Journal of the Korea Society for Simulation (한국시뮬레이션학회논문지)

The Korea Society for Simulation (한국시뮬레이션학회)
권호 표지
DOI QR코드

DOI QR Code

Approach to Improving the Performance of Network Intrusion Detection by Initializing and Updating the Weights of Deep Learning

딥러닝의 가중치 초기화와 갱신에 의한 네트워크 침입탐지의 성능 개선에 대한 접근

  • Received : 2020.11.06
  • Accepted : 2020.12.10
  • Published : 2020.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

As the Internet began to become popular, there have been hacking and attacks on networks including systems, and as the techniques evolved day by day, it put risks and burdens on companies and society. In order to alleviate that risk and burden, it is necessary to detect hacking and attacks early and respond appropriately. Prior to that, it is necessary to increase the reliability in detecting network intrusion. This study was conducted on applying weight initialization and weight optimization to the KDD'99 dataset to improve the accuracy of detecting network intrusion. As for the weight initialization, it was found through experiments that the initialization method related to the weight learning structure, like Xavier and He method, affects the accuracy. In addition, the weight optimization was confirmed through the experiment of the network intrusion detection dataset that the Adam algorithm, which combines the advantages of the Momentum reflecting the previous change and RMSProp, which allows the current weight to be reflected in the learning rate, stands out in terms of accuracy.

인터넷이 대중화되기 시작하면서 해킹 및 시스템과 네트워크에 대한 공격이 있어 왔고, 날로 그 기법들이 진화되면서 기업 및 사회에 위험과 부담감을 주었다. 그러한 위험과 부담감을 덜기 위해서는 조기에 해킹 및 공격을 탐지하여 적절하게 대응해야 하는데, 그에 앞서 반드시 네트워크 침입탐지의 신뢰성을 높일 필요가 있다. 본 연구에서는 네트워크 침입탐지 정확도를 향상시키기 위해 가중치 초기화와 가중치 최적화를 KDD'99 데이터셋에 적용하는 연구를 하였다. 가중치 초기화는 Xavier와 He 방법처럼 가중치 학습 구조와 관련된 초기화 방법이 정확도에 영향을 준다는 것을 실험을 통해 알 수 있었다. 또한 가중치 최적화는 현재 가중치를 학습률에 반영할 수 있도록 한 RMSProp와 이전 변화를 반영한 Momentum의 장점을 결합한 Adam 알고리즘이 정확도면에서 단연 돋보임을 네트워크 침입탐지 데이터셋의 실험을 통해 확인하였다.

Keywords

References

  1. Aljawarneh, S., Aldwairi, M., Yassein, M. B., "Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model", J. Comput. Sci. 25, 152-160, 2018. https://doi.org/10.1016/j.jocs.2017.03.006
  2. Alrawashdeh, K. and Purdy, C., "Toward an online anomaly intrusion detection system based on deep learning", in Proc. 15th IEEE Int. Conf. Mach. Learn. Appl., Anaheim, CA, USA, pp. 195-200, 2016.
  3. DARPA98, MIT Lincoln Labs, 1998 DARPA Intrusion Detection Evaluation. Available on: http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/index.html, 2009.
  4. Djenouri, Y., Belhadi, A., Lin, J. C.-W., Cano, A., "Adapted k-nearest neighbors for detecting anomalies on spatio-temporal traffic flow", IEEE Access 7, 10015-10027, 2019. https://doi.org/10.1109/access.2019.2891933
  5. Ganeshan, R., Rodrigues, S. P., "I-AHSDT, "intrusion detection using adaptive dynamic directive operative fractional lion clustering and hyperbolic secant-based decision tree classifier", J. Exp. Theoret. Artif. Intell. 30(6), 887-910, 2018. https://doi.org/10.1080/0952813x.2018.1509379
  6. Glorot, X. Bengio, Y., March. "Understanding the difficulty of training deep feedforward neural networks", In Proceedings of the thirteenth Int. Conf. on artificial intelligence and statistics, pp. 249-256, 2010.
  7. Han, H., Lu, X. L., Lu, J., Bo, C., & Yong, R. L., "Data mining aided signature discovery in network-based intrusion detection system", ACM SIGOPS Operating Systems Review, Vol. 36, Issue 4, pp. 7-13, 2002. https://doi.org/10.1145/583800.583801
  8. He, K., Zhang, X., Ren, S., & Sun, J., "Delving deep into rectifiers: Surpassing human-level performance on imagenet classification", In Proceedings of the IEEE international conference on computer vision pp. 1026-1034, 2015.
  9. Karami, A., "An anomaly-based intrusion detection system in presence of benign outliers with visualization capabilities", Expert Syst. Appl. 108, 36-60, 2018. https://doi.org/10.1016/j.eswa.2018.04.038
  10. KDD99, KDD Cup 1999 Dataset, http://kdd.ics.uci.edu/databases/kddcup99/kdd cup99.html, 2009.
  11. Kim, J., & Kim, H., "An Effective Intrusion Detection Classifier Using Long Short-Term Platform Technology and Service (PlatCon), 2017 Int. Conf. on, pp. 1-6, 2017a.
  12. Kim, J., Shin, N., Jo, S. Y. and Kim, S. H., "Method of intrusion detection using deep neural network", In 2017 IEEE International Conference on Big Data and Smart Computing (BigComp), pp. 313-316. IEEE, 2017b.
  13. Lee, W., Stolfo, S.J., Chan, P. K., Eskin, E., Fan, W., Miller, M., Hershkop, S. and Zhang, J., "Real time data mining-based intrusion detection", DARPA Information Survivability Conf., 2001.
  14. Northcutt, S., Novak, J., Network intrusion detection an analyst's handbook, 2nd Edition, New Riders, 2002.
  15. Rahul, R. K., T. Anjali, Vijay Krishna Menon, and K. P. Soman. "Deep learning for network flow analysis and malware classification", Int. Symp. on Security in Computing and Communication, pp. 226-235. Springer, Singapore, 2017.
  16. Shang, W., Cui, J., Song, C., Zhao, J., Zeng, P., "Research on industrial control anomaly detection based on FCM and SVM", In 2018 17th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications/12th IEEE Int. Conf. on Big Data Science and Engineering(TrustCom/ BigDataSE), pp. 218 222. IEEE, 2018.
  17. Staudemeyer, R. C., "Applying long short-term memory recurrent neural networks to intrusion detection", South African Computer Journal, vol. 56, no. 1, pp. 136-154, 2015.
  18. Sultana, N., Chilamkurti, N., Peng, W., & Alhadad, R. "Survey on SDN based network intrusion detection system using machine learning approaches", Peer-to-Peer Networking and Applications, vol. 12, no. 2, pp. 493-501. 2019. https://doi.org/10.1007/s12083-017-0630-0
  19. Tian, Y., Mirzabagheri, M., Bamakan, S. M. H., Wang, H., Qiang, Q., "Ramp loss one-class support vector machine; a robust and effective approach to anomaly detection problems", Neurocomputing 310, 223-235, 2018. https://doi.org/10.1016/j.neucom.2018.05.027
  20. Wang, X., Yin, S., Li, H., Wang, J., & Teng, L., "A Network Intrusion Detection Method Based on Deep Multi-scale Convolutional Neural Network", Int. Journal of Wireless Information Networks, 1-15, 2020.
  21. Xin, Y., Kong, L., Liu, Z., Chen, Y., Li, Y., Zhu, H., Gao, M., Hou, H. and Wang, C., "Machine learning and deep learning methods for cybersecurity", IEEE Access 6, 35365-35381, 2018. https://doi.org/10.1109/access.2018.2836950