International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

A Deep Learning Approach for Intrusion Detection

  • Roua Dhahbi (Higher Institute of Computer Science and Telecom (ISITCOM), University of Sousse) ;
  • Farah Jemili (MARS Research Lab LR17ES05, Higher Institute of Computer Science and Telecom (ISITCOM), University of Sousse)
  • Received : 2023.10.05
  • Published : 2023.10.30
Download PDF
⟨ Previous Next ⟩

Abstract

Intrusion detection has been widely studied in both industry and academia, but cybersecurity analysts always want more accuracy and global threat analysis to secure their systems in cyberspace. Big data represent the great challenge of intrusion detection systems, making it hard to monitor and analyze this large volume of data using traditional techniques. Recently, deep learning has been emerged as a new approach which enables the use of Big Data with a low training time and high accuracy rate. In this paper, we propose an approach of an IDS based on cloud computing and the integration of big data and deep learning techniques to detect different attacks as early as possible. To demonstrate the efficacy of this system, we implement the proposed system within Microsoft Azure Cloud, as it provides both processing power and storage capabilities, using a convolutional neural network (CNN-IDS) with the distributed computing environment Apache Spark, integrated with Keras Deep Learning Library. We study the performance of the model in two categories of classification (binary and multiclass) using CSE-CIC-IDS2018 dataset. Our system showed a great performance due to the integration of deep learning technique and Apache Spark engine.

Keywords

References

  1. "Cisco Cybersecurity Reports," [Online]. Available: https://www.cisco.com/c/en/us/solutions/collateral/executiveperspectives/annual-internet-report/white-paper-c11-741490.html. [Accessed 15 02 2021]. 
  2. R. Di Pietro and L. V. Mancini, Intrusion detection systems, vol. 38, Springer Science & Busines Media, 2008. 
  3. "How much would a data breach cost your business?, " [Online]. Available: https://www.ibm.com/security/data-breach. [Accessed 12 04 2021]. 
  4. "83% Of Enterprise Workloads Will Be In The Cloud By 2020, " [Online].Available:https://www.forbes.com/sites/louiscolumbus/2018/01/07/83-of-enterprise-workloads-will-be-in-the-cloud-by2020/5ea5c4696261. [Accessed 15 04 2021]. 
  5. Y. LeCun, Y. Bengio and G. Hinton, "Deep learning," Nature, vol. 521, pp. 436--444, 2015.  https://doi.org/10.1038/nature14539
  6. Y. Bengio, I. Goodfellow and A. Courville, Deep learning, MIT Press, 2016. 
  7. B. Dong and X. Wang, "Comparison deep learning method to traditional methods using for network intrusion detection," in 2016 8th IEEE International Conference on Communication Software and Networks (ICCSN), pp. 581-585, 2016. 
  8. M. A. Ferrag, L. Maglaras, S. Moschoyiannis and H. Janicke, "Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study," Journal of Information Security and Applications, vol. 50, p. 102419, 2020. 
  9. R. Zhao, R. Yan, Z. Chen, K. Mao, P. Wang and R. X. Gao, "Deep learning and its applications to machine health monitoring: A survey," arXiv preprint arXiv:1612.07640, 2016. 
  10. J. Kim, Y. Shin and E. Choi, "An intrusion detection model based on a convolutional neural network," Journal of Multimedia Information System, vol. 6, pp. 165--172, 2019.  https://doi.org/10.33851/JMIS.2019.6.4.165
  11. Y. Xiao, C. Xing, T. Zhang and Z. Zhao, "An intrusion detection model based on feature reduction and convolutional neural networks," IEEE Access, vol. 7, pp. 42210--42219, 2019.  https://doi.org/10.1109/ACCESS.2019.2904620
  12. M. Belouch, S. El Hadaj and M. Idhammad, "Performance evaluation of intrusion detection based on machine learning using apache spark," Procedia Computer Science, vol. 127, pp. 1--6, 2018.  https://doi.org/10.1016/j.procs.2018.01.091
  13. Y. Dong, R. Wang and J. He, "Real-Time Network Intrusion Detection System Based on Deep Learning," in 2019 IEEE 10th International Conference on Software Engineering and Service Science (ICSESS), IEEE, pp. 1-4, 2019. 
  14. O. Faker and E. Dogdu, "Intrusion detection using big data and deep learning techniques," in Proceedings of the 2019 ACM Southeast Conference, pp. 86-93, 2019. 
  15. M. Hafsa and F. Jemili, "Comparative study between big data analysis techniques in intrusion detection," Big Data and Cognitive Computing, vol. 3, p. 1, 2019, 
  16. P. Lin, K. Ye and C. Z. Xu, "Dynamic network anomaly detection system by using deep learning techniques," in International conference on cloud computing, Springer, pp. 161-176, 2019. 
  17. M. Haggag, M. M Tantawy and M. MS El-Soudani, "Implementing a deep learning model for intrusion detection on apache spark platform," IEEE Access, vol. 8, pp. 163660-163672, 2020.  https://doi.org/10.1109/ACCESS.2020.3019931
  18. V. Pham, E. Seo, T. M. Chung, "Lightweight Convolutional Neural Network Based Intrusion Detection System," J. Commun., vol.15, pp. 808--817, 2020.  https://doi.org/10.12720/jcm.15.11.808-817
  19. M. A. Khan, "HCRNNIDS: Hybrid Convolutional Recurrent Neural Network-Based Network Intrusion Detection System, " Processes, Multidisciplinary Digital Publishing Institute, vol. 9, pp. 834, 2021. 
  20. I. Sharafaldin, A. H. Lashkari and A. A. Ghorbani, "Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization," in ICISSP, pp. 108-116, 2018. 
  21. "CSE-CIC-IDS2018 on AWS," [Online]. Available: https://www.unb.ca/cic/datasets/ids-2018.html. [Accessed 15 03 2021]. 
  22. "CICFlowMeter," [Online]. Available: https://www.unb.ca/cic/research/applications.html#CICFlowMeter. [Accessed 16 03 2021]. 
  23. G. Karatas, O. Demir and O. K. Sahingoz, "Deep Learning in Intrusion Detection Systems," in 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), IEEE, pp. 113-116, 2018. 
  24. "Apache Spark," [Online]. Available: https://databricks.com/spark/about. [Accessed 07 03 2021]. 
  25. "What is Apache Spark in Azure HDInsight," [Online]. Available:https://docs.microsoft.com/enus/azure/hdinsight/spark/apache-spark-overview.[Accessed 20 03 2021]. 
  26. "Azure geographies," [Online]. Available: https://azure.microsoft.com/en-us/globalinfrastructure/geographies/. [Accessed 13 03 2021]. 
  27. "What is Azure HDInsight?," [Online]. Available: https://docs.microsoft.com/enus/azure/hdinsight/hdinsight-overview. [Accessed 14 03 2021]. 
  28. "Blob storage," [Online]. Available: https://azure.microsoft.com/en-us/services/storage/blobs/. [Accessed 27 02 2021]. 
  29. "Evaluation Metrics - RDD-based API," [Online].Available: https://spark.apache.org/docs/2.1.0/mllib-evaluation-metrics.html. [Accessed 18/04/2021].