Multi-Channel Deep Feature Learning for Intrusion Detection

Multi-Channel Deep Feature Learning for Intrusion Detection

Networks had an increasing impact on modern life since network cybersecurity has become an important research field. Several machine learning techniques have been developed to build network intrusion detection systems for correctly detecting unforeseen cyber-attacks at the network-level. For example...

Full description

Bibliographic Details
Main Authors: Giuseppina Andresini, Annalisa Appice, Nicola Di Mauro, Corrado Loglisci, Donato Malerba
Format: Article
Language:English
Published: IEEE 2020-01-01
Series:IEEE Access
Subjects:
Cybersecurity
intrusion detection
machine learning
computer security
Online Access:https://ieeexplore.ieee.org/document/9036935/
id doaj-db3e205e96694dc18cca8c8e02ed7166
record_format Article
spelling doaj-db3e205e96694dc18cca8c8e02ed71662021-03-30T01:21:42ZengIEEEIEEE Access2169-35362020-01-018533465335910.1109/ACCESS.2020.29809379036935Multi-Channel Deep Feature Learning for Intrusion DetectionGiuseppina Andresini0https://orcid.org/0000-0002-5272-644XAnnalisa Appice1https://orcid.org/0000-0001-9840-844XNicola Di Mauro2https://orcid.org/0000-0002-5858-1931Corrado Loglisci3https://orcid.org/0000-0001-5790-8368Donato Malerba4https://orcid.org/0000-0001-8432-4608Department of Computer Science, University of Bari Aldo Moro, Bari, ItalyDepartment of Computer Science, University of Bari Aldo Moro, Bari, ItalyDepartment of Computer Science, University of Bari Aldo Moro, Bari, ItalyDepartment of Computer Science, University of Bari Aldo Moro, Bari, ItalyDepartment of Computer Science, University of Bari Aldo Moro, Bari, ItalyNetworks had an increasing impact on modern life since network cybersecurity has become an important research field. Several machine learning techniques have been developed to build network intrusion detection systems for correctly detecting unforeseen cyber-attacks at the network-level. For example, deep artificial neural network architectures have recently achieved state-of-the-art results. In this paper a novel deep neural network architecture is defined, in order to learn flexible and effective intrusion detection models, by combining an unsupervised stage for multi-channel feature learning with a supervised one exploiting feature dependencies on cross channels. The aim is to investigate whether class-specific features of the network flows could be learned and added to the original ones in order to increase the model accuracy. In particular, in the unsupervised stage, two autoencoders are separately learned on normal and attack flows, respectively. As the top layer in the decoder of these autoencoders reconstructs samples in the same space as the input one, they could be used to define two new feature vectors allowing the representation of each network flow as a multi-channel sample. In the supervised stage, a multi-channel parametric convolution is adopted, in order to learn the effect of each channel on the others. In particular, as the samples belong to two different distributions (normal and attack flows), the samples labelled as normal should be more similar to the representation reconstructed with the normal autoencoder than that of the attack one, and viceversa. This expected dependency will be exploited to better disentangle the differences between normal and attack flows. The proposed neural network architecture leads to better predictive accuracy when compared to competitive intrusion detection architectures on three benchmark datasets.https://ieeexplore.ieee.org/document/9036935/Cybersecurityintrusion detectionmachine learningcomputer security
collection DOAJ
language English
format Article
sources DOAJ
author Giuseppina Andresini
Annalisa Appice
Nicola Di Mauro
Corrado Loglisci
Donato Malerba
spellingShingle Giuseppina Andresini
Annalisa Appice
Nicola Di Mauro
Corrado Loglisci
Donato Malerba
Multi-Channel Deep Feature Learning for Intrusion Detection
IEEE Access
Cybersecurity
intrusion detection
machine learning
computer security
author_facet Giuseppina Andresini
Annalisa Appice
Nicola Di Mauro
Corrado Loglisci
Donato Malerba
author_sort Giuseppina Andresini
title Multi-Channel Deep Feature Learning for Intrusion Detection
title_short Multi-Channel Deep Feature Learning for Intrusion Detection
title_full Multi-Channel Deep Feature Learning for Intrusion Detection
title_fullStr Multi-Channel Deep Feature Learning for Intrusion Detection
title_full_unstemmed Multi-Channel Deep Feature Learning for Intrusion Detection
title_sort multi-channel deep feature learning for intrusion detection
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2020-01-01
description Networks had an increasing impact on modern life since network cybersecurity has become an important research field. Several machine learning techniques have been developed to build network intrusion detection systems for correctly detecting unforeseen cyber-attacks at the network-level. For example, deep artificial neural network architectures have recently achieved state-of-the-art results. In this paper a novel deep neural network architecture is defined, in order to learn flexible and effective intrusion detection models, by combining an unsupervised stage for multi-channel feature learning with a supervised one exploiting feature dependencies on cross channels. The aim is to investigate whether class-specific features of the network flows could be learned and added to the original ones in order to increase the model accuracy. In particular, in the unsupervised stage, two autoencoders are separately learned on normal and attack flows, respectively. As the top layer in the decoder of these autoencoders reconstructs samples in the same space as the input one, they could be used to define two new feature vectors allowing the representation of each network flow as a multi-channel sample. In the supervised stage, a multi-channel parametric convolution is adopted, in order to learn the effect of each channel on the others. In particular, as the samples belong to two different distributions (normal and attack flows), the samples labelled as normal should be more similar to the representation reconstructed with the normal autoencoder than that of the attack one, and viceversa. This expected dependency will be exploited to better disentangle the differences between normal and attack flows. The proposed neural network architecture leads to better predictive accuracy when compared to competitive intrusion detection architectures on three benchmark datasets.
topic Cybersecurity
intrusion detection
machine learning
computer security
url https://ieeexplore.ieee.org/document/9036935/
work_keys_str_mv AT giuseppinaandresini multichanneldeepfeaturelearningforintrusiondetection
AT annalisaappice multichanneldeepfeaturelearningforintrusiondetection
AT nicoladimauro multichanneldeepfeaturelearningforintrusiondetection
AT corradologlisci multichanneldeepfeaturelearningforintrusiondetection
AT donatomalerba multichanneldeepfeaturelearningforintrusiondetection
_version_ 1724187192941608960

Similar Items