A modified CNN-IDS model for enhancing the efficacy of intrusion detection system

Q4 Engineering
Ruqaya Abdulhasan Abed, Ekhlas Kadhum Hamza, Amjad J. Humaidi
{"title":"A modified CNN-IDS model for enhancing the efficacy of intrusion detection system","authors":"Ruqaya Abdulhasan Abed,&nbsp;Ekhlas Kadhum Hamza,&nbsp;Amjad J. Humaidi","doi":"10.1016/j.measen.2024.101299","DOIUrl":null,"url":null,"abstract":"<div><p>As the security of computer networks in enterprises worldwide is dependent on the proper functioning of intrusion detection systems (IDSs) and intrusion prevention systems (IPSs), this effectiveness of both of them is of utmost priority. Leveraging diverse techniques, these network security systems are created to keep the reliability, the availability, and the integrity of the organizational networks safe. One plus point of using ML in intrusion detection system (IDS) is that it has successfully weeded out all the IDS attacks with a high degree of accuracy. In contrast, such systems may be believed to operate to their least competent levels when supersized data spaces have to be dealt with. In the process to solve this, application of feature selection techniques will play the crucial role to ignore non-relevant features which do not impact the issue of classification much. One more thing to keep in mind is that the ML-based IDSs often have problems with high false alarms and percentage accuracy because of the imbalanced training sets. The undertaking of this paper involves a through the analysis of the UNSW-NB15 intrusion detection data set as upon which our models will be tested and trained. We utilize two feature selection approaches: the PCA method, which is denoted as PCA, and the SVD method, called SVD. Furthermore, we categorize the datasets using these methods— Ridge Regression (RR), Stochastic Gradient Descent, and Convolutional Neural Network (CNN)-- on the transformed feature space. What is the most widely used for, is that it deals with both, binary and multiclass classification. The result measure that PCA and SVD are succeeded in getting better performance of IDS than others with enhancing the accuracy of classification models. More specifically, the RR classifier's precise was outstanding for the binary classification problem experiencing a rise in the accuracy from 98.13 % to 99.85 %. This shows the critical role of feature selection approaches and is also demonstrates the modeling capabilities of RR, SGD, and CNN classifiers and stands out as a solution to intrusion detection.</p></div>","PeriodicalId":34311,"journal":{"name":"Measurement Sensors","volume":"35 ","pages":"Article 101299"},"PeriodicalIF":0.0000,"publicationDate":"2024-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2665917424002757/pdfft?md5=e75508d91d0b1c1b4d96b962aa0b4cfa&pid=1-s2.0-S2665917424002757-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Measurement Sensors","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2665917424002757","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 0

Abstract

As the security of computer networks in enterprises worldwide is dependent on the proper functioning of intrusion detection systems (IDSs) and intrusion prevention systems (IPSs), this effectiveness of both of them is of utmost priority. Leveraging diverse techniques, these network security systems are created to keep the reliability, the availability, and the integrity of the organizational networks safe. One plus point of using ML in intrusion detection system (IDS) is that it has successfully weeded out all the IDS attacks with a high degree of accuracy. In contrast, such systems may be believed to operate to their least competent levels when supersized data spaces have to be dealt with. In the process to solve this, application of feature selection techniques will play the crucial role to ignore non-relevant features which do not impact the issue of classification much. One more thing to keep in mind is that the ML-based IDSs often have problems with high false alarms and percentage accuracy because of the imbalanced training sets. The undertaking of this paper involves a through the analysis of the UNSW-NB15 intrusion detection data set as upon which our models will be tested and trained. We utilize two feature selection approaches: the PCA method, which is denoted as PCA, and the SVD method, called SVD. Furthermore, we categorize the datasets using these methods— Ridge Regression (RR), Stochastic Gradient Descent, and Convolutional Neural Network (CNN)-- on the transformed feature space. What is the most widely used for, is that it deals with both, binary and multiclass classification. The result measure that PCA and SVD are succeeded in getting better performance of IDS than others with enhancing the accuracy of classification models. More specifically, the RR classifier's precise was outstanding for the binary classification problem experiencing a rise in the accuracy from 98.13 % to 99.85 %. This shows the critical role of feature selection approaches and is also demonstrates the modeling capabilities of RR, SGD, and CNN classifiers and stands out as a solution to intrusion detection.

增强入侵检测系统功效的改进型 CNN-IDS 模型
全球企业的计算机网络安全取决于入侵检测系统(IDS)和入侵防御系统(IPS)的正常运行,因此这两个系统的有效性是重中之重。这些网络安全系统利用各种技术,确保组织网络的可靠性、可用性和完整性。在入侵检测系统(IDS)中使用 ML 的一个优点是,它能成功地剔除所有 IDS 攻击,而且准确率很高。与此相反,当需要处理超大数据空间时,此类系统可能会被认为是最不称职的。在解决这个问题的过程中,特征选择技术的应用将起到至关重要的作用,它可以忽略对分类问题影响不大的非相关特征。还需要注意的一点是,由于训练集不平衡,基于 ML 的 IDS 通常会出现误报率和准确率较高的问题。本文将分析 UNSW-NB15 入侵检测数据集,并在此基础上测试和训练我们的模型。我们采用了两种特征选择方法:PCA 方法(简称 PCA)和 SVD 方法(简称 SVD)。此外,我们还在转换后的特征空间上使用岭回归(RR)、随机梯度下降和卷积神经网络(CNN)等方法对数据集进行分类。其中使用最广泛的是二元分类法和多分类法。结果表明,PCA 和 SVD 在提高分类模型的准确性方面比其他方法成功地获得了更好的 IDS 性能。更具体地说,在二元分类问题上,RR 分类器的准确性非常突出,准确率从 98.13% 上升到 99.85%。这表明了特征选择方法的关键作用,同时也证明了 RR、SGD 和 CNN 分类器的建模能力,并可作为入侵检测的一种解决方案。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Measurement Sensors
Measurement Sensors Engineering-Industrial and Manufacturing Engineering
CiteScore
3.10
自引率
0.00%
发文量
184
审稿时长
56 days
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信