Attack classification of an intrusion detection system using deep learning and hyperparameter optimization

Published on May 1, 2021
· DOI :10.1016/J.JISA.2021.102804
Yesi Novaria Kunang4
Estimated H-index: 4
(Sriwijaya University),
Siti Nurmaini10
Estimated H-index: 10
(Sriwijaya University)
+ 1 AuthorsBhakti Yudho Suprapto4
Estimated H-index: 4
Abstract A network intrusion detection system (NIDS) is a solution that mitigates the threat of attacks on a network. The success of a NIDS depends on the success of its algorithm and the performance of its method in recognizing attacks. We propose a deep learning intrusion detection system (IDS) using a pretraining approach with deep autoencoder (PTDAE) combined with a deep neural network (DNN). Models were developed using hyperparameter optimization procedures. This research provides an alternative solution to deep learning structure models through an automatic hyperparameter optimization process that combines grid search and random search techniques. The automated hyperparameter optimization process helps determine the value of hyperparameters and the best categorical hyperparameter configuration to improve detection performance. The proposed model was tested on the NSL-KDD, and CSE-CIC-ID2018 datasets. In the pretraining phase, we present the results of applying our technique to three feature extraction methods: deep autoencoder (DAE), autoencoder (AE), and stack autoencoder (SAE). The best results are obtained for the DAE method. These performance results also successfully outperform previous approaches in terms of performance metrics in multiclass classification.
📖 Papers frequently viewed together
20183.75IEEE Access
104 Citations
3 Authors (Prabhav Gupta, ..., Nihal Reddy)
2019ICCAD: International Conference on Computer Aided Design
1 Citations
#1Manuel Lopez-Martin (University of Valladolid)H-Index: 7
#2Belen Carro (University of Valladolid)H-Index: 18
Last. Antonio Sánchez-Esguevillas (University of Valladolid)H-Index: 18
view all 3 authors...
Abstract The application of new techniques to increase the performance of intrusion detection systems is crucial in modern data networks with a growing threat of cyber-attacks. These attacks impose a greater risk on network services that are increasingly important from a social end economical point of view. In this work we present a novel application of several deep reinforcement learning (DRL) algorithms to intrusion detection using a labeled dataset. We present how to perform supervised learni...
51 CitationsSource
#1Wenbin YuH-Index: 1
#2Yiyin WangH-Index: 1
Last. Lei SongH-Index: 2
view all 3 authors...
Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanisms. An improved intrusion detection system (IDS), which is strongly correlated to specific industrial scenarios, is necessary for modern ICS. On one hand, this paper outlines three kinds of attack models, including infiltration attacks, creative forging attacks,...
4 CitationsSource
#1Youngjun Yoo (POSTECH: Pohang University of Science and Technology)H-Index: 4
Abstract This paper proposes a method to find the hyperparameter tuning for a deep neural network by using a univariate dynamic encoding algorithm for searches. Optimizing hyperparameters for such a neural network is difficult because the neural network that has several parameters to configure; furthermore, the training speed for such a network is slow. The proposed method was tested for two neural network models; an autoencoder and a convolution neural network with the Modified National Institu...
25 CitationsSource
#1Hadi S. Jomaa (University of Hildesheim)H-Index: 4
#2Josif Grabocka (University of Hildesheim)H-Index: 13
Last. Lars Schmidt-Thieme (University of Hildesheim)H-Index: 39
view all 3 authors...
Hyperparameter tuning is an omnipresent problem in machine learning as it is an integral aspect of obtaining the state-of-the-art performance for any model. Most often, hyperparameters are optimized just by training a model on a grid of possible hyperparameter values and taking the one that performs best on a validation sample (grid search). More recently, methods have been introduced that build a so-called surrogate model that predicts the validation loss for a specific hyperparameter setting, ...
13 Citations
#1Peng Lin (CAS: Chinese Academy of Sciences)H-Index: 2
#2Kejiang Ye (CAS: Chinese Academy of Sciences)H-Index: 15
Last. Cheng-Zhong Xu (UM: University of Macau)H-Index: 60
view all 3 authors...
The Internet and computer networks are currently suffering from serious security threats. Those threats often keep changing and will evolve to new unknown variants. In order to maintain the security of network, we design and implement a dynamic network anomaly detection system using deep learning methods. We use Long Short Term Memory (LSTM) to build a deep neural network model and add an Attention Mechanism (AM) to enhance the performance of the model. The SMOTE algorithm and an improved loss f...
23 CitationsSource
Jun 12, 2019 in IWANN (International Work-Conference on Artificial and Natural Neural Networks)
#1José F. Torres (Pablo de Olavide University)H-Index: 10
#2David Gutiérrez-Avilés (Pablo de Olavide University)H-Index: 7
Last. Francisco Martínez-Álvarez (Pablo de Olavide University)H-Index: 26
view all 4 authors...
In this paper, we introduce a deep learning approach, based on feed-forward neural networks, for big data time series forecasting with arbitrary prediction horizons. We firstly propose a random search to tune the multiple hyper-parameters involved in the method performance. There is a twofold objective for this search: firstly, to improve the forecasts and, secondly, to decrease the learning time. Next, we propose a procedure based on moving averages to smooth the predictions obtained by the dif...
12 CitationsSource
#1V. KanimozhiH-Index: 1
#2T. Prem JacobH-Index: 10
Abstract One of the latest emerging technologies is artificial intelligence, which makes the machine mimic human behaviour. The most important component used to detect cyber attacks or malicious activities is the intrusion detection system (IDS). Artificial intelligence plays a vital role in detecting intrusions and widely considered as the better way in adapting and building IDS. In modern days, neural network algorithms are emerging as a new artificial intelligence technique that can be applie...
32 CitationsSource
#1R. Vinayakumar (Amrita Vishwa Vidyapeetham)H-Index: 24
#2Mamoun Alazab (CDU: Charles Darwin University)H-Index: 32
Last. Sitalakshmi VenkatramanH-Index: 16
view all 6 authors...
Machine learning techniques are being widely used to develop an intrusion detection system (IDS) for detecting and classifying cyberattacks at the network-level and the host-level in a timely and automatic manner. However, many challenges arise since malicious attacks are continually changing and are occurring in very large volumes requiring a scalable solution. There are different malware datasets available publicly for further research by cyber security community. However, no existing study ha...
258 CitationsSource
#1Deris StiawanH-Index: 9
#2Mohammad Yazid Bin Idris (UTM: Universiti Teknologi Malaysia)H-Index: 4
Last. Rahmat Budiarto (Al Baha University)H-Index: 13
view all 6 authors...
Internet of Things (IoT) devices may transfer data to the gateway/application server through File Transfer Protocol (FTP) transaction. Unfortunately, in terms of security, the FTP server at a gateway or data sink very often is improperly set up. At the same time, password matching/theft holding is among the popular attacks as the intruders attack the IoT network. Thus, this paper attempts to provide an insight of this type of attack with the main aim of coming up with attack patterns that may he...
17 CitationsSource
#1Riyaz Ahamed Ariyaluran Habeeb (Information Technology University)H-Index: 4
#2Fariza Hanum Nasaruddin (Information Technology University)H-Index: 8
Last. Muhammad Imran (KSU: King Saud University)H-Index: 101
view all 6 authors...
Abstract The advent of connected devices and omnipresence of Internet have paved way for intruders to attack networks, which leads to cyber-attack, financial loss, information theft in healthcare, and cyber war. Hence, network security analytics has become an important area of concern and has gained intensive attention among researchers, off late, specifically in the domain of anomaly detection in network, which is considered crucial for network security. However, preliminary investigations have...
108 CitationsSource
Cited By4
#1Mohit Nagpal (Panjab University, Chandigarh)
#2Manisha Kaushal (Thapar University)
Last. Akashdeep Sharma (Panjab University, Chandigarh)H-Index: 5
view all 3 authors...
The swift proliferation in traffic across computer networks has led to certain types of attacks and intrusions, raising a serious global concern of information security. Attack detection is possible by monitoring and observing occurrences in intrusion detection systems, however these systems tend to suffer from problem of curse of dimensionality, high false alarm rate, high time complexity and low detections. In order to overcome these limitations, we propose a feature reduced intrusion detectio...
view all 3 authors...
The tremendous number of Internet of Things (IoT) applications, with their ubiquity, has provided us with unprecedented productivity and simplified our daily life. At the same time, the insecurity of these technologies ensures that our daily lives are surrounded by vulnerable computers, allowing for the launch of multiple attacks via large-scale botnets through the IoT. These attacks have been successful in achieving their heinous objectives. A strong identification strategy is essential to keep...
#1Imtiaz Ullah (UOIT: University of Ontario Institute of Technology)H-Index: 6
#2Qusay H. Mahmoud (UOIT: University of Ontario Institute of Technology)H-Index: 25
In recent years, the security industry has seen an exponential increase in cyber-attacks. These attacks have been effective in accomplishing their despicable goals. A secure network needs a robust intrusion detection scheme. Traditional machine learning approaches seem to be inefficient in the face of dynamic communication networks and various intrusion techniques. They cannot satisfy the criteria of the modern network context. Deep learning is important in the field of network security. The dee...
2 CitationsSource
#1Qian Wang (Yanshan University)
#2Wenfang Zhao (Yanshan University)
Last. Jia-Dong Ren (Yanshan University)H-Index: 1
view all 3 authors...