Enhanced Network Anomaly Detection Based on Deep Neural Networks

Enhanced Network Anomaly Detection Based on Deep Neural Networks

Due to the monumental growth of Internet applications in the last decade, the need for security of information network has increased manifolds. As a primary defense of network infrastructure, an intrusion detection system is expected to adapt to dynamically changing threat landscape. Many supervised...

Full description

Bibliographic Details
Main Authors: Sheraz Naseer, Yasir Saleem, Shehzad Khalid, Muhammad Khawar Bashir, Jihun Han, Muhammad Munwar Iqbal, Kijun Han
Format: Article
Language:English
Published: IEEE 2018-01-01
Series:IEEE Access
Subjects:
Deep learning
convolutional neural networks
autoencoders
LSTM
k_NN
decision_tree
Online Access:https://ieeexplore.ieee.org/document/8438865/
id doaj-af5244cdcf694fd49f234a24983b0e75
record_format Article
spelling doaj-af5244cdcf694fd49f234a24983b0e752021-03-29T21:12:18ZengIEEEIEEE Access2169-35362018-01-016482314824610.1109/ACCESS.2018.28630368438865Enhanced Network Anomaly Detection Based on Deep Neural NetworksSheraz Naseer0Yasir Saleem1Shehzad Khalid2Muhammad Khawar Bashir3Jihun Han4Muhammad Munwar Iqbal5https://orcid.org/0000-0001-7212-1408Kijun Han6Department of Computer Science & Engineering, University of Engineering and Technology, Lahore, PakistanDepartment of Computer Science & Engineering, University of Engineering and Technology, Lahore, PakistanDepartment of Computer Engineering, Bahria University, Islamabad, PakistanDepartment of Computer Science & Engineering, University of Engineering and Technology, Lahore, PakistanSchool of Computer Science and Engineering, Kyungpook National University, Daegu, South KoreaDepartment of Computer Science, University of Engineering and Technology, Taxila, PakistanSchool of Computer Science and Engineering, Kyungpook National University, Daegu, South KoreaDue to the monumental growth of Internet applications in the last decade, the need for security of information network has increased manifolds. As a primary defense of network infrastructure, an intrusion detection system is expected to adapt to dynamically changing threat landscape. Many supervised and unsupervised techniques have been devised by researchers from the discipline of machine learning and data mining to achieve reliable detection of anomalies. Deep learning is an area of machine learning which applies neuron-like structure for learning tasks. Deep learning has profoundly changed the way we approach learning tasks by delivering monumental progress in different disciplines like speech processing, computer vision, and natural language processing to name a few. It is only relevant that this new technology must be investigated for information security applications. The aim of this paper is to investigate the suitability of deep learning approaches for anomaly-based intrusion detection system. For this research, we developed anomaly detection models based on different deep neural network structures, including convolutional neural networks, autoencoders, and recurrent neural networks. These deep models were trained on NSLKDD training data set and evaluated on both test data sets provided by NSLKDD, namely NSLKDDTest+ and NSLKDDTest21. All experiments in this paper are performed by authors on a GPU-based test bed. Conventional machine learning-based intrusion detection models were implemented using well-known classification techniques, including extreme learning machine, nearest neighbor, decision-tree, random-forest, support vector machine, naive-bays, and quadratic discriminant analysis. Both deep and conventional machine learning models were evaluated using well-known classification metrics, including receiver operating characteristics, area under curve, precision-recall curve, mean average precision and accuracy of classification. Experimental results of deep IDS models showed promising results for real-world application in anomaly detection systems.https://ieeexplore.ieee.org/document/8438865/Deep learningconvolutional neural networksautoencodersLSTMk_NNdecision_tree
collection DOAJ
language English
format Article
sources DOAJ
author Sheraz Naseer
Yasir Saleem
Shehzad Khalid
Muhammad Khawar Bashir
Jihun Han
Muhammad Munwar Iqbal
Kijun Han
spellingShingle Sheraz Naseer
Yasir Saleem
Shehzad Khalid
Muhammad Khawar Bashir
Jihun Han
Muhammad Munwar Iqbal
Kijun Han
Enhanced Network Anomaly Detection Based on Deep Neural Networks
IEEE Access
Deep learning
convolutional neural networks
autoencoders
LSTM
k_NN
decision_tree
author_facet Sheraz Naseer
Yasir Saleem
Shehzad Khalid
Muhammad Khawar Bashir
Jihun Han
Muhammad Munwar Iqbal
Kijun Han
author_sort Sheraz Naseer
title Enhanced Network Anomaly Detection Based on Deep Neural Networks
title_short Enhanced Network Anomaly Detection Based on Deep Neural Networks
title_full Enhanced Network Anomaly Detection Based on Deep Neural Networks
title_fullStr Enhanced Network Anomaly Detection Based on Deep Neural Networks
title_full_unstemmed Enhanced Network Anomaly Detection Based on Deep Neural Networks
title_sort enhanced network anomaly detection based on deep neural networks
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2018-01-01
description Due to the monumental growth of Internet applications in the last decade, the need for security of information network has increased manifolds. As a primary defense of network infrastructure, an intrusion detection system is expected to adapt to dynamically changing threat landscape. Many supervised and unsupervised techniques have been devised by researchers from the discipline of machine learning and data mining to achieve reliable detection of anomalies. Deep learning is an area of machine learning which applies neuron-like structure for learning tasks. Deep learning has profoundly changed the way we approach learning tasks by delivering monumental progress in different disciplines like speech processing, computer vision, and natural language processing to name a few. It is only relevant that this new technology must be investigated for information security applications. The aim of this paper is to investigate the suitability of deep learning approaches for anomaly-based intrusion detection system. For this research, we developed anomaly detection models based on different deep neural network structures, including convolutional neural networks, autoencoders, and recurrent neural networks. These deep models were trained on NSLKDD training data set and evaluated on both test data sets provided by NSLKDD, namely NSLKDDTest+ and NSLKDDTest21. All experiments in this paper are performed by authors on a GPU-based test bed. Conventional machine learning-based intrusion detection models were implemented using well-known classification techniques, including extreme learning machine, nearest neighbor, decision-tree, random-forest, support vector machine, naive-bays, and quadratic discriminant analysis. Both deep and conventional machine learning models were evaluated using well-known classification metrics, including receiver operating characteristics, area under curve, precision-recall curve, mean average precision and accuracy of classification. Experimental results of deep IDS models showed promising results for real-world application in anomaly detection systems.
topic Deep learning
convolutional neural networks
autoencoders
LSTM
k_NN
decision_tree
url https://ieeexplore.ieee.org/document/8438865/
work_keys_str_mv AT sheraznaseer enhancednetworkanomalydetectionbasedondeepneuralnetworks
AT yasirsaleem enhancednetworkanomalydetectionbasedondeepneuralnetworks
AT shehzadkhalid enhancednetworkanomalydetectionbasedondeepneuralnetworks
AT muhammadkhawarbashir enhancednetworkanomalydetectionbasedondeepneuralnetworks
AT jihunhan enhancednetworkanomalydetectionbasedondeepneuralnetworks
AT muhammadmunwariqbal enhancednetworkanomalydetectionbasedondeepneuralnetworks
AT kijunhan enhancednetworkanomalydetectionbasedondeepneuralnetworks
_version_ 1724193334538272768

Similar Items