Abstract
Networks had an increasing impact on modern life since network cybersecurity has become an important research field. Several machine learning techniques have been developed to build network intrusion detection systems for correctly detecting unforeseen cyber-attacks at the network-level. For example, deep artificial neural network architectures have recently achieved state-of-the-art results. In this paper a novel deep neural network architecture is defined, in order to learn flexible and effective intrusion detection models, by combining an unsupervised stage for multi-channel feature learning with a supervised one exploiting feature dependencies on cross channels. The aim is to investigate whether class-specific features of the network flows could be learned and added to the original ones in order to increase the model accuracy. In particular, in the unsupervised stage, two autoencoders are separately learned on normal and attack flows, respectively. As the top layer in the decoder of these autoencoders reconstructs samples in the same space as the input one, they could be used to define two new feature vectors allowing the representation of each network flow as a multi-channel sample. In the supervised stage, a multi-channel parametric convolution is adopted, in order to learn the effect of each channel on the others. In particular, as the samples belong to two different distributions (normal and attack flows), the samples labelled as normal should be more similar to the representation reconstructed with the normal autoencoder than that of the attack one, and viceversa. This expected dependency will be exploited to better disentangle the differences between normal and attack flows. The proposed neural network architecture leads to better predictive accuracy when compared to competitive intrusion detection architectures on three benchmark datasets.
Highlights
The goal of a network intrusion detection system (IDS) is to discover any unauthorised access to a computer network by analysing traffic on the network for signs of malicious activity
THE PROPOSED METHOD we describe MINDFUL—the multi-channel deep learning method we propose to deal with the problem of network intrusion detection
We proceed with the analysis by studying how a) the additional information synthesised through the autoencoders, b) the multi-channel input representation and c) the convolutions can jointly contribute to gain accuracy in the intrusion detection model learned by MINDFUL
Summary
The goal of a network intrusion detection system (IDS) is to discover any unauthorised access to a computer network by analysing traffic on the network for signs of malicious activity. The recent research trend is recognising deep learning as a definitely relevant approach in intrusion detection [1], [6], [7], since (non-linear) multiple activation layers may facilitate the discovery of effective patterns that keep their effectiveness under drifting conditions [8]. In this case, raw input data are transformed into higher representations.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
