The Internet connection is becoming ubiquitous in embedded systems, making them potential victims of intrusion. Although gaining popularity in recent years, deep learning based intrusion detection systems tend to produce worse results than those using traditional machine learning algorithms. On the contrary, we propose an end-to-end methodology allowing a neural network to outperform traditional machine learning algorithms. We demonstrate high performance score on CIC-IDS2017 data set, showing an accuracy greater than 99% and a false positive rate lower than 0.5%. Our results are compared to traditional machine learning algorithms and previous studies. Then, we show that our approach can be successfully applied to CSE-CIC-IDS2018 data set, confirming that neural network can reach better scores than other machine learning algorithms. Our performance is compared to previous work on this data set. We further deployed our solution on a system-on-chip for automotive, allowing to characterize real-time performance aspect on an embedded system, both for feature extraction and inference. Finally, a discussion opens up on problems related to some attacks that are particularly difficult to detect with flow-based techniques and weaknesses found in the data sets.

Internet 连接在嵌入式系统中变得无处不在，使它们成为入侵的潜在受害者。尽管近年来越来越受欢迎，但基于深度学习的入侵检测系统往往比使用传统机器学习算法的系统产生更差的结果。相反，我们提出了一种端到端的方法，允许神经网络优于传统的机器学习算法。我们在 CIC-IDS2017 数据集上展示了很高的性能得分，显示准确率大于 99%，误报率低于 0.5%。我们的结果与传统的机器学习算法和以前的研究进行了比较。然后，我们表明我们的方法可以成功应用于 CSE-CIC-IDS2018 数据集，证实神经网络可以达到比其他机器学习算法更好的分数。我们的性能与该数据集以前的工作进行了比较。我们进一步在汽车片上系统上部署了我们的解决方案，允许在嵌入式系统上表征实时性能方面，用于特征提取和推理。最后，将展开与某些攻击有关的问题的讨论，这些问题特别难以使用基于流的技术来检测，并且存在数据集中的弱点。