Abstract
Digital assets have come under various network security threats in the digital age. As a kind of security equipment to protect digital assets, intrusion detection system (IDS) is less efficient if the alert is not timely and IDS is useless if the accuracy cannot meet the requirements. Therefore, an intrusion detection model that combines machine learning with deep learning is proposed in this paper. The model uses the k-means and the random forest (RF) algorithms for the binary classification, and distributed computing of these algorithms is implemented on the Spark platform to quickly classify normal events and attack events. Then, by using the convolutional neural network (CNN), long short-term memory (LSTM), and other deep learning algorithms, the events judged as abnormal are further classified into different attack types finally. At this stage, adaptive synthetic sampling (ADASYN) is adopted to solve the unbalanced dataset. The NSL-KDD and CIS-IDS2017 datasets are used to evaluate the performance of the proposed model. The experimental results show that the proposed model has better TPR for most of attack events, faster data preprocessing speed, and potentially less training time. In particular, the accuracy of multi-target classification can reach as high as 85.24% in the NSL-KDD dataset and 99.91% in the CIC-IDS2017 dataset.
Highlights
The world is moving towards digitization, networking, and intelligence
PROPOSED INTRUSION DETECTION MODEL Based on the ideas above, this paper considers using deep learning algorithms combined with machine learning algorithms to classify intrusion events
TPR is the ratio of samples labeled as attacks that are correctly predicted to be attacked in test sets to all incidents labeled as attacks
Summary
The world is moving towards digitization, networking, and intelligence. The vigorous development of the internet has accelerated the flow of data assets. Liu et al.: Hybrid IDS Based on Scalable K-Means+ RF and Deep Learning neurons, can tap hidden intrusion features Algorithms such as DNN [7], Convolutional Neural Network (CNN) [8], and Long Short-Term Memory (LSTM) [9], take too much time to train the model. Souza et al [19] proposed a DNN-KNN hybrid binary classification method In addition to these studies, there are combinations of distributed machine learning algorithms and deep learning algorithms. Ensuring the speed of intrusion detection without affecting the accuracy is an important problem that needs to be considered for future IDS models Based on these studies, this paper considers improving the model so that different attack events can be classified more quickly making the model more useful.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.