Journal Home > Volume 26 , Issue 4
Tsinghua Science and Technology 2021, 26(4): 484-495 https://doi.org/10.26599/TST.2020.9010022
Open Access | Issue | Published: 04 January 2021

Intrusion Detection System Using Voting-Based Neural Network

Show Author's Information Mohammad Hashem Haghighat( ) Jun Li( )
Department of Automation, Tsinghua University, Beijing 100084, China.
Keywords:
deep learning, Voting-based Neural Network (VNN), network security, Pearson correlation coefficient
Cite this article:
Haghighat MH, Li J. Intrusion Detection System Using Voting-Based Neural Network. Tsinghua Science and Technology, 2021, 26(4): 484-495. https://doi.org/10.26599/TST.2020.9010022
Download citation
EndNote(RIS)
BibTeX

960

Views

102

Downloads

Citations

35

Crossref

28

WoS

40

Scopus

5

CSCD

Abstract Full text About this article

Several security solutions have been proposed to detect network abnormal behavior. However, successful attacks is still a big concern in computer society. Lots of security breaches, like Distributed Denial of Service (DDoS), botnets, spam, phishing, and so on, are reported every day, while the number of attacks are still increasing. In this paper, a novel voting-based deep learning framework, called VNN, is proposed to take the advantage of any kinds of deep learning structures. Considering several models created by different aspects of data and various deep learning structures, VNN provides the ability to aggregate the best models in order to create more accurate and robust results. Therefore, VNN helps the security specialists to detect more complicated attacks. Experimental results over KDDCUP’99 and CTU-13, as two well known and more widely employed datasets in computer network area, revealed the voting procedure was highly effective to increase the system performance, where the false alarms were reduced up to 75% in comparison with the original deep learning models, including Deep Neural Network (DNN), Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), and Gated Recurrent Unit (GRU).


menu
Abstract
Full text
Outline
About this article

Intrusion Detection System Using Voting-Based Neural Network

Show Author's information Mohammad Hashem Haghighat( )Jun Li( )
Department of Automation, Tsinghua University, Beijing 100084, China.

Abstract

Several security solutions have been proposed to detect network abnormal behavior. However, successful attacks is still a big concern in computer society. Lots of security breaches, like Distributed Denial of Service (DDoS), botnets, spam, phishing, and so on, are reported every day, while the number of attacks are still increasing. In this paper, a novel voting-based deep learning framework, called VNN, is proposed to take the advantage of any kinds of deep learning structures. Considering several models created by different aspects of data and various deep learning structures, VNN provides the ability to aggregate the best models in order to create more accurate and robust results. Therefore, VNN helps the security specialists to detect more complicated attacks. Experimental results over KDDCUP’99 and CTU-13, as two well known and more widely employed datasets in computer network area, revealed the voting procedure was highly effective to increase the system performance, where the false alarms were reduced up to 75% in comparison with the original deep learning models, including Deep Neural Network (DNN), Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), and Gated Recurrent Unit (GRU).

Keywords: deep learning, Voting-based Neural Network (VNN), network security, Pearson correlation coefficient

References(42)

[1]
Sophos 2020 threat report, https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophoslabs-uncut-2020-threat-report.pdf, 2020.
[2]
McAfee labs threats report, https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf, 2019.
[3]
S. Behal, K. Kumar, and M. Sachdeva, D-FACE: An anomaly-based distributed approach for early detection of DDoS attacks and flash events, Journal of Network and Computer Applications, vol. 111, pp.49-63, 2018.
Google Scholar
[4]
O. Elejla, B. Belaton, M. Anbar, and A. Alnajjar, Intrusion detection systems of ICMPv6-based DDoS attacks, Neural Computing and Applications, vol. 30, no. 1, pp. 45-56, 2018.
Google Scholar
[5]
M. H. Haghighat and J. Li, Edmund: Entropy based attack detection and mitigation engine using netflow Data, in Proc. of 8th International Conference on Communication and Network Security, Chengdu, China, 2018, pp. 1-6.
[6]
M. Idhammad, K. Afdel, and M. Belouch, Semi-supervised machine learning approach for DDoS detection, Applied Intelligence, vol. 48, no. 10, pp. 3193-3208, 2018.
Google Scholar
[7]
D. S. Terzi, R. Terzi, and S. Sagiroglu, Big data analytics for network anomaly detection from netflow data, in Proc. of 2017 International Conference on Computer Science and Engineering, Antalya, Turkey, 2017, pp. 592-597.
[8]
J. M. Vidal, A. L. S. Orozco, and L. J. G. Villalba, Adaptive artificial immune networks for mitigating DoS flooding attacks, Swarm and Evolutionary Computation, vol. 38, pp. 94-108, 2018.
Google Scholar
[9]
R. Wang, Z. Jia, and L. Ju, An entropy-based distributed DDoS detection mechanism in software-defined networking, in Proc. of 2015 IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 2015, pp. 310-317.
[10]
G. Aceto, D. Ciuonzo, A. Montieri, and A. Pescapé, Multi-classification approaches for classifying mobile app traffic, Journal of Network and Computer Applications, vol. 103, pp. 131-145, 2018.
Google Scholar
[11]
M. Lotfollahi, M. J. Siavoshani, R. S. Hosseinzade, and M. S. Saberian, Deep packet: A novel approach for encrypted traffic classification using deep learning, Soft Computing, vol. 24, no. 3, pp. 1999-2012, 2020.
Google Scholar
[12]
G. Aceto, D. Ciuonzo, A. Montieri, and A. Pescapè, MIMETIC: Mobile encrypted traffic classification using multimodal deep learning, Computer Networks, vol. 165, pp. 1186-1191, 2019.
Google Scholar
[13]
N. Mansouri and M. Fathi, Simple counting rule for optimal data fusion, in Proc. of 2003 IEEE Conference on Control Applications, Istanbul, Turkey, 2003, pp. 1186-1191.
[14]
D. Ciuonzo, A. De Maio, and P. S. Rossi, A systematic framework for composite hypothesis testing of independent Bernoulli trials, IEEE Signal Processing Letters, vol. 22, no. 9, pp. 1249-1253, 2015.
Google Scholar
[15]
A. Khan and F. Zhang, Using recurrent neural networks (RNNs) as planners for bio-inspired robotic motion, in Proc. of 2017 IEEE Conference on Control Technology and Applications, Mauna Lani, HI, USA, 2017, pp. 1025-1030.
[16]
J. Kim and H. Kim, Applying recurrent neural network to intrusion detection with hessian free optimization, in Proc. of 2015 International Workshop on Information Security Applications, Jeju Island, Korea, 2015, pp. 357-369.
[17]
J. Kim, J. Kim, H. L. T. Thu, and H. Kim, Long short term memory recurrent neural network classifier for intrusion detection, in Proc. of 2016 International Conference on Platform Technology and Service, Jeju South, Korea, 2016, pp. 1-5.
[18]
C. Yin, Y. Zhu, J. Fei, and X. He, A deep learning approach for intrusion detection using recurrent neural networks, IEEE Access, vol. 5, pp. 21 954-21 961, 2017.
Google Scholar
[19]
S. Althubiti, W. Nick, J. Mason, X. Yuan, and A. Esterline, Applying long short-term memory recurrent neural network for intrusion detection, in Proc. of IEEE Southeast Conference 2018, St. Petersburg, FL, USA, 2018, pp. 1-5.
[20]
T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi, and M. Ghogho, Deep recurrent neural network for intrusion detection in SDN-based networks, in Proc. of 2018 4th IEEE Conference on Network Softwarization and Workshops, Montreal, Canada, 2018, pp. 202-206.
[21]
Y. Yao, Y. Wei, F. Gao, and G. Yu, Anomaly intrusion detection approach using hybrid MLP/CNN neural network, in Proc. of Sixth International Conference on Intelligent Systems Design and Applications, Jinan, China, 2006, pp. 1095-1102.
[22]
K. Wu, Z. Chen, and W. Li, A novel intrusion detection model for a massive network using convolutional neural networks, IEEE Access, vol. 6, pp. 50 850-50 859, 2018.
Google Scholar
[23]
M. E. Aminanto and K. Kim, Deep learning-based feature selection for intrusion detection system in transport layer, in Proc. of Summer Conference of Korea Information Security Society, Busan, Korea, 2016, pp. 535-538.
[24]
A. Javaid, Q. Niyaz, W. Sun, and M. Alam, A deep learning approach for network intrusion detection system, in Proc. of 9th EAI International Conference on Bio-inspired Information and Communications Technologies, Brussels, Belgium, 2016, pp. 21-26.
[25]
F. Farahnakian and J. Heikkonen, A deep auto-encoder-based approach for intrusion detection system, in Proc. of 2018 20th International Conference on Advanced Communication Technology, Chuncheon-si Gangwon-do, South Korea, 2018, pp. 178-183.
[26]
R. Salakhutdinov and G. Hinton, Deep boltzmann machines, in Proc. of Twelfth International Conference on Artificial Intelligence and Statistics, Clearwater, FL, USA, 2009, pp. 448-455.
[27]
N. Gao, L. Gao, Q. Gao, and H. Wang, An intrusion detection model based on deep belief networks, in Proc. of IEEE 2014 Second International Conference on Advanced Cloud and Big Data, Huangshan, China, 2014, pp. 247-252.
[28]
X. Zhang and J. Chen, Deep learning-based intelligent intrusion detection, in Proc. of 2017 IEEE 9th International Conference on Communication Software and Networks, Guangzhou, China, 2017, pp. 1133-1137.
[29]
K. Alrawashdeh and C. Purdy, Toward an online anomaly intrusion detection system based on deep learning, in Proc. of 2016 15th IEEE International Conference on Machine Learning and Applications, Anaheim, CA, USA, 2016, pp. 195-200.
[30]
R. Vinayakumar, K. P. Soman, and P. Poornachandran, A comparative analysis of deep learning approaches for network intrusion detection systems (N-IDSs): Deep learning for N-IDSs, International Journal of Digital Crime and Forensics, vol. 11, no. 3, pp. 65-89, 2019.
Google Scholar
[31]
R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat, and S. Venkatraman, Deep learning approach for intelligent intrusion detection system, IEEE Access, vol. 7, pp. 41 525-41 550, 2019.
Google Scholar
[32]
R. Vinayakumar, K. P. Soman, and P. Poornachandran, Evaluation of recurrent neural network and its variants for intrusion detection system (IDS), International Journal of Information System Modeling and Design, vol. 8, no. 3, pp. 43-63, 2017.
Google Scholar
[33]
R. Vinayakumar, K. P. Soman, and P. Poornachandran, Evaluating effectiveness of shallow and deep networks to intrusion detection system, in Proc. of 2017 International Conference on Advances in Computing, Communications and Informatics, Manipal, India, 2017, pp. 1282-1289.
[34]
R. Vinayakumar, K. P. Soman and P. Poornachandran, Applying convolutional neural network for network intrusion detection, in Proc. of 2017 International Conference on Advances in Computing, Communications and Informatics, Manipal, India, 2017, pp. 1222-1228.
[35]
M. H. Haghighat, Z. Abtahi Foroushani, and J. Li, SAWANT: Smart window-based anomaly detection using netflow traffic, in Proc. of 2019 IEEE 19th International Conference on Communication Technology, Xi’an, China, 2019, pp. 1396-1402.
[36]
KDD CUP 1999 dataset, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 1999.
[37]
T. Janarthanan and S. Zargari, Feature selection in UNSW-NB15 and KDDCUP’99 datasets, in Proc. of 2017 IEEE 26th International Symposium on Industrial Electronics, Edinburgh, UK, 2017, pp. 1881-1886.
[38]
R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. McClung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, et al., Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation, in Proc. of DARPA Information Survivability Conference and Exposition, Hilton Head, SC, USA, 2000, pp. 12-26.
[39]
M. Tavallaee, E. Bagheri, W. Lu, and A. Ghorbani, A detailed analysis of the KDDCUP’99 dataset, in Proc. of 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, Canada, 2009, pp. 1-6.
[40]
A. zgür and H. Erdem, A review of KDD’99 dataset usage in intrusion detection and machine learning between 2010 and 2015, .
DOI
[41]
S. J. Finney and C. DiStefano, Non-normal and categorical data in structural equation modeling. Structural Equation Modeling: A Second Course, no. 10, vol. 6, pp. 269-314, 2006.
Google Scholar
[42]
CTU-13 botnet traffic dataset, https://mcfp.weebly.com/, 2011.
Publication history
Copyright
Acknowledgements
Rights and permissions

Publication history

Received: 24 March 2020
Revised: 02 July 2020
Accepted: 10 July 2020
Published: 04 January 2021
Issue date: August 2021

Copyright

© The author(s) 2021

Acknowledgements

This work was supported by the National Natural Science Foundation of China (No. 61872212) and the National Key Research and Development Program of China (No. 2016YFB1000102).

Rights and permissions

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).

Return