A Semantic Parsing Based LSTM Model for Intrusion Detection

  • Zhipeng Li
  • Zheng QinEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11304)


Nowadays, with the great success of deep learning technology, using deep learning method to solve information security issues has become a study hot spot. Although some literal works have tried to solve intrusion detection problem via recurrent neural network, these methods do not give a detailed framework and specific data processing progress. We propose a novel semantic parsing based Long Short-Term Memory (LSTM) network framework in this paper. The proposed method uses the semantic representations of network data. The novel conversion process of various forms of network data to semantic description is given in detail. Experiments on NSL_KDD data sets show our proposed model outperforms most of the standard classifier. Results show that the semantic description has reserved information of the data and our semantic parsing based LSTM model provides a novel way to solve anomaly detection.


Anomaly detection Semantic parsing LSTM NSL_KDD 


  1. 1.
    Canbay, Y., Sagiroglu, S.: A hybrid method for intrusion detection. In: 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA), pp. 156–161. IEEE (2015)Google Scholar
  2. 2.
    Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. SE–13(2), 222–232 (1987)CrossRefGoogle Scholar
  3. 3.
    Dhanabal, L., Shantharajah, S.: A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 4(6), 446–452 (2015)Google Scholar
  4. 4.
    Erfani, S.M., Rajasegarar, S., Karunasekera, S., Leckie, C.: High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recogn. 58, 121–134 (2016)CrossRefGoogle Scholar
  5. 5.
    Fiore, U., Palmieri, F., Castiglione, A., De Santis, A.: Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122, 13–23 (2013)CrossRefGoogle Scholar
  6. 6.
    Gao, H.H., Yang, H.H., Wang, X.Y.: Ant colony optimization based network intrusion feature selection and detection. In: Proceedings of 2005 International Conference on Machine Learning and Cybernetics, vol. 6, pp. 3871–3875. IEEE (2005)Google Scholar
  7. 7.
    Greff, K., Srivastava, R.K., Koutník, J., Steunebrink, B.R., Schmidhuber, J.: LSTM: a search space odyssey. IEEE Trans. Neural Netw. Learn. Syst. 28(10), 2222–2232 (2017)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Haq, N.F., Onik, A.R., Shah, F.M.: An ensemble framework of anomaly detection using hybridized feature selection approach (HFSA). In: 2015 SAI Intelligent Systems Conference (IntelliSys), pp. 989–995. IEEE (2015)Google Scholar
  9. 9.
    Kim, J., Kim, J., Thu, H.L.T., Kim, H.: Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 International Conference on Platform Technology and Service (PlatCon), pp. 1–5. IEEE (2016)Google Scholar
  10. 10.
    LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436–444 (2015)CrossRefGoogle Scholar
  11. 11.
    Li, Z., Qin, Z., Huang, K., Yang, X., Ye, S.: Intrusion detection using convolutional neural networks for representation learning. In: Liu, D., Xie, S., Li, Y., Zhao, D., El-Alfy, E.-S.M. (eds.) ICONIP 2017. LNCS, vol. 10638, pp. 858–866. Springer, Cham (2017). Scholar
  12. 12.
    Sahu, S., Mehtre, B.M.: Network intrusion detection system using J48 decision tree. In: 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2023–2026. IEEE (2015)Google Scholar
  13. 13.
    Sheikhan, M., Jadidi, Z., Farrokhi, A.: Intrusion detection using reduced-size RNN based on feature grouping. Neural Comput. Appl. 21(6), 1185–1190 (2012)CrossRefGoogle Scholar
  14. 14.
    Srinoy, S.: Intrusion detection model based on particle swarm optimization and support vector machine. In: IEEE Symposium on Computational Intelligence in Security and Defense Applications, CISDA 2007, pp. 186–192. IEEE (2007)Google Scholar
  15. 15.
    Staudemeyer, R.C., Omlin, C.W.: Evaluating performance of long short-term memory recurrent neural networks on intrusion detection data. In: Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference, pp. 218–224. ACM (2013)Google Scholar
  16. 16.
    Syarif, I., Zaluska, E., Prugel-Bennett, A., Wills, G.: Application of bagging, boosting and stacking to intrusion detection. In: Perner, P. (ed.) MLDM 2012. LNCS (LNAI), vol. 7376, pp. 593–602. Springer, Heidelberg (2012). Scholar
  17. 17.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD cup 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, pp. 1–6. IEEE (2009)Google Scholar
  18. 18.
    Teng, L., et al.: A collaborative and adaptive intrusion detection based on SVMs and decision trees. In: 2014 IEEE International Conference on Data Mining Workshop (ICDMW), pp. 898–905. IEEE (2014)Google Scholar
  19. 19.
    Wang, W., Zhu, M., Zeng, X., Ye, X., Sheng, Y.: Malware traffic classification using convolutional neural network for representation learning. In: 2017 International Conference on Information Networking (ICOIN), pp. 712–717. IEEE (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.School of SoftwareTsinghua UniversityBeijingChina

Personalised recommendations