TSDL: A Two-Stage Deep Learning Model for Efficient Network Intrusion Detection

Khan, Farrukh Aslam; Gumaei, Abdu; Derhab, Abdelouahid; Hussain, Amir

doi:10.1109/access.2019.2899721

Cited by 289 publications

(166 citation statements)

References 55 publications

Supporting

Mentioning

141

Contrasting

Unclassified

Order By: Relevance

“…For example, the "Protocol_type" feature of the NSL-KDD is a nominal feature with three values (UDP, TCP, and ICMP), by converting this attribute to a single numeric attribute using ordinal encoding, one is implicitly introducing an ordering over the nominal values which is a bad representation of the data, because it does not make sense to say TCP should be in between UDP and ICMP, and this may be misinterpreted by the algorithm and can have an unwanted effect on the IDS model. This mistake can be seen in some of the reviewed literature [14], [17], [18], [20]. A better solution to this is to use binary encoding or yet better, one-hot (dummy) encoding, that map each category to a vector that contains 1 and 0 denoting the presence or absence of the features' value.…”

Section: Data Encodingmentioning

confidence: 99%

“…BestFirst Forward search strategy is used in feature search with 5 consecutive non-improving nodes as the search stopping criteria, and accuracy as the evaluation measure. After performing the feature selection, twenty (20) and nineteen (19) features were the best optimal feature for UNSW-NB15 and NSL-KDD respectively and WEKA's supervised attribute Remove filter is used to collect the features subsets. Thus, two more datasets are derived bringing our total datasets to four: 2 complete datasets and 2 feature selected versions of UNSW-NB15 and NSL-KDD, description of the full datasets is available in [28] and [45] respectively, Table 4.3 below shows the selected optimal features of the datasets.…”

Section: Figure 41 -Dt Wrapper-based Fsmentioning

confidence: 99%

See 1 more Smart Citation

Effects of Feature Selection and Normalization on Network Intrusion Detection

Umar¹,

Chen²

2023

Preprint

View full text Add to dashboard Cite

<div><br></div><div><p> The rapid rise of cyberattacks and the gradual failing of traditional defense systems and approaches led to the use of Machine Learning (ML) techniques aiming to build more efficient and reliable Intrusion Detection Systems (IDSs). However, the advent of larger IDS datasets brought about negative impacts on the performance and computational time of ML-based IDSs. To overcome such issues, many researchers utilized data preprocessing techniques such as feature selection and normalization. While most of these researchers reported the success of these preprocessing techniques on a shallow level, very few studies are performed on their effects on a wider scale. Furthermore, the performance of an IDS model is subject to not only the preprocessing techniques used but also the dataset and the ML algorithm used, which most of the existing studies on preprocessing techniques give little emphasis on. Thus, this study provides an in-depth analysis of the effects of feature selection and normalization on various IDS models built using four separate IDS datasets and five different ML algorithms. Wrapper-based decision tree and min-max are used in feature selection and normalization respectively. The models are evaluated and compared using popular evaluation metrics in IDS. The study found normalization to be more important than feature selection in improving performance and computational time of models on both datasets, while feature selection on UNSW-NB15 failed to reduce models computational time, and in the case of models built using NSL-KDD, it decreases their performance. The study also reveals that, compared to the UNSW-NB15 dataset, the NSL-KDD dataset is less complex and unsuitable for building reliable modern-day IDS models. Furthermore, the best performance on both datasets is achieved by Random Forest with accuracy of 99.75% and 98.51% on NSL-KDD and UNSW-NB15 respectively. </p></div>

show abstract

Section: Data Encodingmentioning

confidence: 99%

Section: Figure 41 -Dt Wrapper-based Fsmentioning

confidence: 99%

Effects of Feature Selection and Normalization on Network Intrusion Detection

Umar¹,

Chen²

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…We have applied the evaluation metrics used in the majority of the current state-of-art. Khan et al [31] introduced accuracy, precision, recall, F-measure, and false-positive rate(FPR) as the most common metrics used in intrusion-detection systems. These metrics can be defined as follows:…”

Section: Evaluation Metrics For Idsmentioning

confidence: 99%

A Novel Hybrid IDS Based on Modified NSGAII-ANN and Random Forest

Golrang

Yayilgan

et al. 2020

Electronics

View full text Add to dashboard Cite

Machine-learning techniques have received popularity in the intrusion-detection systems in recent years. Moreover, the quality of datasets plays a crucial role in the development of a proper machine-learning approach. Therefore, an appropriate feature-selection method could be considered to be an influential factor in improving the quality of datasets, which leads to high-performance intrusion-detection systems. In this paper, a hybrid multi-objective approach is proposed to detect attacks in a network efficiently. Initially, a multi-objective genetic method (NSGAII), as well as an artificial neural network (ANN), are run simultaneously to extract feature subsets. We modified the NSGAII approach maintaining the diversity control in this evolutionary algorithm. Next, a Random Forest approach, as an ensemble method, is used to evaluate the efficiency of the feature subsets. Results of the experiments show that using the proposed framework leads to better outcomes, which could be considered to be promising results compared to the solutions found in the literature.

show abstract

“…Its advantage of automatically extracting highlevel abstract features helps to complete the classification of large-scale and complex network data. The application of deep learning in network intrusion detection has made some remarkable research results [17][18][19][20][21][22]. Li et al [17] proposed a network intrusion detection method based on deep learning.…”

Section: A Related Research On Deep Learning In Nidsmentioning

confidence: 99%

Network Intrusion Detection Based on Conditional Wasserstein Generative Adversarial Network and Cost-Sensitive Stacked Autoencoder

Zhang

Wang

et al. 2020

IEEE Access

View full text Add to dashboard Cite

In the field of intrusion detection, there is often a problem of data imbalance, and more and more unknown types of attacks make detection difficult. To resolve above issues, this paper proposes a network intrusion detection model called CWGAN-CSSAE, which combines improved conditional Wasserstein Generative Adversarial Network (CWGAN) and cost-sensitive stacked autoencoders (CSSAE). First of all, the CWGAN network that introduces gradient penalty and L2 regularization is used to generate specified minority attack samples to reduce the class imbalance of the training dataset. Secondly, the stacked autoencoder is used to intelligently extract the deep abstract features of the network data. Finally, a cost-sensitive loss function is constructed to give a large misclassification cost to a minority of attack samples. Thus, effective detection of network intrusion attacks can be realized. The experimental results based on KDDTest+, KDDTest-21, and UNSW-NB15 datasets show that the CWGAN-CSSAE network intrusion detection model improves the detection accuracy of minority attacks and unknown attacks. In addition, the method in this paper is compared with other existing intrusion detection methods, excellent results have been achieved in performance indicators such as accuracy and F1 score. The accuracy on the above datasets reached 90.34%, 80.78% and 93.27% respectively. The accuracy of U2R on the KDDTest+ and KDDTest-21 datasets both reached 42.50%. The accuracy of R2L on the KDDTest+ and KDDTest-21 datasets reached 54.39% and 52.51%, respectively. And the F1 score on the above datasets reached 91.01%, 87.18% and 93.99% respectively.

show abstract

TSDL: A Two-Stage Deep Learning Model for Efficient Network Intrusion Detection

Cited by 289 publications

References 55 publications

Effects of Feature Selection and Normalization on Network Intrusion Detection

Effects of Feature Selection and Normalization on Network Intrusion Detection

A Novel Hybrid IDS Based on Modified NSGAII-ANN and Random Forest

Network Intrusion Detection Based on Conditional Wasserstein Generative Adversarial Network and Cost-Sensitive Stacked Autoencoder

Contact Info

Product

Resources

About