Publication Type : Conference Paper
Publisher : 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI)
Source : 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI) (2017)
Keywords : bad network connections, CNN-GRU, CNN-LSTM, CNN-RNN, computer network security, Computer vision, Convolution, Convolutional neural network architectures, deep learning: convolutional neural network (CNN), Feature extraction, Gated Recurrent Unit (GRU), Internet, intrusion detection (ID) data sets: KDDCup 99, Machine learning, malware, Multilayer perceptrons, Network intrusion detection, Network parameters, Network structures, network traffic connections, NSL-KDD, optimal network architecture, Protocols, recurrent neural network (RNN) long short-term memory (LSTM), Recurrent neural networks, Security of data, Telecommunication traffic, Time series, transmission control protocol-internet protocol packets, transport protocols
Campus : Coimbatore
School : School of Engineering
Center : Computational Engineering and Networking
Department : Electronics and Communication
Verified : Yes
Year : 2017
Abstract : Recently, Convolutional neural network (CNN) architectures in deep learning have achieved significant results in the field of computer vision. To transform this performance toward the task of intrusion detection (ID) in cyber security, this paper models network traffic as time-series, particularly transmission control protocol / internet protocol (TCP/IP) packets in a predefined time range with supervised learning methods such as multi-layer perceptron (MLP), CNN, CNN-recurrent neural network (CNN-RNN), CNN-long short-term memory (CNN-LSTM) and CNN-gated recurrent unit (GRU), using millions of known good and bad network connections. To measure the efficacy of these approaches we evaluate on the most important synthetic ID data set such as KDDCup 99. To select the optimal network architecture, comprehensive analysis of various MLP, CNN, CNN-RNN, CNN-LSTM and CNN-GRU with its topologies, network parameters and network structures is used. The models in each experiment are run up to 1000 epochs with learning rate in the range [0.01-05]. CNN and its variant architectures have significantly performed well in comparison to the classical machine learning classifiers. This is mainly due to the reason that CNN have capability to extract high level feature representations that represents the abstract form of low level feature sets of network traffic connections.
Cite this Research Publication : R. Vinayakumar, Dr. Soman K. P., and Poornachandran, P., “Applying Convolutional Neural Network for Network Intrusion Detection”, in 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017.