Intrusion detection method based on a deep convolutional neural network
ZHANG Sicong1, XIE Xiaoyao2, XU Yang2
1. School of Computer Science and Technology, Guizhou University, Guiyang 550025, China; 2. Key Laboratory of Information and Computing Science of Guizhou Province, Guizhou Normal University, Guiyang 550001, China
Abstract：This paper presents an intrusion detection method based on a deep convolutional neural network (dCNN) to improve the detection accuracy and efficiency of intrusion detection systems. This method uses deep learning to design the deep intrusion detection model including the tanh, Dropout, and Softmax algorithms. The method first transforms the one-dimensional raw intrusion data into two-dimensional "image" data using data padding. Then, the method uses dCNN to learn effective features from the data and the Softmax classifier to generate the final detection result. The method was implemented on a Tensorflow-GPU and evaluated on a Nvidia GTX 1060 3 GB GPU using the ADFA-LD and NSL-KDD datasets. Tests show that this method has shorter training time, improved detection accuracy, and lower false alarm rates. Thus, this method enhances the real-time processing and detection efficiency of intrusion detection systems.
 CREECH G, HU J K. Generation of a new IDS test dataset:Time to retire the KDD collection[C]//2013 IEEE Wireless Communications and Networking Conference (WCNC). Shanghai, China, 2013:4487-4492.  SHONE N, NGOC T N, PHAI V D, et al. A deep learning approach to network intrusion detection[J]. IEEE Transactions on Emerging Topics in Computational Intelligence, 2018, 2(1):41-50.  YI Y A, MIN M M. An analysis of random forest algorithm based network intrusion detection system[C]//2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD). Kanazawa, Japan, 2017:127-132.  SILVER D, HUANG A, MADDISON C J, et al. Mastering the game of Go with deep neural networks and tree search[J]. Nature, 2016, 529(7587):484-489.  LECUN Y, BENGIO Y, HINTON G. Deep learning[J]. Nature, 2015, 521(7553):436-444.  KRIZHEVSKY A, SUTSKEVER I, HINTON G E. ImageNet classification with deep convolutional neural networks[C]//Proceedings of the 25th International Conference on Neural Information Processing System. Lake Tahoe, USA:Curran Associates, 2012:1097-1105.  LIANG Z, ZHANG G, HUANG J X, et al. Deep learning for health-care decision making with EMRs[C]//IEEE International Conference on Bioinformatics & Biomedicine. Washington DC, USA, 2015:556-559.  LUCKOW A, COOK M, ASHCRAFT N, et al. Deep learning in the automotive industry:Applications and tools[C]//2016 IEEE International Conference on Big Data. Boston, USA, 2017:3759-3768.  LEE H, KIM Y, KIM C O. A deep learning model for robust wafer fault monitoring with sensor measurement noise[J]. IEEE Transactions on Semiconductor Manufacturing, 2017, 30(1):23-31.  YU Y, LONG J, CAI Z P. Session-based network intrusion detection using a deep learning architecture[M]//TORRA V, NARUKAWA Y, HONDA A, et al. Modeling decisions for artificial intelligence. Berlin, Germany:Springer, 2017:144-155.  ALRAWASHDEH K, PURDY C. Toward an online anomaly intrusion detection system based on deep learning[C]//15th IEEE International Conference on Machine Learning and Application. Anaheim, USA, 2016:195-200.  HINTON G E, SALAKHUTDINOV R R. Reducing the dimensionality of data with neural networks[J]. Science, 2006, 313(5786):504-507.  BENGIO Y, LAMBLIN P, POPOVICI D, et al. Greedy layer-wise training of deep networks[C]//Proceedings of the 19th International Conference on Neural Information Processing System. Cambridge, USA:MIT Press, 2006, 19:153-160.  KIM J, SHIN N, JO S Y, et al. Method of intrusion detection using deep neural network[C]//Proceedings of 2017 IEEE International Conference on Big Data and Smart Computing. Jeju, Republic of Korea, 2017:313-316.  KINGMA D, BA J. ADAM:A method for stochastic optimization[J/OL]. (2017-01-30)[2018-05-03]. https://arxiv.org/abs/1412.6980v9.  JAVAID A, NIYAZ Q, SUN W Q, et al. A deep learning approach for network intrusion detection system[C]//9th EAI International Conference on Bio-Inspired Information and Communications Technologies. New York, USA, 2015:21-26.  DONG B, WANG X. Comparison deep learning method to traditional methods using for network intrusion detection[C]//8th IEEE International Conference on Communication Software and Networks. Beijing, China, 2016:581-585.  HOU S F, SAAS A, CHEN L F, et al. Deep4MalDroid:A deep learning framework for Android malware detection based on linux kernel system call graphs[C]//2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops. Omaha, USA, 2017:104-111.  YUAN Z L, LU Y Q, XUE Y B. Droiddetector:Android malware characterization and detection using deep learning[J]. Tsinghua Science and Technology, 2016, 21(1):114-123.  SRIVASTAVA N, HINTON G, KRIZHEVSKY A, et al. Dropout:A simple way to prevent neural networks from overfitting[J]. Journal of Machine Learning Research, 2014, 15(1):1929-1958.  CREECH G. ADFA-LD[Z/OL].[2018-05-03]. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-IDS-Datasets/.  TAVALLAEE M, BAGHERI E, LU W, et al. NSL-KDD[Z/OL].[2018-05-03]. http://www.unb.ca/cic/datasets/nsl.html.  LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-based learning applied to document recognition[J]. Proceedings of the IEEE, 1998, 86(11):2278-2324.  GOODFELLOW I, BENGIO Y, COURVILLE A. Deep learning[M]. Cambridge, USA:MIT Press, 2016.  HINTON G E, SRIVASTAVA N, KRIZHEVSKY A, et al. Improving neural networks by preventing co-adaptation of feature detectors[J]. Computer Science, 2012, 3(4):212-223.  CREECH G, HU J K. A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns[J]. IEEE Transactions on Computers, 2014, 63(4):807-819.  BLONDEL M, BRUCHER M, BUITINCK L, et al. Scikit-learn[Z/OL].[2018-05-03]. http://scikit-learn.org/stable/.  TAVALLAEE M, BAGHERI E, LU W, et al. A detailed analysis of the KDD CUP 99 data set[C]//2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. Ottawa, Canada, 2009:53-58.  MCHUGH J. Testing intrusion detection systems:A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory[J]. ACM Transactions on Information and System Security, 2000, 3(4):262-294.