KNOM Review

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

Stacked Sparse Autoencoder-DeepCNN Model Trained on CICIDS2017 Dataset for Network Intrusion Detection

네트워크 침입 탐지를 위해 CICIDS2017 데이터셋으로 학습한 Stacked Sparse Autoencoder-DeepCNN 모델

  • Lee, Jong-Hwa (Dept. of Computer Science, Kangwon National Univ) ;
  • Kim, Jong-Wouk (IGP. in Medical Bigdata Convergence, Kangwon National Univ.) ;
  • Choi, Mi-Jung (Dept. of Computer Science, Kangwon National Univ)
  • Received : 2021.10.15
  • Accepted : 2021.12.01
  • Published : 2021.12.31
⟨ Previous Next ⟩

Abstract

Service providers using edge computing provide a high level of service. As a result, devices store important information in inner storage and have become a target of the latest cyberattacks, which are more difficult to detect. Although experts use a security system such as intrusion detection systems, the existing intrusion systems have low detection accuracy. Therefore, in this paper, we proposed a machine learning model for more accurate intrusion detections of devices in edge computing. The proposed model is a hybrid model that combines a stacked sparse autoencoder (SSAE) and a convolutional neural network (CNN) to extract important feature vectors from the input data using sparsity constraints. To find the optimal model, we compared and analyzed the performance as adjusting the sparsity coefficient of SSAE. As a result, the model showed the highest accuracy as a 96.9% using the sparsity constraints. Therefore, the model showed the highest performance when model trains only important features.

엣지 컴퓨팅을 사용하는 서비스 공급업체는 높은 수준의 서비스를 제공한다. 이에 따라 다양하고 중요한 정보들이 단말 장치에 저장되면서 탐지하기 더욱 어려운 최신 사이버 공격의 핵심 목표가 됐다. 보안을 위해 침입 탐지시스템과 같은 보안 시스템이 자주 활용되지만, 기존의 침입 탐지 시스템은 탐지 정확도가 낮은 문제점이 존재한다. 따라서 본 논문에서는 엣지 컴퓨팅에서 단말 장치의 더욱 정확한 침입 탐지를 위한 기계 학습 모델을 제안한다. 제안하는 모델은 희소성 제약을 사용하여 입력 데이터의 중요한 특징 벡터들을 추출하는 stacked sparse autoencoder (SSAE)와 convolutional neural network (CNN)를 결합한 하이브리드 모델이다. 최적의 모델을 찾기 위해 SSAE의 희소성 계수를 조절하면서 모델의 성능을 비교 및 분석했다. 그 결과 희소성 계수가 일 때 96.9%로 가장 높은 정확도를 보여주었다. 따라서 모델이 중요한 특징들만 학습할 경우 더 높은 성능을 얻을 수 있었다.

Keywords

Acknowledgement

본 연구는 2020년도 정부(과학기술정보통신부)의 재원으로 한국연구재단의 지원을 받아 수행된 기초연구사업임.(NRF-2020R1A2C1012117).

References

  1. Jiale Zhang, Bing Chen, Yanchao Zhao, Xiang Cheng and Feng Hu, "Data security and privacy-preserving in edge computing paradigm: survey and open issues," Journal of IEEE Access, Vol. 6, pp. 18209-18237, Mar. 2018. https://doi.org/10.1109/ACCESS.2018.2820162
  2. Sydney Mambwe Kasongo and Yanxia Sun, "A deep learning method wih filter based feature engineering for wireless intrusion detection system," Journal of IEEE Access, Vol. 7, pp. 38597-38607, Mar. 2019. https://doi.org/10.1109/ACCESS.2019.2905633
  3. Iftikhar Ahmad, Mohammad Basheri, Muhammad Javed Iqbal and Aneel Rahim, "Performance comparison of support vector machine, random forest, and extreme learning machine for intrusion detection," Journal of IEEE Access, Vol. 6, pp. 33789-33795, May 2018. https://doi.org/10.1109/ACCESS.2018.2841987
  4. Jesper Van Engelen and Holger Hoos, "A survey on semi-supervised learning," Journal of Machine Learning, Vol. 109, No. 2, pp. 373-440, Nov. 2019.
  5. GwiHoon Kim and YongGeun Hong, "Machine learning technology trends in the network," Journal of The Korean Institute of Communication Sciences, Vol. 34, No. 10, pp. 38-44, Sept. 2017.
  6. Ziadoon Kamil Maseer, Robiah Yusof Nazrulazhar Bahaman, Salama A. Mostafa and Cik Feresa Mohd Foozy, "Benchmarking of machine learning for anomaly based intrusion detection systems in the CICIDS2017 dataset," Journal of IEEE Access, Vol 9, pp. 22351-22370, Feb. 2021. https://doi.org/10.1109/ACCESS.2021.3056614
  7. Imtiaz Ullah and Qusay mahmoud, "A two-level hybrid model for anomalous acitivity detection in iot networks," In Proc. of 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, USA, pp. 1-6, Jan. 2019.
  8. Arif Yulianto, Parman Sukarno, and Novian Anggis Suwastika, "Improving adaboost-based intrusion detection system (IDS) performance on CICIDS2017 dataset," Journal of Physics: Conference Series, Vol. 1192, No. 1, p. 012018, 2019.
  9. Prachiti Parkar and Ansh Bilimoria, "A survey on cyber security IDS using ML methods," In Proc. of 5th International Conference on Intelligent Computing and Control Systems, Madurai, India, pp.352-360 , May 2021.
  10. Joohwa Lee, JuGeon Pak and Myungsuk Lee, "Network intrusion detection system using feature extraction based on deep sparse autoencoder," In Proc. of 2020 International Conference on information and Communication Technology Convergence, Jeju, South Korea, pp. 21-23, Oct. 2020.
  11. Andrew NG, "Sparse autoencoder," CS294A Lecture notes, Vol. 72, pp. 1-19, 2011.
  12. BingHao Yan and GuoDong Han, "Effective feature extraction via stacked sparse autoencoder to improve intrusion detection system," Journal of IEEE Access, Vol. 6, pp. 41238-41248, July 2018. https://doi.org/10.1109/ACCESS.2018.2858277
  13. Meliboev Azizjon, Alikhanov Jurnabek and Wooseong Kim, "1D CNN based network intrusion detection with normalization on imbalanced data," In Proc. of 2020 International Conference on Artificial Intelligence in Information and Communication, pp. 218-224, Fukuoka, Japan, Apr. 2020.
  14. Peilun Wu and Hui Guo, "LuNet: a deep neural network for network intrusion detection," In Proc. of 2019 IEEE Symposium Series on Computational Intelligence(SSCI), pp. 617-624, Xiamen, China, Dec. 2019.
  15. AeChan Kim, Mohyun Park, and DongHoon Lee, "Ai-ids: application of deep learning to real-time web intrusion detection," Journal of IEEE Access, Vol. 8, pp. 70245-70261, Apr. 2020. https://doi.org/10.1109/ACCESS.2020.2986882
  16. Iman Sharafaldin, Arash habibi Lashkari, and Ali Ghorbani, "Toward generating a new intrusion detection dataset and intrusion traffic characterization," In Proc. of the 4th international Conference on Information Systems Security and Privacy, pp. 108-116, Funchal, Portugal, Jan. 2018.
  17. Jong-Hwa Lee, Jiwwon Bang, Jong-Wouk Kim, and Mi-Jung Choi, "Experimental comparison of network intrusion detection models solving imbalanced data problem," Journal of KNOM Review, Vol. 23, No. 2, pp. 18-28, Dec. 2020.