Network intrusion detection using multi-architectural modular deep neural network
- PDF / 1,388,622 Bytes
- 23 Pages / 439.37 x 666.142 pts Page_size
- 70 Downloads / 232 Views
Network intrusion detection using multi‑architectural modular deep neural network Ramin Atefinia1 · Mahmood Ahmadi1
© Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract The exponential growth of computer networks and the adoption of new networkbased technologies have made computer security an important challenge. With the emergence of new internet-connected devices, the attack surface is increasing for cyber intruders. Many intrusion detection systems attempt to detect known attacks using signatures in network traffic. In recent years, researchers used several machine learning techniques to detect network attacks without relying on these signatures. These techniques generally suffer from a high false-positive rate which is not acceptable for an industry-ready intrusion detection product. In this paper, we propose a multi-architectural modular deep neural network model to decrease the false-positive rate of anomaly-based intrusion detection systems. Our model consists of a feedforward module, a stack of restricted Boltzmann machine module, and two recurrent modules, the output weights of these modules are fed to an aggregator module to produce the answer of the model. The experiments are performed using CSE-CICIDS2018 dataset, and final models can be used in an IDS for generating alerts or preventing new attacks. The experimental results show improvement in the detection of some types of network attacks with accuracy as high as 100% for network-level attacks compared to related works. Keywords Intrusion detection · Artificial neural networks · Cyber security
* Mahmood Ahmadi [email protected] Ramin Atefinia [email protected] 1
Computer Engineering and Information Technology Department, Razi University, Kermanshah, Iran
13
Vol.:(0123456789)
R. Atefinia, M. Ahmadi
1 Introduction Computer and Information Security is a growing problem. In the past 20 years, intrusion techniques as well as security protections have advanced rapidly. Although cyberattacks have evolved using new techniques, most organizations are still using the old generation of cybersecurity measures. These new attacks can bypass the static defense methods being used by today’s organizations. The government today holds valuable information on web servers which include sensitive data related to every citizen. This makes web servers a popular target for intruders. An Intrusion Detection System (IDS) is a security software/hardware system that alerts administrators when suspicious activity is discovered in networks or computers. Some systems can also attempt to stop intrusions and block the potential threats; these systems are called Intrusion Prevention Systems (IPS), but organizations should consider that an IPS can block legitimate activity due to false positives. In terms of scope, an IDS can be classified into network-based, host-based, or hybrid systems. Host-based IDS (HIDS) analyzes and monitors inside of computers such as operating system audit records, application logs, and key system files for suspicious a
Data Loading...
