An Efficient Hyperparameter Control Method for a Network Intrusion Detection System Based on Proximal Policy Optimization

Han, Hyojoon; Kim, Hyukho; Kim, Yangwoo

doi:10.3390/sym14010161

Cited by 33 publications

(12 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In comparison with the other studies using deep learning models, Zhu et al [7] proposed the AMF-LSTM model to identify abnormal flow and Han et al [22] used a deep neural network as a feature extractor and uses a k-means clustering module to classify attack types, we used a deep learning model based on the LSTM model to learn hidden features and detect abnormal flow and we also used KNN, AdaBoost, and Random Forest models in combination with the deep learning model to increase performance, [22] 0.9356 Ahmim et al [5] 0.9448 Sharafaldin et al [4] 0.9800 Our proposal method 0.9977 so our result is better than Zhu et al [7]. To classify attack types, our proposal model used both forward and backward flows, so our result is better than Han et al [22]. Our results are also better than the result of studies using traditional machine models as the results of Sharafaldin et al [4] and Ahmim et al [5].…”

Section: Experiments Results and Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Detection of Abnormal Network Traffic Using Bidirectional Long Short-Term Memory

Thanh¹,

Nguyen²

2023

Computer Systems Science and Engineering

View full text Add to dashboard Cite

Nowadays, web systems and servers are constantly at great risk from cyberattacks. This paper proposes a novel approach to detecting abnormal network traffic using a bidirectional long short-term memory (LSTM) network in combination with the ensemble learning technique. First, the binary classification module was used to detect the current abnormal flow. Then, the abnormal flows were fed into the multilayer classification module to identify the specific type of flow. In this research, a deep learning bidirectional LSTM model, in combination with the convolutional neural network and attention technique, was deployed to identify a specific attack. To solve the real-time intrusion-detecting problem, a stacking ensemble-learning model was deployed to detect abnormal intrusion before being transferred to the attack classification module. The class-weight technique was applied to overcome the data imbalance between the attack layers. The results showed that our approach gained good performance and the F1 accuracy on the CICIDS2017 data set reached 99.97%, which is higher than the results obtained in other research.

show abstract

Section: Experiments Results and Discussionmentioning

confidence: 99%

“…Han et al [22] performed the most recent study. They used proximal policy optimization as a reinforcement learning model that trains a deep neural network as a feature extractor and uses a k-means clustering module to classify attack types.…”

Section: Related Workmentioning

confidence: 99%

Detection of Abnormal Network Traffic Using Bidirectional Long Short-Term Memory

Thanh¹,

Nguyen²

2023

Computer Systems Science and Engineering

View full text Add to dashboard Cite

show abstract

“…In the era of big data, machine learning approaches have been widely implemented in intrusion detection systems (IDS), and part of the research has employed classic machine learning algorithms or their enhancements, such as SVM, K-means, KNN, RF, and so on 1 , 18 – 20 , and deep learning algorithms, such as ANN, CNN, LSTM, etc 21 – 27 . In the literature 28 , the authors suggest an IDS based on spark and Conv-AE that employs public datasets such as KDD99 for performance evaluation, and the findings indicate that imbalanced datasets affect model performance.…”

Section: Related Workmentioning

confidence: 99%

ID-RDRL: a deep reinforcement learning-based feature selection intrusion detection model

Ren

Zeng

Cao

et al. 2022

Sci Rep

View full text Add to dashboard Cite

Network assaults pose significant security concerns to network services; hence, new technical solutions must be used to enhance the efficacy of intrusion detection systems. Existing approaches pay insufficient attention to data preparation and inadequately identify unknown network threats. This paper presents a network intrusion detection model (ID-RDRL) based on RFE feature extraction and deep reinforcement learning. ID-RDRL filters the optimum subset of features using the RFE feature selection technique, feeds them into a neural network to extract feature information and then trains a classifier using DRL to recognize network intrusions. We utilized CSE-CIC-IDS2018 as a dataset and conducted tests to evaluate the model’s performance, which is comprised of a comprehensive collection of actual network traffic. The experimental results demonstrate that the proposed ID-RDRL model can select the optimal subset of features, remove approximately 80% of redundant features, and learn the selected features through DRL to enhance the IDS performance for network attack identification. In a complicated network environment, it has promising application potential in IDS.

show abstract

“…In the era of big data, machine learning approaches have been widely implemented in intrusion detection systems (IDS), and part of the research has employed classic machine learning algorithms or their enhancements, such as SVM, K-means, KNN, RF, and so on 1,[7][8][9] , and deep learning algorithms, such as ANN, CNN, LSTM, etc [10][11][12][13][14][15][16] . In the literature 17 , the authors suggest an IDS based on spark and Conv-AE that employs public datasets such as KDD99 for performance evaluation, and the findings indicate that imbalanced datasets affect model performance.…”

Section: Related Workmentioning

confidence: 99%

ID-RDRL: A Deep Reinforcement Learning-based Feature Selection Intrusion Detection Model

Ren

Zeng

Cao

et al. 2022

Preprint

View full text Add to dashboard Cite

Network assaults pose significant security concerns to network services; hence, new technical solutions must be used to enhance the efficacy of intrusion detection systems. Existing approaches pay insufficient attention to data preparation and inadequately identify unknown network threats. This paper presents a network intrusion detection model (ID-RDRL) based on RFE feature extraction and reinforcement learning. ID-RDRL filters the optimum subset of features using the RFE feature selection technique, feeds them into a neural network to extract feature information and then trains a classifier using DRL to recognize network intrusions. We utilized CSE-CIC-IDS2018 as a dataset and conducted tests to evaluate the model's performance, which is comprised of a comprehensive collection of actual network traffic. The experimental results demonstrate that the proposed ID-RDRL model can select the optimal subset of features, remove approximately 80 percent of redundant features, and learn the selected features through DRL to enhance the IDS performance for network attack identification. In a complicated network environment, it has promising application potential in IDS.

show abstract

An Efficient Hyperparameter Control Method for a Network Intrusion Detection System Based on Proximal Policy Optimization

Cited by 33 publications

References 32 publications

Detection of Abnormal Network Traffic Using Bidirectional Long Short-Term Memory

Detection of Abnormal Network Traffic Using Bidirectional Long Short-Term Memory

ID-RDRL: a deep reinforcement learning-based feature selection intrusion detection model

ID-RDRL: A Deep Reinforcement Learning-based Feature Selection Intrusion Detection Model

Contact Info

Product

Resources

About