Skip to main content
SpringerLink
Log in

Feature Extraction and Anomaly Detection Using Different Autoencoders for Modeling Intrusion Detection Systems

  • Research Article-Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

Maintaining network security by preventing attacks is essential for a network intrusion detection system. Machine learning techniques heavily depend on artificial feature extraction and have high complexity. However, autoencoders have shown promising results in reconstructing the input from reduced latent layer features, which can help perform additional tasks such as threat classification. This work analyzes the performance of different autoencoder models. It introduces CAAE-DNN: a feature extraction and classification intrusion detection model based on a convolutional auto-encoder, an attention mechanism, and a deep neural network (DNN). It has also been coupled with correlation-based feature selection to aid feature extraction. Owing to different data distributions, the model’s performance has been evaluated on two parts of the benchmark NSL-KDD dataset: on the data by doing a 90:10 train-test split and on the NSL-KDD Test+ data to check performance in a broader variety of attacks. After feature extraction, we noticed a smooth convergence of the epoch vs loss curve. Analysis with cost-sensitive learning has also been done because of the class imbalance in the dataset. They yield high classification metrics with an accuracy of 79.18% to build an efficient IDS. Finally, the ROC-AUC curves have also been plotted and analyzed to understand the performance with respect to each class of the model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Inayat, Z.; Gani, A.; Anuar, N.B.; Khan, M.K.; Anwar, S.: Intrusion response systems: foundations, design, and challenges. J. Netw. Comput. Appl. 62, 53–74 (2016)

    Article  Google Scholar 

  2. Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical Report, James P. Anderson Company (1980)

  3. Gumus, F.; Sakar, C.O.; Erdem, Z.; Kursun, O.: Online naive bayes classification for network intrusion detection. In: 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014), pp. 670–674. IEEE (2014)

  4. Buczak, A.L.; Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2015)

    Article  Google Scholar 

  5. Elmasry, W.; Akbulut, A.; Zaim, A.H.: Evolving deep learning architectures for network intrusion detection using a double pso metaheuristic. Comput. Netw. 168, 107042 (2020)

    Article  Google Scholar 

  6. Alagrash, Y.; Drebee, A.; Zirjawi, N.; et al.: Comparing the area of data mining algorithms in network intrusion detection. J. Inf. Secur. 11(01), 1 (2019)

    Google Scholar 

  7. Khammassi, C.; Krichen, S.: A nsga2-lr wrapper approach for feature selection in network intrusion detection. Comput. Netw. 172, 107183 (2020)

    Article  Google Scholar 

  8. Gauthama Raman, M.; Somu, N.; Jagarapu, S.; Manghnani, T.; Selvam, T.; Krithivasan, K.; Shankar Sriram, V.: An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artif. Intell. Rev. 53, 3255–3286 (2020)

    Article  Google Scholar 

  9. Coates, A.; Ng, A.; Lee, H.: An analysis of single-layer networks in unsupervised feature learning. In: Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics, pp. 215–223. JMLR Workshop and Conference Proceedings (2011)

  10. Huang, W.; Stokes, J.W.: Mtnet: a multi-task neural network for dynamic malware classification. In: Detection of Intrusions and Malware, and Vulnerability Assessment: 13th International Conference, DIMVA 2016, San Sebastián, Spain, July 7-8, 2016, Proceedings 13, pp. 399–418. Springer (2016)

  11. Vinayakumar, R.; Alazab, M.; Soman, K.; Poornachandran, P.; Al-Nemrat, A.; Venkatraman, S.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019)

    Article  Google Scholar 

  12. Ieracitano, C.; Adeel, A.; Morabito, F.C.; Hussain, A.: A novel statistical analysis and autoencoder driven intelligent intrusion detection approach. Neurocomputing 387, 51–62 (2020)

    Article  Google Scholar 

  13. Vinayakumar, R.; Soman, K.; Poornachandran, P.: A comparative analysis of deep learning approaches for network intrusion detection systems (n-idss): deep learning for n-idss. Int. J. Digital Crime Forensics (IJDCF) 11(3), 65–89 (2019)

    Article  Google Scholar 

  14. Dey, S.K.; Rahman, M.M.: Effects of machine learning approach in flow-based anomaly detection on software-defined networking. Symmetry 12(1), 7 (2019)

    Article  Google Scholar 

  15. Elmasry, W.; Akbulut, A.; Zaim, A.H.: Evolving deep learning architectures for network intrusion detection using a double pso metaheuristic. Comput. Netw. 168, 107042 (2020)

    Article  Google Scholar 

  16. Safara, F.; Souri, A.; Serrizadeh, M.: Improved intrusion detection method for communication networks using association rule mining and artificial neural networks. IET Commun. 14(7), 1192–1197 (2020)

    Article  Google Scholar 

  17. Iwendi, C.; Khan, S.; Anajemba, J.H.; Mittal, M.; Alenezi, M.; Alazab, M.: The use of ensemble models for multiple class and binary class classification for improving intrusion detection systems. Sensors 20(9), 2559 (2020)

    Article  Google Scholar 

  18. Mikhail, J.W.; Fossaceca, J.M.; Iammartino, R.: A semi-boosted nested model with sensitivity-based weighted binarization for multi-domain network intrusion detection. ACM Transact. Int. Syst. Technol. (TIST) 10(3), 1–27 (2019)

    Article  Google Scholar 

  19. Kumar, G.: An improved ensemble approach for effective intrusion detection. J. Supercomput. 76(1), 275–291 (2020)

  20. Farnaaz, N.; Jabbar, M.: Random forest modeling for network intrusion detection system. Procedia Comput. Sci. 89, 213–217 (2016)

    Article  Google Scholar 

  21. Nguyen, Q.T.; Tran, K.P.; Castagliola, P.; Huong, T.T.; Nguyen, M.K.; Lardjane, S.: Nested one-class support vector machines for network intrusion detection. In: 2018 IEEE Seventh International Conference on Communications and Electronics (ICCE), pp. 7–12. IEEE (2018)

  22. Priyanshu, A., Shastri, S., Medicherla, S.S.: Arlif-Ids–Attention Augmented Real-Time Isolation Forest Intrusion Detection System. arXiv preprint arXiv:2204.09737 (2022)

  23. Vigneswaran, R.K.; Vinayakumar, R.; Soman, K.; Poornachandran, P.: Evaluating shallow and deep neural networks for network intrusion detection systems in cyber security. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–6. IEEE (2018)

  24. Shenfield, A.; Day, D.; Ayesh, A.: Intelligent intrusion detection systems using artificial neural networks. Ict Express 4(2), 95–99 (2018)

    Article  Google Scholar 

  25. Liu, G.; Zhang, J.: Cnid: research of network intrusion detection based on convolutional neural network. Discret. Dyn. Nat. Soc. 2020, 1–11 (2020)

    Google Scholar 

  26. Vinayakumar, R.; Soman, K.; Poornachandran, P.: Evaluation of recurrent neural network and its variants for intrusion detection system (ids). Int. J. Inform. Syst. Modeling Design (IJISMD) 8(3), 43–63 (2017)

    Article  Google Scholar 

  27. Kasongo, S.M.: A deep learning technique for intrusion detection system using a recurrent neural networks based framework. Comput. Commun. 199, 113–125 (2023)

    Article  Google Scholar 

  28. Arafah, M.; Phillips, I.; Adnane, A.: Evaluating the impact of generative adversarial models on the performance of anomaly intrusion detection. IET Netw. 13(1), 28–44 (2024)

    Article  Google Scholar 

  29. Srivastava, A.; Sinha, D.; Kumar, V.: Wcgan-gp based synthetic attack data generation with ga based feature selection for ids. Comput. Secur. 134, 103432 (2023)

    Article  Google Scholar 

  30. Al-Yaseen, W.L.; Idrees, A.K.: Mudela: multi-level deep learning approach for intrusion detection systems. Int. J. Comput. Appl. 45(12), 755–763 (2023)

    Google Scholar 

  31. Chen, Z.; Yeo, C.K.; Lee, B.S.; Lau, C.T.: Autoencoder-based network anomaly detection. In: 2018 Wireless Telecommunications Symposium (WTS), pp. 1–5. IEEE (2018)

  32. Yan, Y.; Qi, L.; Wang, J.; Lin, Y.; Chen, L.: A network intrusion detection method based on stacked autoencoder and lstm. In: ICC 2020-2020 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2020)

  33. Tang, C.; Luktarhan, N.; Zhao, Y.: Saae-dnn: Deep learning method on intrusion detection. Symmetry 12(10), 1695 (2020)

    Article  Google Scholar 

  34. Zhou, Z.-H.; Liu, X.-Y.: On multi-class cost-sensitive learning. Comput. Intell. 26(3), 232–257 (2010)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Amrita School of Artificial Intelligence, Amrita Vishwa Vidyapeetham, Coimbatore, India

    Arrun Sivasubramanian, Mithil Devisetty & Premjith Bhavukam

Authors
  1. Arrun Sivasubramanian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mithil Devisetty
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Premjith Bhavukam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Premjith Bhavukam.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sivasubramanian, A., Devisetty, M. & Bhavukam, P. Feature Extraction and Anomaly Detection Using Different Autoencoders for Modeling Intrusion Detection Systems. Arab J Sci Eng (2024). https://doi.org/10.1007/s13369-024-08951-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s13369-024-08951-5

Keywords

Search

Navigation