Network intrusion detection based on IE-DBN model☆
Introduction
The Internet, featured by openness and inclusiveness, is vulnerable to external invasion. Intrusion detection, a technology for prompt detection and report of unauthorized accesses or anomalies, provides a solution to protection of the security of network systems. At present, there are four popular intrusion detection methods; (1) Feature-based detection: This method boasts high accuracy in prediction and detection, but it entails prior knowledge or experience of intrusions and attacks; (2) Statistical algorithm-based detection: mainly used for anomaly detection, this method has a high detection rate, but its “learning” ability can make the intruders follow the statistical rule of normal operation and pass the detection; (3) Expert systems: This method mainly aims at intrusion behaviors, and its effectiveness depends entirely on the completeness of the knowledge base of an expert system; (4) File integrity check: This method checks the similarities and differences between the digital digest and the values in the database through the Hash function.
An artificial intelligence anomaly detection method is proposed in [1]. This method obtains features and statistical data by monitoring the network traffic, analyzing and processing packets, and carries out anomaly detection combined with cluster analysis, with an accuracy of 98%. Yazdinejadna et al. [2] proposed a kangaroo-based intrusion detection system, which was based on the software-defined networking (SDN) architecture for data plane attack detection and malicious behaviors, and was proved to perform well in detecting malicious packets. Lou et al. [3] constructed a rule base for detecting network intrusion and developed a new method for mining association rules from multi-source logs of the cloud computing platform to detect various intrusion behaviors. This approach can speed up the computation adaptively and has a good effect on the computation efficiency and accuracy. Although non-machine learning attack detection schemes are sensitive to known attack types, they show limitations in dealing with unknown attacks and big data [4].
In recent years, with the continuous development of artificial intelligence and machine learning technologies, researchers have proposed the use of machine learning methods for intrusion detection, such as neural networks, decision trees, artificial immune systems, support vector machine [5] methods, to improve detection accuracy. Kasongo and Sun [6] used machine learning to build an intrusion detection system:
For high-dimensional data spaces and highly unbalanced data sets, a filter-based feature reduction technique was applied using the XGBoost algorithm; then, the machine learning algorithm was adopted to detect the simplified feature space. The detection accuracy was improved by 2.72%. In [7], the CNN algorithm was adopted for feature extraction. Naive Bayes and self-organizing mapping are applied to intrusion detection, and the detection rate of user-to-root (U2R) type reached 93.0%. However, in the face of massive data intrusion detection, the conventional shallow machine learning methods show such shortcomings as limited expression and generalization capacity as well as susceptibility to overfitting. These defects will greatly reduce the processing speed of the system and affect the detection effect of the model.
Deep learning methods can reduce the feature dimension of massive data and classify a large amount of unlabeled data. However, the general deep neural networks are vulnerable to the influence of weights, thresholds, and learning rates, and are likely to fall into local optimum. Wang et al. [8] combine the gated convolutional neural network (GCNN) model with a data augmentation method for intrusion detection, which enhances the robustness of the model. After verification, the GCNN model can better obtain the potential information of enhanced data and achieve the best performance. The GAN algorithm is applied to intrusion detection and has achieved very good detection results [9], [10], [11]. Some scholars [12], [13], [14], [15], [16] applied deep learning neural network algorithms to intrusion detection. The influence of hidden layer nodes, the number of neural network layers, and the learning rate on the performance of the algorithm are discussed to improve the accuracy of intrusion detection. Some scholars also proposed an intrusion detection algorithm based on the hybrid model of deep learning [17], [18], [19], [20], [21], but the hybrid model is relatively complex.
Analyses of the above intrusion detection algorithms reveal many shortcomings of conventional intrusion detection methods: shallow machine learning algorithms cannot solve complex problems, general deep learning algorithms are susceptible to the influence of parameters such as weights, and the hybrid model is relatively complex. To address these problems, this paper proposes an IE-DBN model for intrusion detection, in which the information entropy is employed to optimize the DBN network structure to determine the number of hidden neurons and the network depth.
The main contributions of this paper are as follows:
(1) Information gain (IG) is used to reduce the dimension of the feature data to preserve the feature attributes that contributed more to the results.
(2) The RError value is used to adjust the number of hidden layers to determine the network depth, that is, the model structure.
(3) Information entropy (IE) is used to optimize the number of nodes in the hidden layer to get the best number of nodes in the hidden layer.
This paper is organized in five sections: Section 1 is the introduction, which states the research value, status quo, and existing problems of intrusion detection methods. Section 2 presents related works, which introduces the application of the DBN model and information entropy in intrusion detection, and proposes the research method of this article. The third section is the establishment of the IE-DBN model. The following section is the experimental results and analysis. Conclusion and further work are presented in Section 5.
Section snippets
Related work
At present, in the field of network security, the DBN algorithm and information entropy have become popular methods for intrusion detection. However, no scholar has combined the two for intrusion detection. In this paper, the number and depth of hidden layer neurons in DBN network are determined by information entropy and a model that combines the IE-DBN model is applied to intrusion detection.
Information entropy optimization deep belief network model
In the present work, the DBN network structure is optimized by information entropy, which could preclude underfitting or overfitting, and effectively improve the learning efficiency and accuracy of the network. In this way, the model can better represent the input information.
Experiments
The model of information entropy-optimized DBN network proposed in this paper. As validated on the UCI machine learning data set [36], the model could improve the detection accuracy and reduce the false alarm rate. However, the imbalance of the UCI data set remains a problem: the sample size of a certain type is small and will result in a low detection accuracy of this type. Because of the imbalance of the data set, the SMOTE oversampling algorithm was used to treat the data set to improve the
Conclusion and further work
Due to the random initialization of weight parameters in the back-propagation process of the BP neural network model, the network is prone to local optimum and overfitting may occur. Under the condition of the same parameters, the training results may differ greatly. The DBN model has better robustness, adaptability, and stability when it carries out layer-by-layer unsupervised training on RBM. Increasing the number of layers in DBN can improve the calculation accuracy, but after increasing the
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
References (48)
- et al.
A distributed real-time SlowDos attacks detection over encrypted traffic using artificial intelligence
J. Netw. Comput. Appl.
(2021) - et al.
IGAN-IDS: An imbalanced generative adversarial network towards intrusion detection system in Ad-hoc networks
Ad Hoc Netw.
(2020) - et al.
A kangaroo-based intrusion detection system on software-defined networks
Comput. Netw.
(2021) - et al.
Cyber intrusion detection through association rule mining on multi-source logs
Appl. Intell.
(2020) - et al.
Intrusion detection scheme based on semi-supervised learning and information gain rate
Comput. Res. Dev.
(2017) - J.V. Anand Sukumar, I. Pranav, M. Neetish, J. Narayanan, Network Intrusion Detection Using Improved Genetic k-means...
- et al.
Performance analysis of intrusion detection systems using a feature selection method on the UNSW-NB15 dataset
J. Big Data
(2020) - et al.
Analysis of intrusion detection in cyber-attacks using DEEP learning neural networks
Peer-To-Peer Netw. Appl.
(2020) - et al.
On the combination of data augmentation method and gated convolution model for building effective and robust intrusion detection
Cybersecurity
(2020) - et al.(2019)
Network intrusion detection method based on GAN-PSO-ELM
Comput. Eng. Appl.
Application of machine learning in cyberspace security research
J. Comput.
A deep learning approach for intrusion detection using recurrent neural networks
IEEE Access
Enhanced network anomaly detection based on deep neural networks
IEEE Access
Intrusion detection using reduced-size RNN based on feature grouping
Neural Comput. Appl.
Intrusion detection model based on deep belief network
J. Southeast Univ.
Intrusion detection algorithm based on DBN-Kelm
Comput. Eng.
On the hybridization of pre-trained deep learning and differential evolution algorithms for semantic crack detection and recognition in ensemble of infrastructures
Smart and Sustain. Built Environ.
Design of hybrid intrusion detection model using information gain rate
Inf. Control
A GPU-assisted NFV framework for intrusion detection system
Comput. Commun.
An effective feature engineering for DNN using hybrid PCA-GWO for intrusion detection in IoMT architecture
Comput. Commun.
An intrusion detection approach based on improved deep belief network
Appl. Intell.
Intrusion detection of UAVs based on the deep belief network optimized by PSO
Sensors
Developing a multi-level intrusion detection system using hybrid-DBN
J. Ambient Intell. Humaniz. Comput.
Cited by (27)
Improved feature ranking fusion process with Hybrid model for crop yield prediction
2024, Biomedical Signal Processing and ControlHybrid VGG19 and 2D-CNN for intrusion detection in the FOG-cloud environment
2024, Expert Systems with ApplicationsBig data analytics deep learning techniques and applications: A survey
2024, Information SystemsAn optimized ensemble prediction model using AutoML based on soft voting classifier for network intrusion detection
2023, Journal of Network and Computer ApplicationsReal-time network intrusion detection using deferred decision and hybrid classifier
2022, Future Generation Computer SystemsCitation Excerpt :This process improves the scalability of the session size, allowing a robust and smooth operation on large networks compared to the packet-based approach. In general, session-based NIDS processes session-by-session to extract the session features for ML, reflecting the characteristics of that session [14,20–25]. Such intra-session-based features may not reflect the characteristics of a distributed intrusion by multiple sessions, such as a DDoS attack [26,27].
- ☆
This work is supported by the National Natural Science Foundation of China (61673319); Doctoral Research Start-up Fund of Wei nan Normal University: Research on Digital Activation Technology of Cultural Relics (20RC15); Key Research and Development Projects of Science and Technology in Weinan (zdyf-jcyj-19_zsg,2019-ZDYF-SFGG-59); Project of Weinan Normal University (21WX13,20HX109); Weinan Normal University electronic information (computer technology) master degree program (18TSXK06).