Abstract
Network intrusion detection systems (NIDS) are essential tools in ensuring network information security, and neural networks have become an increasingly popular solution for NIDS. However, with the gradual complexity of the network environment, the existing solutions using the conventional neural network cannot make full use of the rich information in the network traffic data due to its single structure. More importantly, this will lead to the existing NIDS have incomplete knowledge of the intrusion detection domain, and making it unable to achieve a high detection rate and good stability in the new environment. In this paper, we take a step forward and extract the different level features from the network connection, rather than a long feature vector used in the traditional approach, which can process feature information separately more efficiently. And further, we propose multimodal-sequential intrusion detection approach with special structure of hierarchical progressive network, which is supported by multimodal deep auto encoder (MDAE) and LSTM technologies. By design the special structure of hierarchical progressive network, our approach can efficiently integrate the different level features information within a network connection and automatically learn temporal information between adjacent network connections at the same time. Based on the three benchmark datasets from 1999 to 2017, including NSL-KDD, UNSW-NB15, and CICIDS 2017, we investigated the performance of our proposed approach on the task of detecting attacks within modern network. The experimental results show that the average accuracy of this method is 94% in binary classification and 88% in multi-class classification, which is at least 2% and 4% super than other methods respectively, and demonstrated that our model has excellent stability. Moreover, we further explore the multimodality and complementarity in traffic data, the experimental results show that the performance of detection model can be further improved in the range 2% to 5% when using our MDAE model to process the features of traffic data.
Highlights
With the rapid development of information and communication technology (ICT), the Internet has brought great convenience to network users
Network traffic is a formal representation of complex network behavior and contains rich feature information, but single consideration for intrusion detection cannot make full use of the rich information in network traffic
The special structure of the multimodal deep auto encoder (MDAE) and LSTM can maximize the use of feature information at different levels and make the model achieve the outstanding performance
Summary
With the rapid development of information and communication technology (ICT), the Internet has brought great convenience to network users. The problem of information security is becoming more and more serious for the increase of network intrusion attacks, such as DDOS, The associate editor coordinating the review of this manuscript and approving it for publication was Mamoun Alazab. ICT systems and networks with various sensitive user data are prone to various attacks, which will result in serious data breaches [1]. In the field of cybersecurity defenses, network intrusion detection system (NIDS) is an important security countermeasure to identify and prevent malicious intrusion [2], [3]. Network intrusion detection is a typical classification problem, its task keeps an eye on network behaviors every minute and determine whether give an alarm message to the network.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
