Network Intrusion Detection by an Approximate Logic Neural Model

Abstract

With a growing threat of cyber-attacks, network intrusion detection remains challenging in the domain of cyberspace security. To defend against cyber-attacks on computer systems, various machine learning approaches have been applied for intrusion detection over the past few decades, such as random forest, support vector machine and long short-term memory. Although most of these approaches can provide satisfactory detection performances in terms of accuracy, recall and area under the receiver operating characteristic curve (AUC), their performances rely heavily on the training sample amount of attacks. When the type of attacks is unknown and the training sample amount is insufficient, the performances of these approaches may degenerate more or less. Therefore, based on a recently emerging approximate logic neural model (ALNM), a novel intrusion detection approach termed ALNM-IDA is proposed to overcome the issue in this paper. In the ALNM-IDA, the k-means clustering is first applied to discretize continuous features, and the maximum relevance minimum redundancy is adopted to select essential features. Then, the training dataset of normal and attack inputs is fed to the ALNM. In addition, adaptive moment estimation (Adam) is used as the training algorithm to improve the detection performance and accelerate the training phase. To validate the effectiveness of the ALNM-IDA, three benchmark intrusion detection datasets are employed in our experiments. Comparative results demonstrate that the ALNM-IDA can provide superior detection performance than other widely-used machine learning approaches in the case of insufficient training information.