Network Intrusion Detection System using Feature Extraction based on Deep Sparse Autoencoder

Abstract

The classification function in network intrusion detection systems (NIDSs) is important for determining whether traffic is normal. Accordingly, the detection performances of NIDSs depend on various characteristics. Recently, owing to its considerable advancement, deep learning has been applied to NIDSs. However, this method is associated with slow detection problems owing to the high volumes of traffic and increased data dimensionality. Therefore, we propose a method to classify deep learning based on extracted features, not as a classification but as a preprocessing methodology for feature extraction. A deep sparse autoencoder is used to extract features from a typical unsupervised deep learning autoencoder model classified by the Random Forest (RF) classification algorithm. Improvements to the classification performance and detection speed are confirmed. An accuracy of 99% can be achieved when normal and attack traffic is classified using the latest data and when compared with other algorithms, such as the Pearson–RF, SA–RF, and DSA–SVC. However, as the performance of the sparse class is worse than those of the other classes, additional research is required to improve it.