Publication Type : Journal Article
Publisher : International Journal of Digital Crime and Forensics, IGI Global
Source : International Journal of Digital Crime and Forensics, IGI Global, Volume 11, Number 3, p.65-89 (2019)
Keywords : Analog computers, Brain, Clocks, Computer crime, Deep learning, gated recurrent unit, Image recognition, Intrusion detection, KDDCup-99, Long short-term memory, Long-term dependencies, Memory architecture, NAtural language processing, Natural language processing systems, Network architecture, Network intrusion detection systems, Network security, NSL-KDD and UNSW-NB15, Recurrent neural network (RNN), Recurrent neural networks, Speech recognition, Transmission control protocol, Transmission control protocol/internet protocols
Campus : Coimbatore
School : School of Engineering
Center : Computational Engineering and Networking
Department : Electronics and Communication
Year : 2019
Abstract : Recently, due to the advance and impressive results of deep learning techniques in the fields of image recognition, natural language processing and speech recognition for various long-standing artificial intelligence (AI) tasks, there has been a great interest in applying towards security tasks too. This article focuses on applying these deep taxonomy techniques to network intrusion detection system (N-IDS) with the aim to enhance the performance in classifying the network connections as either good or bad. To substantiate this to NIDS, this article models network traffic as a time series data, specifically transmission control protocol / internet protocol (TCP/IP) packets in a predefined time-window with a supervised deep learning methods such as recurrent neural network (RNN), identity matrix of initialized values typically termed as identity recurrent neural network (IRNN), long short-term memory (LSTM), clock-work RNN (CWRNN) and gated recurrent unit (GRU), utilizing connection records of KDDCup-99 challenge data set. The main interest is given to evaluate the performance of RNN over newly introduced method such as LSTM and IRNN to alleviate the vanishing and exploding gradient problem in memorizing the long-term dependencies. The efficient network architecture for all deep models is chosen based on comparing the performance of various network topologies and network parameters. The experiments of such chosen efficient configurations of deep models were run up to 1,000 epochs by varying learning-rates between 0.01-05. The observed results of IRNN are relatively close to the performance of LSTM on KDDCup-99 NIDS data set. In addition to KDDCup-99, the effectiveness of deep model architectures are evaluated on refined version of KDDCup-99: NSL-KDD and most recent one, UNSW-NB15 NIDS datasets. Copyright © 2019, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Cite this Research Publication : R. Vinayakumar, Dr. Soman K. P., and Poornachandran, P., “A comparative analysis of deep learning approaches for network intrusion detection systems (N-IDSS): Deep learning for N-IDSs”, International Journal of Digital Crime and Forensics, vol. 11, pp. 65-89, 2019.