Skip to main content
SpringerLink
Log in

A Sequential Approach to Network Intrusion Detection

  • Conference paper
Computational Science and Technology

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 603))

Abstract

In this paper, we combine the sequential modeling capability of Recurrent Neural Network (RNN), and the robustness of Random Forest (RF) in detecting network intrusions. Past events are modelled by RNN, capturing informative and sequential properties for the classifier. With the new output vectors being incorporated into the input features, RF is exacted to consider high-level sequential representation when selecting the best candidate to split. The proposed approach is tested and compared on the UNSW-NB15 data set, demonstrating its competence with encouraging results, and achieving an optimal trade-off between detection and false positive rate.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Heady, R., Luger, G., Maccabe, A., Servilla, M.: The architecture of a network level intrusion detection system. Technical Report CS90-20, Department of Computer Science, University of New Mexico. Other Inf. PBD 15 Aug 1990. (1990).

    Google Scholar 

  2. F-Secure: The State of Cyber Security 2017. (2017).

    Google Scholar 

  3. Sommer, R., Paxson, V.: Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In: Security and Privacy (SP), 2010 IEEE Symposium on. pp. 305–316. IEEE (2010).

    Google Scholar 

  4. Axelsson, S.: The base-rate fallacy and its implications for the difficulty of intrusion detection. In: Proceedings of the 6th ACM conference on Computer and communications security - CCS ’99. pp. 1–7. ACM Press, New York, New York, USA (2004).

    Google Scholar 

  5. Hosseini Bamakan, S.M., Wang, H., Shi, Y.: Ramp loss K-Support Vector Classification-Regression; a robust and sparse multi-class approach to the intrusion detection problem. Knowledge-Based Syst. 126, 113–126 (2017).

    Google Scholar 

  6. Papamartzivanos, D., Gómez Mármol, F., Kambourakis, G.: Dendron: Genetic trees driven rule induction for network intrusion detection systems. Futur. Gener. Comput. Syst. 79, 558–574 (2018).

    Google Scholar 

  7. Moustafa, N., Creech, G., Slay, J.: Anomaly detection system using beta mixture models and outlier detection. In: Advances in Intelligent Systems and Computing. pp. 125–135. Springer, Singapore (2018).

    Google Scholar 

  8. AL-Hawawreh, M., Moustafa, N., Sitnikova, E.: Identification of malicious activities in industrial internet of things based on deep learning models. J. Inf. Secur. Appl. 41, 1–11 (2018).

    Google Scholar 

  9. Yang, Y., Zheng, K., Wu, C., Niu, X., Yang, Y.: Building an Effective Intrusion Detection System Using the Modified Density Peak Clustering Algorithm and Deep Belief Networks. Appl. Sci. 9, 238 (2019).

    Google Scholar 

  10. Breiman, L.: Random Forests. Mach. Learn. 45, 5–32 (2001).

    Google Scholar 

  11. Hochreiter, S., Schmidhuber, J.: Long Short-Term Memory. Neural Comput. 9, 1735–1780 (1997).

    Google Scholar 

  12. Gers, F.A., Schmidhuber, J., Cummins, F.: Learning to forget: Continual Prediction with LSTM. Neural Comput. 12, 2451–2471 (2000).

    Google Scholar 

  13. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). 2015 Mil. Commun. Inf. Syst. Conf. 1–6 (2015).

    Google Scholar 

  14. Moustafa, N., Slay, J.: The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. 25, 18–31 (2016).

    Google Scholar 

  15. Hettich, S., Bay, S.D.: KDD Cup 1999 Data, https://kdd.ics.uci.edu/.

  16. NSL-KDD, https://www.unb.ca/cic/datasets/nsl.html.

  17. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009. pp. 1–6. IEEE (2009).

    Google Scholar 

  18. McHugh, J.: Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Trans. Inf. Syst. Secur. 3, 262–294 (2000).

    Google Scholar 

  19. Thomas, R.: How (and Why) to Create a Good Validation Set, https://www.fast.ai/2017/11/13/validation-sets/.

Download references

Acknowledgements

This research work was supported by a Fundamental Research Grant Schemes (FRGS) under the Ministry of Education and Multimedia University, Malaysia (Project ID: MMUE/160029), and Korea Foundation of Advanced Studies (ISEF).

Author information

Authors and Affiliations

  1. Faculty of Information Science & Technology, Multimedia University, Malacca, Malaysia

    Nicholas Lee, Shih Yin Ooi & Ying Han Pang

Authors
  1. Nicholas Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shih Yin Ooi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ying Han Pang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nicholas Lee .

Editor information

Editors and Affiliations

  1. Knowledge Technology Research Unit, Faculty of Computing and Informatics, Universiti Malaysia Sabah, Kota Kinabalu, Malaysia

    Rayner Alfred

  2. School of Information Science, Security and Networks Area, Japan Advanced Institute of Science and Technology, Ishikawa, Japan

    Yuto Lim

  3. Department of Computer Science, Universitas Mulawarman, Samarinda, Indonesia

    Haviluddin Haviluddin

  4. Center of Data and Information Management, Universiti Malaysia Sabah, Kota Kinabalu, Sabah, Malaysia

    Chin Kim On

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

Lee, N., Ooi, S.Y., Pang, Y.H. (2020). A Sequential Approach to Network Intrusion Detection. In: Alfred, R., Lim, Y., Haviluddin, H., On, C. (eds) Computational Science and Technology. Lecture Notes in Electrical Engineering, vol 603. Springer, Singapore. https://doi.org/10.1007/978-981-15-0058-9_2

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-0058-9_2

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-0057-2

  • Online ISBN: 978-981-15-0058-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation