Improvement of Hybrid NIDS Using Deep Learning for Practical Use

Abstract

The use of networks has been accelerated by social adaptations to the Covid-19 pandemic, such as remote work, online shopping, and online meetings. These trends increase the importance of network intrusion detection systems (NIDSs) to protect networks from malware and cyberattacks. Two major technical approaches to NIDS are largely employed: the use of signature matching discriminators and the use of anomaly detectors. Each approach has advantages and disadvantages. Hybrid NIDSs, which integrate aspects of both approaches, minimize the disadvantages and improve detection accuracy, although their detection speed is slow. On the other hand, deep learning methods have been gaining attention as intrusion detectors, including NIDS. Therefore, in this study we propose a two-stage hybrid NIDS that uses deep learning methods, a sparse auto-encoder (SAE), and a multilayer perceptron (MLP). In the first stage of the proposed system, an SAE detects malicious flows while minimizing interference to legitimate flows, and in the second stage an MLP detects malicious flows and precisely classifies each one. Our experimental results against the CICIDS2017 dataset showed that the proposed NIDS was fast and highly accurate. Here we report the architecture of our system and the evaluation of its results.