With the continuous development of network technology, cyberattack detection mechanisms play a vital role in ensuring the security of computers and network systems. However, with the rapid growth of network traffic, traditional intrusion detection systems (IDSs) are far from being able to quickly and accurately identify complex and diverse network attacks, especially those related to low-frequency attacks. To enhance the overall security of the Internet, an IDS based on hierarchical long short-term memory (HLSTM) networks is proposed. With the introduction of HLSTM, the network can learn across multiple levels of temporal hierarchy over complex network traffic sequences. The system is evaluated on the well-known benchmark data set NSL-KDD for comparison with other existing methods. The experimental results demonstrate that compared with existing start-of-the-art methods, our system has better detection performance for different types of cyberattacks. In addition, the low-frequency network attack types have higher classification accuracy and a lower false detection rate.
Artificial intelligence-assisted security is an important field of research in relation to information security. One of the most important tasks is to distinguish between normal and abnormal network traffic (such as malicious or sudden traffic). Traffic data are usually extremely unbalanced, and this seriously hinders the detection of outliers. Therefore, the identification of outliers in unbalanced datasets has become a key issue. To help solve this challenge, there is increasing interest in focusing on one-class classification methods that train models based on the samples of a single given class. In this paper, long short-term memory (LSTM) is introduced into one-class classification, and one-class LSTM (OC-LSTM) is proposed based on the traditional one-class support vector machine (OC-SVM). In contrast with other hybrid deep learning methods based on auto-encoders, the proposed method is an end-to-end training network that uses a loss function such as the OC-SVM optimization objective for model training. A comprehensive experiment on three large complex network traffic datasets showed that this method is superior to the traditional shallow method and the most advanced deep method. Furthermore, the proposed method can provide an effective reference for anomaly detection research in the field of network security, especially for the application of one-class classification.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.