Network intrusion detection using multi-architectural modular deep neural network

Abstract

The exponential growth of computer networks and the adoption of new network-based technologies have made computer security an important challenge. With the emergence of new internet-connected devices, the attack surface is increasing for cyber intruders. Many intrusion detection systems attempt to detect known attacks using signatures in network traffic. In recent years, researchers used several machine learning techniques to detect network attacks without relying on these signatures. These techniques generally suffer from a high false-positive rate which is not acceptable for an industry-ready intrusion detection product. In this paper, we propose a multi-architectural modular deep neural network model to decrease the false-positive rate of anomaly-based intrusion detection systems. Our model consists of a feed-forward module, a stack of restricted Boltzmann machine module, and two recurrent modules, the output weights of these modules are fed to an aggregator module to produce the answer of the model. The experiments are performed using CSE-CIC-IDS2018 dataset, and final models can be used in an IDS for generating alerts or preventing new attacks. The experimental results show improvement in the detection of some types of network attacks with accuracy as high as 100% for network-level attacks compared to related works.