A deep learning method to detect network intrusion through flow-based features


Pektas A., ACARMAN T.

INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, cilt.29, sa.3, 2019 (SCI-Expanded) identifier identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 29 Sayı: 3
  • Basım Tarihi: 2019
  • Doi Numarası: 10.1002/nem.2050
  • Dergi Adı: INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus
  • Galatasaray Üniversitesi Adresli: Evet

Özet

In this paper, we present a deep neural network model to enhance the intrusion detection performance. A deep learning architecture combining convolution neural network and long short-term memory learns spatial-temporal features of network flows automatically. Flow features are extracted from raw network traffic captures, flows are grouped, and the consecutive N flow records are transformed into a two-dimensional array like an image. These constructed two-dimensional feature vectors are normalized and forwarded to the deep learning model. Transformation of flow information assures deep learning in a computationally efficient manner. Overall, convolution neural network learns spatial features, and long short-term memory learns temporal features from a sequence of network raw data packets. To maximize the detection performance of the deep neural network and to reach at the highest statistical metric values, we apply the tree-structured Parzen estimator seeking the optimum parameters in the parameter hyper-plane. Furthermore, we investigate the impact of flow status interval, flow window size, convolution filter size, and long short-term memory units to the detection performance in terms of level in statistical metric values. The presented flow-based intrusion method outperforms other publicly available methods, and it detects abnormal traffic with 99.09% accuracy and 0.0227 false alarm rate.