Abstract
Network Intrusion detection systems are essential for the protection of advanced communication networks. Originally, these systems were hard-coded to identify specific signatures, patterns and rule violations; now artificial intelligence and machine learning algorithms provide promising alternatives. However, in the literature, various outdated datasets as well as a plethora of different evaluation metrics are used to prove algorithm efficacy. To enable a global comparison, this study compiles algorithms for different configurations to create common ground and proposes two new evaluation metrics. These metrics, the detection score and the identification score, together reliably present the performance of a network intrusion detection system to allow for practical comparison on a large scale. Additionally, we present a workflow to process raw packet flows into input features for machine learning. This framework quickly implements different algorithms for the various datasets and allows systematic performance comparison between those algorithms. Our experimental results, matching and surpassing the state-of-the-art, indicate the potential of this approach. As raw traffic input features are much easier and cheaper to extract when compared to traditional features, they show promise for application in real-time deep learning-based systems.
Highlights
Today, more and more devices are connected to the internet
We provide a profound overview of machine learning (ML) techniques in the literature for network intrusion detection, with a focus on recent deep learning (DL) approaches, and we quantitatively compare and discuss these techniques based on results reported in related work as well as our own recalculations
We propose a workflow that allows for the use of raw network traffic in machine learning, as raw traffic-based features are more suitable for real-time application when compared to traditional machine learning features for network intrusion detection
Summary
More and more devices are connected to the internet. Cisco forecasts that by 2023 there will be 29.3 billion devices connected to the internet [1]. Network intrusion detection systems aim to detect attacks by investigating network traffic While they historically functioned through hard-coded rules, more and more research is being conducted to investigate the application of machine learning (ML). Academic research proposes many different network intrusion detection techniques, comparing against other techniques. We provide a profound overview of ML techniques in the literature for network intrusion detection, with a focus on recent deep learning (DL) approaches, and we quantitatively compare and discuss these techniques based on results reported in related work as well as our own recalculations The promising experimental results for various datasets and algorithms are comparable to the state-of-the-art Before expounding on these contributions, we will first provide background information on intrusion detection systems
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.