Abstract
Traditional machine learning-based intrusion detection often only considers a single algorithm to identify intrusion data, lack of the flexibility method, low detection rate, no handing high-dimensional data, and cannot solve these problems well. In order to improve the performance of intrusion detection system, a novel general intrusion detection framework was proposed in this paper, which consists of five parts: preprocessing module, autoencoder module, database module, classification module, and feedback module. The data processed by the preprocessing module are compressed by the autoencoder module to obtain a lower-dimensional reconstruction feature, and the classification result is obtained through the classification module. Compressed features of each traffic are stored in the database module which can both provide retraining and testing for the classification module and restore these features to the original traffic for postevent analysis and forensics. For evaluation of the framework performance proposed, simulation was conducted with the CICIDS2017 dataset to the real traffic of the network. As the experimental results, the accuracy of binary classification and multiclass classification is better than previous work, and high-level accuracy was reached for the restored traffic. At the last, the possibility was discussed on applying the proposed framework to edge/fog networks.
Highlights
We propose a novel intrusion detection framework that can solve the above problems, which consists of five parts: preprocessing module, autoencoder module, database module, classification module, and feedback module. e preprocessed data are compressed by the Sparse Autoencoder (SAE) model of the AE module to obtain a lower-dimensional reconstruction feature, and the classification result is obtained through the classification module. e compressed features of each traffic are stored in the database of the database module, which we call it feature library. is library can provide retraining and testing for the classification module and can restore these features to the original traffic for postevent analysis and forensics
We used the results of the evaluation metrics in the classification module, the administrator’s analysis of the machine output for status, and alarm information to determine whether the classifier needs to be updated
Classification performance is a core function of intrusion detection system (IDS); we focus on evaluating classification performance and the experimental validation of our proposed approach
Summary
The widespread use of computers and networks and the emergence of new technologies such as big data, internet of things, and cloud computing have prompted new threats in this modern complex environment; there has been a significant increase in the number of malicious activities. Machine learning (ML) methods can be used for prediction and classification by learning features in advance. Some techniques have been applied to intrusion detection by researchers [1], for instance, random forest (RF) [2], support vector machine (SVM) [3], k-nearest neighbor (KNN) [4], or artificial neural network (ANN) [5]
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
