A network intrusion detection method based on semantic Re-encoding and deep learning
Introduction
With the development of information technology, people at present enjoy the convenience of network. While the number and scale of security threats is growing rapidly, which has caused great damage to network resources and privacy leaks. Methods and features of network intrusion are constantly changing and developing. Thus intrusion detection is still an important research issue at present.
Intrusion detection technology has been continuously studied by researchers (Moustafa et al., 2019; Bhuyan et al., 2013; Jaiganesh et al., 2013; Aburomman and Reaz, 2017; Kabir et al., 2018). In general, intrusion detection can be taken as a classification problem, classifying the incoming network into normal and attack one. Existing intrusion detection models mainly combine various existing machine learning methods with intrusion detection data sets. The intrusion detection data set is a general big data set, which is directly input into the existing various machine learning models to train the intrusion detection classifier. And various current learning methods can be broadly classified into three types: traditional machine learning based method, deep learning based method, and hybrid method.
The traditional machine-learning methods include Support vector machine (SVM), k-Nearest Neighbor (kNN), Decision Trees, and so on. As collected data sets become larger and larger, deep learning-based approaches are gaining much attention since they can learn computational process in depth and may lead to better generalization capabilities. There are methods like Deep belief network (DBN), Convolutional neural network (CNN), Recurrent neural network (RNN), AutoEncoder, and so on. In order to further improve the accuracy of recognition, the method of combining various data classification methods to form a hybrid classifier has been studied. A large number of experiments shown that hybrid-based techniques display a better detection performance for specific data sets. Because of a specific classifier and merge method, they can achieve higher precision and detection rate than a single method.
Through continuous efforts, researchers now are able to design high accuracy detectors for fixed intrusion data sets. However, due to the continuous dynamic changes of network intrusion traffic, high accuracy for only fixed data sets cannot guarantee the excellent detection performance in the face of dynamic traffic. Our work conducts to analyze the detectability of dynamic intrusion traffic, and we then propose an effective intrusion detection algorithm based on semantic re-encoding and deep learning. Semantic re-encoding technology attempts to re-express the semantic space of intrusion traffic to achieve the purpose of increasing the distinguishability of abnormal traffic. On the basis of semantic re-encoding, deep learning technology is used to enhance the generalization ability of the intrusion detection model. The main contributions of this work are as follows:
- 1.
We find that the semantics of network traffic are different. Normal network traffic and attack network traffic often have significant differences in narrative semantics. Based on this, a semantic re-encoding method for intrusion network flow is designed, which can effectively increase the distinguish ability of abnormal network traffic.
- 2.
We design a deep learning-based detection model for intrusion traffic, which enhances the generalization capabilities of intrusion detection models.
Experimental results show that our approach get competitive performance.
The rest of this paper is organized as follows: Section 2 introduces the related works. Section 3 describes our proposed method in detail. Section 4 shows experimental performances. Finally, the conclusion is presented in Section 5.
Section snippets
Related work
Previously, many researchers use methods on pure traditional classifiers to the intrusion detection field. There are classifiers like Naïve Bayes, SVM, decision trees, kNN and so on (Dhanabal and Shantharajah, 2015; Deshmukh et al., 2015; Heba et al., 2010; Naoum and Al-Sultani, 2012).These methods have indeed achieved a lot of achievements, and laid a solid foundation for later research.
Many researches have been conducted since deep-learning. Researches make lots of work on the preprocess of
Problem formulation
As people's activities in cyberspace become more frequent, network intrusion traffic presents a trend of continuous dynamic changes, which makes the detection model for fixed dataset design often unsatisfactory. More importantly, dynamically changing network intrusion traffic has a large number of hidden and burst features showing discontinuity, while the current mainstream deep learning model behaves better at characterizing continuously changing data features. Then how to improve the
Experimental results and analysis
This experiment examines two data sets. One is the dataset collected especially for web attack in Hangdian Security Lab, which contains both the normal and abnormal http streams, named Hduxss_data1.0. The other is the NSL-KDD, which is considered to be the benchmark evaluation data set in the field of intrusion detection. The experiment is performed on Pytorch 1.0 using a computer with GPU 2080ti, the operating system is Ubuntu 18.04, and the memory is 32G.
Conclusions
This paper proposes an SRDLM intrusion detection method based on semantic re-encoding and deep learning. The SRDLM algorithm has advantages in dealing with anomaly detection of network traffic with huge semantic coding space and negligible word order. However, for the network traffic that has been extracted features, semantic re-encoding technology has limited performance improvement in traffic detection. Semantic re-encoding technology can be combined with deep learning technology to achieve
CRediT authorship contribution statement
Zhendong Wu: Methodology, Writing - original draft, Writing - review & editing, Software, Resources. Jingjing Wang: Software, Writing - original draft. Liqin Hu: Investigation, Formal analysis. Zhang Zhang: Validation. Han Wu: Validation.
Declaration of competing interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgement
This research is supported by National Natural Science Foundation of China (No.61772162), Key Projects of NSFC Joint Fund of China (No.U1866209), National Natural Science Foundation of China (No.61602144), National Key R&D Program of China (No.2018YFB0804102).
Zhendong Wu received the M.S. degree and the PhD degree in Computer Science and Technology from the Zhejiang University, Hangzhou, China. Currently, he is an Associate Professor with the School of Cyberspace, Hangzhou Dianzi University, Hangzhou, China. His current research interests include biometrics, biological cryptography, machine intelligence and natural language research.
References (28)
- et al.
A survey of intrusion detection systems based on ensemble and hybrid classifiers
Comput. Secur.
(2017) - et al.
Network anomaly detection using channel boosted and residual learning based deep convolutional neural network
Appl. Soft Comput.
(2019) - et al.
A novel statistical technique for intrusion detection systems
Future Generat. Comput. Syst.
(2018) - et al.
A holistic review of network anomaly detection systems: a comprehensive survey
J. Netw. Comput. Appl.
(2019) - et al.
Deep learning approach combining sparse autoencoder with svm for network intrusion detection
IEEE Access
(2018) - et al.
Network anomaly detection: methods, systems and tools
IEEE Commun. Surv. Tutor.
(2013) - et al.
Multiclass network attack classifier using cnn tuned with genetic algorithms
- et al.
Improving classification using preprocessing and machine learning algorithms on nsl-kdd dataset
- et al.
A study on nsl-kdd dataset for intrusion detection system based on classification algorithms
Int. J. Adv. Res. Comput. Commun. Eng.
(2015) - et al.
An adaptive ensemble machine learning model for intrusion detection
IEEE Access
(2019)
Deep residual learning for image recognition
Principle components analysis and support vector machine based intrusion detection system
Using long-short-term memory based convolutional neural networks for network intrusion detection
Performance analysis of nsl-kdd dataset using ann
Cited by (56)
Intrusion detection for Industrial Internet of Things based on deep learning
2024, NeurocomputingA comprehensive review on deep learning algorithms: Security and privacy issues
2023, Computers and SecurityScalable anomaly-based intrusion detection for secure Internet of Things using generative adversarial networks in fog environment
2023, Journal of Network and Computer ApplicationsIPFS based storage Authentication and access control model with optimization enabled deep learning for intrusion detection
2023, Advances in Engineering SoftwareCitation Excerpt :This method did not provide better results in various environments. Wu, Z., et al. [23] devised SRDLM for recognizing network intrusions. Here, the intrusion detection procedure was carried out using the SRDLM technique by storing the semantics of network traffic, which enhances traffic classification and the generalizability of the algorithm.
Network intrusion detection based on DNA spatial information
2022, Computer NetworksFederated Learning for intrusion detection system: Concepts, challenges and future directions
2022, Computer CommunicationsCitation Excerpt :Such attacks that may not be exposed unless they penetrate the host. NIDS are deployed at a predetermined location throughout the network to scrutinize traffic from all connected networks [38]. It interprets all the traffic that passes through the sub-net and based on the comparison with anomalies library, an intrusion is identified.
Zhendong Wu received the M.S. degree and the PhD degree in Computer Science and Technology from the Zhejiang University, Hangzhou, China. Currently, he is an Associate Professor with the School of Cyberspace, Hangzhou Dianzi University, Hangzhou, China. His current research interests include biometrics, biological cryptography, machine intelligence and natural language research.
Jingjing Wang is currently pursuing the master degree in Information security at Hangzhou Dianzi University, Hangzhou, China. Her research interests include data mining, deep learning and intrusion detection.
Liqin Hu received the Ph.D. degree in mathematics from the Nanjing University of Aeronautics and Astronautics, Nanjing, China. She is a lecturer of the School of Cyberspace Security at Hangzhou Dianzi University. Her research interests include cryptography, and coding theory.
Zhang Zhang is currently pursuing the master degree in School of Systems Science at Beijing Normal University, Beijing, China. His research interests include complex system and Machine learning techniques.
Han Wu is currently pursuing the master degree in Cyberspace security at Hangzhou Dianzi University, Hangzhou, China. His research interests include computer vision, deep learning and datamining.