Network Intrusion Detection: Based on Deep Hierarchical Network and Original Flow Data

Abstract

Network intrusion detection plays a very important role in protecting computer network security. The abnormal traffic detection and analysis by extracting the statistical features of flow is the main analysis method in the field of network intrusion detection. However, these features need to be designed and extracted manually, which often loses the original information of the flow and leads to poor detection efficiency. In this paper, we do not manually design the features of the flow but directly extract the raw data information of the flow for analysis. In addition, we first proposed a new network intrusion detection model named the deep hierarchical network, which integrates the improved LeNet-5 and LSTM neural network structures, while learning the spatial and temporal features of flow. By designing a reasonable network cascading method, we can train our proposed hierarchical network at the same time instead of training two networks separately. In this paper, we use the CICIDS2017 dataset and the CTU dataset. The number and types of flow in these two datasets are large, and the attack types are relatively new. The experimental results show that the performance of the proposed hierarchical network model is significantly better than other network intrusion detection models, which can achieve the best detection accuracy. Finally, we also present an analysis method for traffic features which has an important contribution to abnormal traffic detection and gives the actual meanings of these important features.