Empirical study on multiclass classification‐based network intrusion detection

Abstract

AbstractEarly and effective network intrusion detection is deemed to be a critical basis for cybersecurity domain. In the past decade, although a significant amount of work has focused on network intrusion detection, it is still a challenge to establish an intrusion detection system with a high detection rate and a relatively low false alarm rate. In this paper, we have performed a comprehensive empirical study on network intrusion detection as a multiclass classification task, not just to detect a suspicious connection but also to assign the correct type as well. To surpass the previous studies, we have utilized four deep learning models, namely, deep neural networks, long short‐term memory recurrent neural networks, gated recurrent unit recurrent neural networks, and deep belief networks. Our approach relies on the pretraining of the models by exploiting a particle swarm optimization–based algorithm for their hyperparameters selection. In order to investigate the performance differences, we also included two well‐known shallow learning methods, namely, decision forest and decision jungle. Furthermore, we used in our experiments four datasets, which are dedicated to intrusion detection systems to explore various environments. These datasets are KDD CUP 99, NSL‐KDD, CIDDS, and CICIDS2017. Moreover, 22 evaluation metrics are used to assess the model's performance in each of the datasets. Finally, intensive quantitative, Friedman test, and ranking methods analyses of our results are provided at the end of this paper. The results show a significant improvement in the detection of network attacks with our recommended approach.