A New Intrusion Detection Model Based on GRU and Salient Feature Approach

  • Jian Hou
  • Fangai LiuEmail author
  • Xuqiang Zhuang
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1123)


Gated Recurrent Unit (GRU) is a variant of a recurrent neural network, just like an LSTM network. Compared with RNN, the two networks have higher accuracy in processing sequence problems, and both of them have been proven to be effective in varieties of machine learning tasks such as natural language processing, text classification and speech recognition. In addition, the network unit structure of the GRU is simpler than the LSTM unit structure, which is more conducive to the training of the model. NSL-KDD datasets, which is the replacement of KDD cup 99, is still one of the datasets for measuring the effectiveness of intrusion detection models. In order to reduce the feature data dimension and combine the prior knowledge of computer network, a GRU intrusion detection method based on salient features (SF-GRU) is proposed. SF-GRU selects the distinctive features of response for different intrusion forms, and uses GRU network to identify the selected features to improve the efficiency of model detection. The experimental results show that compared with the traditional deep learning method, this proposal has higher accuracy and computational efficiency.


Intrusion detection Gate Recurrent Unit Salient feature selection Prior knowledge 



This work was supported by National Natural Science Foundation of China (61772321), CERNET Innovation Project (NGII20170508), and in part by Guangdong Province Key Research and Development Plan (Grant No. 2019B010137004), the National Key research and Development Plan (Grant No. 2018YFB1800701, No. 2018YFB0803504, and No. 2018YEB1004003), and the National Natural Science Foundation of China (Grant No. U1636215 and 61572492).


  1. 1.
    Yin, C., Zhu, Y., Fei, J., et al.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017)CrossRefGoogle Scholar
  2. 2.
    LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436 (2015)CrossRefGoogle Scholar
  3. 3.
    Yuan, Z., Lu, Y., Wang, Z., et al.: Droid-sec: deep learning in android malware detection. In: ACM SIGCOMM Computer Communication Review, vol. 44, no. 4, 371–372. ACM (2014)Google Scholar
  4. 4.
    Depren, O., et al.: An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst. Appl. 29(4), 713–722 (2005)CrossRefGoogle Scholar
  5. 5.
    Gao, N., Gao, L., Gao, Q., et al.: An intrusion detection model based on deep belief networks. In: 2014 Second International Conference on Advanced Cloud and Big Data (CBD). IEEE Computer Society (2014)Google Scholar
  6. 6.
    Staudemeyer, R.C.: Applying long short-term memory recurrent neural networks to intrusion detection. S. Afr. Comput. J. 56(1), 136–154 (2015)Google Scholar
  7. 7.
    Cho, K., Van Merrienboer, B., Gulcehre, C., et al. Learning phrase representations using RNN encoder-decoder for statistical machine translation. Comput. Sci. (2014) Google Scholar
  8. 8.
    Cho, K, Van Merriënboer, B., Gulcehre, C., et al.: Learning phrase representations using RNN encoder-decoder for statistical machine translation. arXiv preprint arXiv:1406.1078 (2014)
  9. 9.
    Staudemeyer, R.C., Omlin, C.W.: Extracting salient features for network intrusion detection using machine learning methods. S. Afr. Comput. J. 52(1), 82–96 (2014)Google Scholar
  10. 10.
    Greff, K., Srivastava, R.K., Koutník, J., et al.: LSTM: a search space odyssey. IEEE Trans. Neural Networks Learn. Sys. 28(10), 2222–2232 (2015)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Agarap, A.F.M.: Proceedings of the 2018 10th International Conference on Machine Learning and Computing, - ICMLC 2018 - A Neural Network Architecture Combining Gated Recurrent Unit (GRU) and Support Vector Machine (SVM) for Intrusion Detection in Network Traffic Data, pp. 26–30 (2018). [ACM Press the 2018 10th International Conference - Macau, China (26 February 2018–28 February 2018)]Google Scholar
  12. 12.
    Han, H., Wang, W.Y., Mao B.H.: Borderline-SMOTE: a new over-sampling method in imbalanced data sets learning. In: Proceedings of the 2005 International Conference on Advances in Intelligent Computing, vol. I (2005)Google Scholar
  13. 13.
    Wang, Q., et al.: Research on CTR prediction based on deep learning. IEEE Access 7, 12779–12789 (2018)CrossRefGoogle Scholar
  14. 14.
    Tian, Z., et al.: Real time lateral movement detection based on evidence reasoning network for edge computing environment. IEEE Trans. Industr. Inf. 15(7), 4285–4294 (2019)CrossRefGoogle Scholar
  15. 15.
    Tian, Z., Li, M., Qiu, M., Sun, Y., Su, S.: Block-DEF: a secure digital evidence framework using blockchain. Inf. Sci. 491, 151–165 (2019). Scholar
  16. 16.
    Tian, Z., Gao, X., Su, S., Qiu, J., Du, X., Guizani, M.: Evaluating reputation management schemes of internet of vehicles based on evolutionary game theory. IEEE Trans. Veh. Technol. 68(6), 5971–5980 (2019)CrossRefGoogle Scholar
  17. 17.
    Tian, Z., Su, S., Shi, W., Du, X., Guizani, M., Yu, X.: A data-driven method for future internet route decision modeling. Future Gener. Comput. Sys. 95, 212–220 (2019)CrossRefGoogle Scholar
  18. 18.
    Tan, Q., Gao, Y., Shi, J., Wang, X., Fang, B., Tian, Z.: Toward a comprehensive insight into the eclipse attacks of tor hidden services. IEEE Internet Things J. 6(2), 1584–1593 (2019)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Shandong Normal UniversityShandongChina

Personalised recommendations