SPIDER: A shallow PCA based network intrusion detection system with enhanced recurrent neural networks

Abstract

In recent years, ensuring the stability of the huge volume of data generated by billions of users has become the main concern in the field of cyber security. Network security is an extensive part of the cyber security system where intrusions are the leading threat in its way of defense. As a countermeasure to such intrusions in the network, Intrusion Detection Systems (IDSs) have played a major role over the years. Although countless works have already been carried out in this field, most of these works have lagged at some points, considering the scope of exploration through recent extensions. So in this paper, a network anomaly detection model, SPIDER, has been proposed. The SPIDER model combines four updated versions of conventional Recurrent Neural Networks (RNNs), namely Bi-LSTM (Bidirectional Long Short Term Memory), LSTM (Long Short Term Memory), Bi-GRU (Bidirectional Gated Recurrent Unit), and GRU (Gated Recurrent Unit). To deal with the dimensionality problems, Principal Component Analysis (PCA) has been adapted to reduce the data dimensions. The performance of the proposed SPIDER model has been evaluated using the well-known NSL-KDD and UNSW-NB15 datasets to ensure its robustness. When compared to the corresponding values of different models, the proposed model shows a significant improvement in detecting intrusions over existing models.