A deep learning method to detect network intrusion through flow-based features

Pektas A., ACARMAN T.

INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, vol.29, no.3, 2019 (Journal Indexed in SCI) identifier identifier

  • Publication Type: Article / Article
  • Volume: 29 Issue: 3
  • Publication Date: 2019
  • Doi Number: 10.1002/nem.2050


In this paper, we present a deep neural network model to enhance the intrusion detection performance. A deep learning architecture combining convolution neural network and long short-term memory learns spatial-temporal features of network flows automatically. Flow features are extracted from raw network traffic captures, flows are grouped, and the consecutive N flow records are transformed into a two-dimensional array like an image. These constructed two-dimensional feature vectors are normalized and forwarded to the deep learning model. Transformation of flow information assures deep learning in a computationally efficient manner. Overall, convolution neural network learns spatial features, and long short-term memory learns temporal features from a sequence of network raw data packets. To maximize the detection performance of the deep neural network and to reach at the highest statistical metric values, we apply the tree-structured Parzen estimator seeking the optimum parameters in the parameter hyper-plane. Furthermore, we investigate the impact of flow status interval, flow window size, convolution filter size, and long short-term memory units to the detection performance in terms of level in statistical metric values. The presented flow-based intrusion method outperforms other publicly available methods, and it detects abnormal traffic with 99.09% accuracy and 0.0227 false alarm rate.