Network intrusion detection (NID) is an important method for network system administrators to detect various security holes. The performance of traditional NID methods can be affected when unknown or new attacks are detected. Compared with other machine learning methods, the intrusion detection method based on convolutional neural network (CNN) can significantly improve the accuracy of classification, but the convergence speed and generalization ability of CNN are not ideal in model training process resulting in a low true rate and a high false alarm rate. To solve the above problems, this paper proposes a deep multi-scale convolutional neural network (DMCNN) for network intrusion detection. Different levels of features in a large number of high-dimensional unlabeled original data are extracted by different scales convolution kernel. And the learning rate of network structure is optimized by batch normalization method to obtain the optimal feature representation of the raw data. We use NSL-KDD dataset as the benchmark thus we can compare the performance of our proposed method with other existing works. This dataset includes two testing sets which are the first one is KDDTest+ while the second one is $$\text {KDDTest}^{-21}$$ which is more difficult to be classified. The experimental results reveal that the AC and TPR are higher through our DMCNN model. Especially, in terms of DOS, the AC appropriately reaches to 98%. DMCNN has a high intrusion detection accuracy and a low false alarm rate, which overcomes the limitations of using the traditional detection methods and makes the new approach an attractive one for practical intrusion detection.
Read full abstract