Abstract
When traditional machine learning methods are applied to network intrusion detection, they need to rely on expert knowledge to extract feature vectors in advance, which incurs lack of flexibility and versatility. Recently, deep learning methods have shown superior performance compared with traditional machine learning methods. Deep learning methods can learn the raw data directly, but they are faced with expensive computing cost. To solve this problem, a preprocessing method based on multipacket input unit and compression is proposed, which takes m data packets as the input unit to maximize the retention of information and greatly compresses the raw traffic to shorten the data learning and training time. In our proposed method, the CNN network structure is optimized and the weights of some convolution layers are assigned directly by using the Gabor filter. Experimental results on the benchmark data set show that compared with the existing models, the proposed method improves the detection accuracy by 2.49% and reduces the training time by 62.1%. In addition, the experiments show that the proposed compression method has obvious advantages in detection accuracy and computational efficiency compared with the existing compression methods.
Highlights
At present, the security of cyberspace has been widely concerned by all sectors of society, and ensuring the security of network information and network equipment is the focus of network security. e research of anomaly-based Intrusion Detection System (IDS) is the main research direction in the field of intrusion detection
Deep learning has the ability to learn effective features, in order to ensure the computational efficiency of the deep learning model and improve the real-time performance of intrusion detection, most of the studies still rely on welldesigned features, and feature extraction is a key step in detection accuracy. e ever-changing attacks make these methods have low resolution to normal network behavior and some network attacks
CSE-CIC-IDS2018 is a mixed data set of a large number of network traffic and system log, which contains 10 days of data, and the daily data form a subset of data with a total size of more than 400G. e data set includes 7 attack types and 16 attack subtypes, including brute force attacks, DoS attacks, surveillance network attacks, and penetration attacks
Summary
The security of cyberspace has been widely concerned by all sectors of society, and ensuring the security of network information and network equipment is the focus of network security. e research of anomaly-based Intrusion Detection System (IDS) is the main research direction in the field of intrusion detection. E network intrusion detection method based on deep learning model is considered to be an effective means of network intrusion detection [4]. In order to overcome the limitation of carefully designed features by experts, a deep learning method using raw traffic data for detection has emerged [7]. This kind of method has the following defects: (1) the amount of raw traffic data is large, which leads to the decrease of computational efficiency and the lack of practicability in the real environment where the network traffic increases exponentially. This kind of method has the following defects: (1) the amount of raw traffic data is large, which leads to the decrease of computational efficiency and the lack of practicability in the real environment where the network traffic increases exponentially. (2) In the process of using the raw flow for preprocessing, a large amount of data will be intercepted in order to ensure the uniform input format, resulting in information loss
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
