Abstract
Maintaining network security by preventing attacks is essential for a network intrusion detection system. Machine learning techniques heavily depend on artificial feature extraction and have high complexity. However, autoencoders have shown promising results in reconstructing the input from reduced latent layer features, which can help perform additional tasks such as threat classification. This work analyzes the performance of different autoencoder models. It introduces CAAE-DNN: a feature extraction and classification intrusion detection model based on a convolutional auto-encoder, an attention mechanism, and a deep neural network (DNN). It has also been coupled with correlation-based feature selection to aid feature extraction. Owing to different data distributions, the model’s performance has been evaluated on two parts of the benchmark NSL-KDD dataset: on the data by doing a 90:10 train-test split and on the NSL-KDD Test+ data to check performance in a broader variety of attacks. After feature extraction, we noticed a smooth convergence of the epoch vs loss curve. Analysis with cost-sensitive learning has also been done because of the class imbalance in the dataset. They yield high classification metrics with an accuracy of 79.18% to build an efficient IDS. Finally, the ROC-AUC curves have also been plotted and analyzed to understand the performance with respect to each class of the model.
Similar content being viewed by others
References
Inayat, Z.; Gani, A.; Anuar, N.B.; Khan, M.K.; Anwar, S.: Intrusion response systems: foundations, design, and challenges. J. Netw. Comput. Appl. 62, 53–74 (2016)
Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical Report, James P. Anderson Company (1980)
Gumus, F.; Sakar, C.O.; Erdem, Z.; Kursun, O.: Online naive bayes classification for network intrusion detection. In: 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014), pp. 670–674. IEEE (2014)
Buczak, A.L.; Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2015)
Elmasry, W.; Akbulut, A.; Zaim, A.H.: Evolving deep learning architectures for network intrusion detection using a double pso metaheuristic. Comput. Netw. 168, 107042 (2020)
Alagrash, Y.; Drebee, A.; Zirjawi, N.; et al.: Comparing the area of data mining algorithms in network intrusion detection. J. Inf. Secur. 11(01), 1 (2019)
Khammassi, C.; Krichen, S.: A nsga2-lr wrapper approach for feature selection in network intrusion detection. Comput. Netw. 172, 107183 (2020)
Gauthama Raman, M.; Somu, N.; Jagarapu, S.; Manghnani, T.; Selvam, T.; Krithivasan, K.; Shankar Sriram, V.: An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artif. Intell. Rev. 53, 3255–3286 (2020)
Coates, A.; Ng, A.; Lee, H.: An analysis of single-layer networks in unsupervised feature learning. In: Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics, pp. 215–223. JMLR Workshop and Conference Proceedings (2011)
Huang, W.; Stokes, J.W.: Mtnet: a multi-task neural network for dynamic malware classification. In: Detection of Intrusions and Malware, and Vulnerability Assessment: 13th International Conference, DIMVA 2016, San Sebastián, Spain, July 7-8, 2016, Proceedings 13, pp. 399–418. Springer (2016)
Vinayakumar, R.; Alazab, M.; Soman, K.; Poornachandran, P.; Al-Nemrat, A.; Venkatraman, S.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019)
Ieracitano, C.; Adeel, A.; Morabito, F.C.; Hussain, A.: A novel statistical analysis and autoencoder driven intelligent intrusion detection approach. Neurocomputing 387, 51–62 (2020)
Vinayakumar, R.; Soman, K.; Poornachandran, P.: A comparative analysis of deep learning approaches for network intrusion detection systems (n-idss): deep learning for n-idss. Int. J. Digital Crime Forensics (IJDCF) 11(3), 65–89 (2019)
Dey, S.K.; Rahman, M.M.: Effects of machine learning approach in flow-based anomaly detection on software-defined networking. Symmetry 12(1), 7 (2019)
Elmasry, W.; Akbulut, A.; Zaim, A.H.: Evolving deep learning architectures for network intrusion detection using a double pso metaheuristic. Comput. Netw. 168, 107042 (2020)
Safara, F.; Souri, A.; Serrizadeh, M.: Improved intrusion detection method for communication networks using association rule mining and artificial neural networks. IET Commun. 14(7), 1192–1197 (2020)
Iwendi, C.; Khan, S.; Anajemba, J.H.; Mittal, M.; Alenezi, M.; Alazab, M.: The use of ensemble models for multiple class and binary class classification for improving intrusion detection systems. Sensors 20(9), 2559 (2020)
Mikhail, J.W.; Fossaceca, J.M.; Iammartino, R.: A semi-boosted nested model with sensitivity-based weighted binarization for multi-domain network intrusion detection. ACM Transact. Int. Syst. Technol. (TIST) 10(3), 1–27 (2019)
Kumar, G.: An improved ensemble approach for effective intrusion detection. J. Supercomput. 76(1), 275–291 (2020)
Farnaaz, N.; Jabbar, M.: Random forest modeling for network intrusion detection system. Procedia Comput. Sci. 89, 213–217 (2016)
Nguyen, Q.T.; Tran, K.P.; Castagliola, P.; Huong, T.T.; Nguyen, M.K.; Lardjane, S.: Nested one-class support vector machines for network intrusion detection. In: 2018 IEEE Seventh International Conference on Communications and Electronics (ICCE), pp. 7–12. IEEE (2018)
Priyanshu, A., Shastri, S., Medicherla, S.S.: Arlif-Ids–Attention Augmented Real-Time Isolation Forest Intrusion Detection System. arXiv preprint arXiv:2204.09737 (2022)
Vigneswaran, R.K.; Vinayakumar, R.; Soman, K.; Poornachandran, P.: Evaluating shallow and deep neural networks for network intrusion detection systems in cyber security. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–6. IEEE (2018)
Shenfield, A.; Day, D.; Ayesh, A.: Intelligent intrusion detection systems using artificial neural networks. Ict Express 4(2), 95–99 (2018)
Liu, G.; Zhang, J.: Cnid: research of network intrusion detection based on convolutional neural network. Discret. Dyn. Nat. Soc. 2020, 1–11 (2020)
Vinayakumar, R.; Soman, K.; Poornachandran, P.: Evaluation of recurrent neural network and its variants for intrusion detection system (ids). Int. J. Inform. Syst. Modeling Design (IJISMD) 8(3), 43–63 (2017)
Kasongo, S.M.: A deep learning technique for intrusion detection system using a recurrent neural networks based framework. Comput. Commun. 199, 113–125 (2023)
Arafah, M.; Phillips, I.; Adnane, A.: Evaluating the impact of generative adversarial models on the performance of anomaly intrusion detection. IET Netw. 13(1), 28–44 (2024)
Srivastava, A.; Sinha, D.; Kumar, V.: Wcgan-gp based synthetic attack data generation with ga based feature selection for ids. Comput. Secur. 134, 103432 (2023)
Al-Yaseen, W.L.; Idrees, A.K.: Mudela: multi-level deep learning approach for intrusion detection systems. Int. J. Comput. Appl. 45(12), 755–763 (2023)
Chen, Z.; Yeo, C.K.; Lee, B.S.; Lau, C.T.: Autoencoder-based network anomaly detection. In: 2018 Wireless Telecommunications Symposium (WTS), pp. 1–5. IEEE (2018)
Yan, Y.; Qi, L.; Wang, J.; Lin, Y.; Chen, L.: A network intrusion detection method based on stacked autoencoder and lstm. In: ICC 2020-2020 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2020)
Tang, C.; Luktarhan, N.; Zhao, Y.: Saae-dnn: Deep learning method on intrusion detection. Symmetry 12(10), 1695 (2020)
Zhou, Z.-H.; Liu, X.-Y.: On multi-class cost-sensitive learning. Comput. Intell. 26(3), 232–257 (2010)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Sivasubramanian, A., Devisetty, M. & Bhavukam, P. Feature Extraction and Anomaly Detection Using Different Autoencoders for Modeling Intrusion Detection Systems. Arab J Sci Eng (2024). https://doi.org/10.1007/s13369-024-08951-5
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s13369-024-08951-5