基于深度学习的恶意网络流量入侵检测系统的开发

Q3 Engineering

International Journal of Safety and Security Engineering Pub Date : 2023-09-28 DOI:10.18280/ijsse.130401

Olisaemeka F. Isife, Kennedy Okokpujie, Imhade P. Okokpujie, Roselyn E. Subair, Akingunsoye Adenugba Vincent, Morayo E. Awomoyi

{"title":"基于深度学习的恶意网络流量入侵检测系统的开发","authors":"Olisaemeka F. Isife, Kennedy Okokpujie, Imhade P. Okokpujie, Roselyn E. Subair, Akingunsoye Adenugba Vincent, Morayo E. Awomoyi","doi":"10.18280/ijsse.130401","DOIUrl":null,"url":null,"abstract":"With the exponential surge in the number of internet-connected devices, the attack surface for potential cyber threats has correspondingly expanded. Such a landscape necessitates the evolution of intrusion detection systems to counter the increasingly sophisticated mechanisms employed by cyber attackers. Traditional machine learning methods, coupled with existing deep learning implementations, are observed to exhibit limited proficiency due to their reliance on outdated datasets. Their performance is further compromised by elevated false positive rates, decreased detection rates, and an inability to efficiently detect novel attacks. In an attempt to address these challenges, this study proposes a deep learning-based system specifically designed for the detection of malicious network traffic. Three distinct deep learning models were employed: Deep Neural Networks (DNN), Long Short-Term Memory (LSTM), and Gated Recurrent Units (GRU). These models were trained using two contemporary benchmark intrusion detection datasets: the CICIDS 2017 and the Coburg Intrusion Detection Data Sets (CIDDS). A robust preprocessing procedure was conducted to merge these datasets based on common and essential features, creating a comprehensive dataset for model training. Two separate experimental setups were utilized to configure these models. Among the three models, the LSTM displayed superior performance in both experimental configurations. It achieved an accuracy of 98.09%, a precision of 98.14%, an F1-Score of 98.09%, a True Positive Rate (TPR) of 98.05%, a True Negative Rate (TNR) of 99.69%, a False Positive Rate (FPR) of 0.31%, and a False Negative Rate (FNR) of 1.95%.","PeriodicalId":37802,"journal":{"name":"International Journal of Safety and Security Engineering","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Development of a Malicious Network Traffic Intrusion Detection System Using Deep Learning\",\"authors\":\"Olisaemeka F. Isife, Kennedy Okokpujie, Imhade P. Okokpujie, Roselyn E. Subair, Akingunsoye Adenugba Vincent, Morayo E. Awomoyi\",\"doi\":\"10.18280/ijsse.130401\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the exponential surge in the number of internet-connected devices, the attack surface for potential cyber threats has correspondingly expanded. Such a landscape necessitates the evolution of intrusion detection systems to counter the increasingly sophisticated mechanisms employed by cyber attackers. Traditional machine learning methods, coupled with existing deep learning implementations, are observed to exhibit limited proficiency due to their reliance on outdated datasets. Their performance is further compromised by elevated false positive rates, decreased detection rates, and an inability to efficiently detect novel attacks. In an attempt to address these challenges, this study proposes a deep learning-based system specifically designed for the detection of malicious network traffic. Three distinct deep learning models were employed: Deep Neural Networks (DNN), Long Short-Term Memory (LSTM), and Gated Recurrent Units (GRU). These models were trained using two contemporary benchmark intrusion detection datasets: the CICIDS 2017 and the Coburg Intrusion Detection Data Sets (CIDDS). A robust preprocessing procedure was conducted to merge these datasets based on common and essential features, creating a comprehensive dataset for model training. Two separate experimental setups were utilized to configure these models. Among the three models, the LSTM displayed superior performance in both experimental configurations. It achieved an accuracy of 98.09%, a precision of 98.14%, an F1-Score of 98.09%, a True Positive Rate (TPR) of 98.05%, a True Negative Rate (TNR) of 99.69%, a False Positive Rate (FPR) of 0.31%, and a False Negative Rate (FNR) of 1.95%.\",\"PeriodicalId\":37802,\"journal\":{\"name\":\"International Journal of Safety and Security Engineering\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-09-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Safety and Security Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.18280/ijsse.130401\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Engineering\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Safety and Security Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.18280/ijsse.130401","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Engineering","Score":null,"Total":0}

引用次数: 1

摘要

随着联网设备数量呈指数级增长，潜在网络威胁的攻击面也相应扩大。这种情况要求入侵检测系统的发展，以应对网络攻击者所采用的日益复杂的机制。传统的机器学习方法，加上现有的深度学习实现，由于依赖过时的数据集，被观察到表现出有限的熟练程度。由于假阳性率升高、检测率下降以及无法有效检测新型攻击，它们的性能进一步受到损害。为了应对这些挑战，本研究提出了一种专门用于检测恶意网络流量的基于深度学习的系统。采用了三种不同的深度学习模型:深度神经网络(DNN)、长短期记忆(LSTM)和门控循环单元(GRU)。这些模型使用两个当代基准入侵检测数据集进行训练:CICIDS 2017和Coburg入侵检测数据集(CIDDS)。基于共同特征和基本特征，对这些数据集进行鲁棒预处理，创建一个全面的数据集用于模型训练。使用两个单独的实验装置来配置这些模型。在三种模型中，LSTM在两种实验配置下都表现出较好的性能。准确率为98.09%，精密度为98.14%，F1-Score为98.09%，真阳性率(TPR)为98.05%，真阴性率(TNR)为99.69%，假阳性率(FPR)为0.31%，假阴性率(FNR)为1.95%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Development of a Malicious Network Traffic Intrusion Detection System Using Deep Learning

With the exponential surge in the number of internet-connected devices, the attack surface for potential cyber threats has correspondingly expanded. Such a landscape necessitates the evolution of intrusion detection systems to counter the increasingly sophisticated mechanisms employed by cyber attackers. Traditional machine learning methods, coupled with existing deep learning implementations, are observed to exhibit limited proficiency due to their reliance on outdated datasets. Their performance is further compromised by elevated false positive rates, decreased detection rates, and an inability to efficiently detect novel attacks. In an attempt to address these challenges, this study proposes a deep learning-based system specifically designed for the detection of malicious network traffic. Three distinct deep learning models were employed: Deep Neural Networks (DNN), Long Short-Term Memory (LSTM), and Gated Recurrent Units (GRU). These models were trained using two contemporary benchmark intrusion detection datasets: the CICIDS 2017 and the Coburg Intrusion Detection Data Sets (CIDDS). A robust preprocessing procedure was conducted to merge these datasets based on common and essential features, creating a comprehensive dataset for model training. Two separate experimental setups were utilized to configure these models. Among the three models, the LSTM displayed superior performance in both experimental configurations. It achieved an accuracy of 98.09%, a precision of 98.14%, an F1-Score of 98.09%, a True Positive Rate (TPR) of 98.05%, a True Negative Rate (TNR) of 99.69%, a False Positive Rate (FPR) of 0.31%, and a False Negative Rate (FNR) of 1.95%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Safety and Security Engineering Environmental Science-Environmental Science (all)

CiteScore

2.80

自引率

0.00%

发文量

期刊介绍： The International Journal of Safety and Security Engineering aims to provide a forum for the publication of papers on the most recent developments in the theoretical and practical aspects of these important fields. Safety and Security Engineering, due to its special nature, is an interdisciplinary area of research and applications that brings together in a systematic way many disciplines of engineering, from the traditional to the most technologically advanced. The Journal covers areas such as crisis management; security engineering; natural disasters and emergencies; terrorism; IT security; man-made hazards; risk management; control; protection and mitigation issues. The Journal aims to attract papers in all related fields, in addition to those listed under the List of Topics, as well as case studies describing practical experiences. The study of multifactor risk impact will be given special emphasis. Due to the multitude and variety of topics included, the List is only indicative of the themes of the expected papers. Authors are encouraged to submit papers in all areas of Safety and Security, with particular attention to integrated and interdisciplinary aspects.