Evaluating effectiveness of shallow and deep networks to intrusion detection system

Abstract

Network intrusion detection system (NIDS) is a tool used to detect and classify the network breaches dynamically in information and communication technologies (ICT) systems in both academia and industries. Adopting a new and existing machine learning classifiers to NIDS has been a significant area in security research due to the fact that the enhancement in detection rate and accuracy is of important in large volume of security audit data including diverse and dynamic characteristics of attacks. This paper evaluates the effectiveness of various shallow and deep networks to NIDS. The shallow and deep networks are trained and evaluated on the KDDCup ‘99’ and NSL-KDD data sets in both binary and multi-class classification settings. The deep networks are performed well in comparison to the shallow networks in most of the experiment configurations. The main reason to this might be a deep network passes information through several layers to learn the underlying hidden patterns of normal and attack network connection records and finally aggregates these learned features of each layer together to effectively distinguish the normal and various attacks of network connection records. Additionally, deep networks have not only performed well in detecting and classifying the known attacks additionally in unknown attacks too. To achieve an acceptable detection rate, we used various configurations of network settings and its parameters in deep networks. All the various configurations of deep network are run up to 1000 epochs in training with a learning rate in the range [0.01-0.5] to effectively capture the time varying patterns of normal and various attacks.