Cyber attacks are becoming more sophisticated and, hence, more difficult to detect. Using efficient and effective machine learning techniques to detect network anomalies and intrusions is an important aspect of cyber security. A variety of machine learning models have been employed to help detect malicious intentions of network users. In this paper, we evaluate performance of recurrent neural networks (Long Short-Term Memory and Gated Recurrent Unit) and Broad Learning System with its extensions to classify known network intrusions. We propose two BLS-based algorithms with and without incremental learning. The algorithms may be used to develop generalized models by using various subsets of input data and expanding the network structure. The models are trained and tested using Border Gateway Protocol routing records as well as network connection records from the NSL-KDD and Canadian Institute of Cybersecurity datasets. Performance of the models is evaluated based on selected features, accuracy, F-Score, and training time.

中文翻译：

---

用于检测通信网络中的异常和入侵的机器学习


网络攻击变得越来越复杂，因此更难以检测。使用高效且有效的机器学习技术来检测网络异常和入侵是网络安全的一个重要方面。各种机器学习模型已被用来帮助检测网络用户的恶意意图。在本文中，我们评估了循环神经网络（长短期记忆和门控循环单元）和广泛学习系统及其扩展以对已知网络入侵进行分类的性能。我们提出了两种基于 BLS 的算法，有和没有增量学习。该算法可用于通过使用输入数据的各种子集并扩展网络结构来开发通用模型。这些模型使用边界网关协议路由记录以及来自 NSL-KDD 和加拿大网络安全研究所数据集的网络连接记录进行训练和测试。模型的性能根据所选特征、准确性、F 分数和训练时间进行评估。