Benchmarking Deep Learning Methods for Behaviour-Based Network Intrusion Detection

Antunes, Mário; Oliveira, Luís M. L.; Seguro, Afonso; Veríssimo, João; Salgado, Ruben; Murteira, Tiago

doi:10.3390/informatics9010029

Cited by 14 publications

(18 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is due to the high similarity of attack and benign patterns for this particular data file. In fact, even in this extreme case the results obtained with the nearest neighbor algorithm are comparable to the results reported using deep learning [20] (Convolutional Neural Networks (CNN), and Long Short-Term Memory (LSTM)), as shown in Table 3. The CNN and LSTM results show a better accuracy and precision, however the nearest neighbor method provides a much better F-measure and recall, showing that it deals better with such an unbalaced data set.…”

Section: Numerical Resultssupporting

confidence: 76%

“…for such a simple method. However, the results obtained with the other more complex methods, including deep learning neural networks also show a bad performance in the case of 03-01-2018.csv [1]- [20], with comparable values. This is due to the high similarity of attack and benign patterns for this particular data file.…”

Section: Numerical Resultsmentioning

confidence: 84%

“…The anomaly-based IDS uses machine learning techniques to detect anomalous traffic. This type of IDS usually has a higher false-positive rate, and the inconvenience of training a model, which in turn requires a good training data set [1]- [20].…”

Section: Introductionmentioning

confidence: 99%

“…Here we discuss the machine learning approach to building an anomaly-based IDS using the CSE-CIC-IDS2018 dataset [21]. Since its publication, the CSE-CIC-IDS2018 dataset has been frequently used to train IDS based on machine learning methods, and it has been adopted as a benchmark for anomaly-based IDS implementations [1]- [20] 1 . Interestingly, most of these implementations are based on complex solutions like deep learning neural networks, random forest and gradient boosting classifiers, or hidden Markov models.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Attack vs Benign Network Intrusion Traffic Classification

Andrecut¹

2022

Preprint

View full text Add to dashboard Cite

Intrusion detection systems (IDS) are used to monitor networks or systems for attack activity or policy violations. Such a system should be able to successfully identify anomalous deviations from normal traffic behavior. Here we discuss the machine learning approach to building an anomaly-based IDS using the CSE-CIC-IDS2018 dataset. Since the publication of this dataset a relatively large number of papers have been published, most of them presenting IDS architectures and results based on complex machine learning methods, like deep neural networks, gradient boosting classifiers, or hidden Markov models. Here we show that similar results can be obtained using a very simple nearest neighbor classification approach, avoiding the inherent complications of training such complex models. The advantages of the nearest neighbor algorithm are: (1) it is very simple to implement; (2) it is extremely robust; (3) it has no parameters, and therefore it cannot overfit the data. This result also shows that currently there is a trend of developing over-engineered solutions in the machine learning community. Such solutions are based on complex methods, like deep learning neural networks, without even considering baseline solutions corresponding to simple, but efficient methods.

show abstract

Section: Numerical Resultssupporting

confidence: 76%

Section: Numerical Resultsmentioning

confidence: 84%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Attack vs Benign Network Intrusion Traffic Classification

Andrecut¹

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…As a result, the present focus of this thesis is to create a network-based IDS that can identify attacks in a big, high-speed, high-volume venture network. Research by Antunes et al [37] offer a scenario in which an attacker attacks a specific system without authorization while avoiding harming other networks with the necessity to look for, and send hidden and sensitive data. Experts can carry out such an assault to conceal the entire attack and avoid detection.…”

Section: Referencementioning

confidence: 99%

A tree growth based forward feature selection algorithm for intrusion detection system on convolutional neural network

Ramasamy

Eric²

2023

Bulletin EEI

View full text Add to dashboard Cite

With the rapid advancement of networking technologies, security system has become increasingly important to academics from several sectors. Intrusion detection (ID) provides a valuable protection by reducing the human resources required to keep an eye on intruders, improving the efficiency of detecting the various attacks in networks. Machine learning and deep learning are two key areas that have recently received a lot of attention, with a focus on improving the precision of detection classifiers. Using defense anvance research project agency (DARPA”98) datasets, a number of academics and research have developed intrusion detection systems. This paper discusses various approaches developed by different researchers, including scale-hybrid-IDS-AlertNet (SHIA), forward feature selection algorithm (FFSA), modified- mutual information feature selection (MMIFS), deep neural network (DNN), and the holes that remain to be filled, highlighting areas where these procedures can be improved, also are addressed and the proposed approach improved deep convolutional neural network (IDCNN) is compared with existing approach.

show abstract