SSAE - DeepCNN Model for Network Intrusion Detection

Abstract

Many people can use user-friendly internet services due to the development of IT and communication technologies. However, attackers perform attacks such as malware injection, DoS/DDoS, and system hacking to threaten end devices, personal information, and organizational assets. Security experts use anti-cyber-attack systems such as firewalls, anti-virus solutions, and intrusion detection systems (IDSs) to defend against various cyber threats. Also, many researchers work actively on machine learning-based detection models to protect and respond against advanced cyber-attacks. Therefore, we propose the stacked sparse autoencoder-deep convolutional neural network (SSAE-DeepCNN) model to detect network intrusions. Our proposed model is a semi-supervised learning model that combines stacked sparse autoencoder (SSAE) and deep convolutional neural network (DeepCNN). SSAE discovers new features from training data, and DeepCNN learns new features to detect network intrusions. We design various test scenarios to find the hyperparameters and structures of SSAE with the highest performance. We measure accuracy, F1-Score, prediction time, and hardware resource consumption to evaluate and compare models. The best scenario shows an accuracy of 93.5% by adding sparsity to SSAE's bottleneck. There is no significant difference in performance compared to when SSAE is not used, but resources used by GPU and CPU can be saved. In the future, we plan to improve the proposed model to get better performance.