A Deep Learning Model for Network Intrusion Detection with Imbalanced Data

Yanfang Fu,Yishuai Du,Wei Xiang,Qiang Li,Zijian Cao

doi:10.3390/electronics11060898

Yanfang Fu, Yishuai Du + Show 3 more

Open Access

https://doi.org/10.3390/electronics11060898

Copy DOI

Journal: Electronics	Publication Date: Mar 14, 2022
Citations: 77	License type: CC BY 4.0

Affiliation: Xi'an Technological University

Abstract

With an increase in the number and types of network attacks, traditional firewalls and data encryption methods can no longer meet the needs of current network security. As a result, intrusion detection systems have been proposed to deal with network threats. The current mainstream intrusion detection algorithms are aided with machine learning but have problems of low detection rates and the need for extensive feature engineering. To address the issue of low detection accuracy, this paper proposes a model for traffic anomaly detection named a deep learning model for network intrusion detection (DLNID), which combines an attention mechanism and the bidirectional long short-term memory (Bi-LSTM) network, first extracting sequence features of data traffic through a convolutional neural network (CNN) network, then reassigning the weights of each channel through the attention mechanism, and finally using Bi-LSTM to learn the network of sequence features. In intrusion detection public data sets, there are serious imbalance data generally. To address data imbalance issues, this paper employs the method of adaptive synthetic sampling (ADASYN) for sample expansion of minority class samples, to eventually form a relatively symmetric dataset, and uses a modified stacked autoencoder for data dimensionality reduction with the objective of enhancing information fusion. DLNID is an end-to-end model, so it does not need to undergo the process of manual feature extraction. After being tested on the public benchmark dataset on network intrusion detection NSL-KDD, experimental results show that the accuracy and F1 score of this model are better than those of other comparison methods, reaching 90.73% and 89.65%, respectively.

Highlights

With the rapid development of computer and communications networks, Internet technology has provided more convenient services to people around the world than ever before
Since each dimension has the probability of being discarded, the information set of each dimension is more comprehensive than tdhiastcaorbdteadi,ntehde binyfotrramdaittiioonnsaeltaouftoeaecnhcoddimerenasfitoenr disimmoenresicoonmaplirteyherendsiuvcettihoann, tthhuatsofba-cilitating tained by traditional autoencoder after dimensionality reduction, facilitating model mleoadrneilnlge.aBransiendg.oBnatsheedaobnovteheidaebaso,vweeidperaosp,owseedparosptaockseedd aensctoadcekredstreuncctuordeerwsitthruicnt-ure with incrceraesaesdeddrdoprooupto,uast,sahsowshnoiwn nFiignurFeig2u. re 2
Long short-term memory (LSTM) [21,22] introduces storage cells and cell states to overcome the long-term dependency problem that exists in recurrent neural networks (RNNs) [23]