Abstract
In this paper, we combine the sequential modeling capability of Recurrent Neural Network (RNN), and the robustness of Random Forest (RF) in detecting network intrusions. Past events are modelled by RNN, capturing informative and sequential properties for the classifier. With the new output vectors being incorporated into the input features, RF is exacted to consider high-level sequential representation when selecting the best candidate to split. The proposed approach is tested and compared on the UNSW-NB15 data set, demonstrating its competence with encouraging results, and achieving an optimal trade-off between detection and false positive rate.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Heady, R., Luger, G., Maccabe, A., Servilla, M.: The architecture of a network level intrusion detection system. Technical Report CS90-20, Department of Computer Science, University of New Mexico. Other Inf. PBD 15 Aug 1990. (1990).
F-Secure: The State of Cyber Security 2017. (2017).
Sommer, R., Paxson, V.: Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In: Security and Privacy (SP), 2010 IEEE Symposium on. pp. 305–316. IEEE (2010).
Axelsson, S.: The base-rate fallacy and its implications for the difficulty of intrusion detection. In: Proceedings of the 6th ACM conference on Computer and communications security - CCS ’99. pp. 1–7. ACM Press, New York, New York, USA (2004).
Hosseini Bamakan, S.M., Wang, H., Shi, Y.: Ramp loss K-Support Vector Classification-Regression; a robust and sparse multi-class approach to the intrusion detection problem. Knowledge-Based Syst. 126, 113–126 (2017).
Papamartzivanos, D., Gómez Mármol, F., Kambourakis, G.: Dendron: Genetic trees driven rule induction for network intrusion detection systems. Futur. Gener. Comput. Syst. 79, 558–574 (2018).
Moustafa, N., Creech, G., Slay, J.: Anomaly detection system using beta mixture models and outlier detection. In: Advances in Intelligent Systems and Computing. pp. 125–135. Springer, Singapore (2018).
AL-Hawawreh, M., Moustafa, N., Sitnikova, E.: Identification of malicious activities in industrial internet of things based on deep learning models. J. Inf. Secur. Appl. 41, 1–11 (2018).
Yang, Y., Zheng, K., Wu, C., Niu, X., Yang, Y.: Building an Effective Intrusion Detection System Using the Modified Density Peak Clustering Algorithm and Deep Belief Networks. Appl. Sci. 9, 238 (2019).
Breiman, L.: Random Forests. Mach. Learn. 45, 5–32 (2001).
Hochreiter, S., Schmidhuber, J.: Long Short-Term Memory. Neural Comput. 9, 1735–1780 (1997).
Gers, F.A., Schmidhuber, J., Cummins, F.: Learning to forget: Continual Prediction with LSTM. Neural Comput. 12, 2451–2471 (2000).
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). 2015 Mil. Commun. Inf. Syst. Conf. 1–6 (2015).
Moustafa, N., Slay, J.: The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. 25, 18–31 (2016).
Hettich, S., Bay, S.D.: KDD Cup 1999 Data, https://kdd.ics.uci.edu/.
NSL-KDD, https://www.unb.ca/cic/datasets/nsl.html.
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009. pp. 1–6. IEEE (2009).
McHugh, J.: Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Trans. Inf. Syst. Secur. 3, 262–294 (2000).
Thomas, R.: How (and Why) to Create a Good Validation Set, https://www.fast.ai/2017/11/13/validation-sets/.
Acknowledgements
This research work was supported by a Fundamental Research Grant Schemes (FRGS) under the Ministry of Education and Multimedia University, Malaysia (Project ID: MMUE/160029), and Korea Foundation of Advanced Studies (ISEF).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Lee, N., Ooi, S.Y., Pang, Y.H. (2020). A Sequential Approach to Network Intrusion Detection. In: Alfred, R., Lim, Y., Haviluddin, H., On, C. (eds) Computational Science and Technology. Lecture Notes in Electrical Engineering, vol 603. Springer, Singapore. https://doi.org/10.1007/978-981-15-0058-9_2
Download citation
DOI: https://doi.org/10.1007/978-981-15-0058-9_2
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0057-2
Online ISBN: 978-981-15-0058-9
eBook Packages: EngineeringEngineering (R0)