the proposed Federated transfer learning (FTL) and FL methods for training do not require data centralization and preserve participant data privacy while achieving acceptable accuracy in DDoS attack identification: FTL (92.99%) and FL (88.42%) in comparison with Traditional transfer learning (93.95%).

show abstract

A Comparative Analysis of Deep Learning Approaches in Intrusion Detection System

Cited by 9 publications

References 30 publications

Hybrid Intrusion Detection System Based on Data Resampling and Deep Learning

Hybrid Intrusion Detection System Based on Data Resampling and Deep Learning

A Systematic and Comprehensive Survey of Recent Advances in Intrusion Detection Systems Using Machine Learning: Deep Learning, Datasets, and Attack Taxonomy

Framing Network Flow for Anomaly Detection Using Image Recognition and Federated Learning

Contact Info

Product

Resources

About