Development of a Malicious Network Traffic Intrusion Detection System Using Deep Learning

Abstract

With the exponential surge in the number of internet-connected devices, the attack surface for potential cyber threats has correspondingly expanded. Such a landscape necessitates the evolution of intrusion detection systems to counter the increasingly sophisticated mechanisms employed by cyber attackers. Traditional machine learning methods, coupled with existing deep learning implementations, are observed to exhibit limited proficiency due to their reliance on outdated datasets. Their performance is further compromised by elevated false positive rates, decreased detection rates, and an inability to efficiently detect novel attacks. In an attempt to address these challenges, this study proposes a deep learning-based system specifically designed for the detection of malicious network traffic. Three distinct deep learning models were employed: Deep Neural Networks (DNN), Long Short-Term Memory (LSTM), and Gated Recurrent Units (GRU). These models were trained using two contemporary benchmark intrusion detection datasets: the CICIDS 2017 and the Coburg Intrusion Detection Data Sets (CIDDS). A robust preprocessing procedure was conducted to merge these datasets based on common and essential features, creating a comprehensive dataset for model training. Two separate experimental setups were utilized to configure these models. Among the three models, the LSTM displayed superior performance in both experimental configurations. It achieved an accuracy of 98.09%, a precision of 98.14%, an F1-Score of 98.09%, a True Positive Rate (TPR) of 98.05%, a True Negative Rate (TNR) of 99.69%, a False Positive Rate (FPR) of 0.31%, and a False Negative Rate (FNR) of 1.95%.