Computer Science and Information Systems 2022 Volume 19, Issue 1, Pages: 309-326
https://doi.org/10.2298/CSIS210617055X
Full text ( 753 KB)
Cited by
RICNN: A ResNet&Inception convolutional neural network for intrusion detection of abnormal traffic
Xia Benhui (College of Information Engineering, Shanghai Maritime University Shanghai, China), [email protected]
Han Dezhi (College of Information Engineering, Shanghai Maritime University Shanghai, China), [email protected]
Yin Ximing (The Third Research Institute of Ministry of Public Security Shanghai, China)
Na Gao (College of Information Engineering, Shanghai Maritime University Shanghai, China)
To secure cloud computing and outsourced data while meeting the requirements of automation, many intrusion detection schemes based on deep learning are proposed. Though the detection rate of many network intrusion detection solutions can be quite high nowadays, their identification accuracy on imbalanced abnormal network traffic still remains low. Therefore, this paper proposes a ResNet &Inception-based convolutional neural network (RICNN) model to abnormal traffic classification. RICNN can learn more traffic features through the Inception unit, and the degradation problem of the network is eliminated through the direct mapping unit of ResNet, thus the improvement of the model’s generalization ability can be achievable. In addition, to simplify the network, an improved version of RICNN, which makes it possible to reduce the number of parameters that need to be learnt without degrading identification accuracy, is also proposed in this paper. The experimental results on the dataset CICIDS2017 show that RICNN not only achieves an overall accuracy of 99.386% but also has a high detection rate across different categories, especially for small samples. The comparison experiments show that the recognition rate of RICNN outperforms a variety of CNN models and RNN models, and the best detection accuracy can be achieved.
Keywords: Intrusion Detection, ResNet, Inception, CNN, Traffic Classification, Imbalanced Samples
Show references
Han, D., Pan, N., Li, K.C.: A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection. IEEE Transactions on Dependable and Secure Computing pp. 1-1 (2020)
Cui, M., Han, D., Wang, J.: An efficient and safe road condition monitoring authentication scheme based on fog computing. IEEE Internet of Things Journal 6(5), 9076-9084 (2019)
Cui, M., Han, D., Wang, J., Li, K.C., Chang, C.C.: Arfv: An efficient shared data auditing scheme supporting revocation for fog-assisted vehicular ad-hoc networks. IEEE Transactions on Vehicular Technology 69(12), 15815-15827 (2020)
Xiao, T., Han, D., He, J., Li, K.C., de Mello, R.F.: Multi-keyword ranked search based on mapping set matching in cloud ciphertext storage system. Connection Science 33(1), 95-112 (2021)
Tian, Q., Han, D., Jiang, Y.: Hierarchical authority based weighted attribute encryption scheme. Computer Science and Information Systems 16(3), 797-813 (2019)
Kilincer, I.F., Ertam, F., Sengur, A.: Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks 188, 107840 (2021)
Liu, H., Han, D., Li, D.: Behavior analysis and blockchain based trust management in vanets. Journal of Parallel and Distributed Computing 151, 61-69 (2021)
Tian, Q., Han, D., Li, K., Liu, X., Duan, L., Castiglione, A.: An intrusion detection approach based on improved deep belief network. Applied Intelligence 50(10), 3162-3178 (2020)
Xu, J., Han, D., Li, K., Jiang, H.: A k-means algorithm based on characteristics of density applied to network intrusion detection. Computer Science and Information Systems 17(2), 665- 687 (2020)
Sharafaldin., I., Habibi Lashkari., A., Ghorbani., A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP,. pp. 108-116. INSTICC, SciTePress (2018)
Zhang, Y., Chen, X., Jin, L., Wang, X., Guo, D.: Network intrusion detection: Based on deep hierarchical network and original flow data. IEEE Access 7, 37004-37016 (2019)
Jiang, K.,Wang,W.,Wang, A.,Wu, H.: Network intrusion detection combined hybrid sampling with deep hierarchical network. IEEE Access 8, 32464-32476 (2020)
Japkowicz, N., Stephen, S.: The class imbalance problem: A systematic study. Intelligent data analysis 6(5), 429-449 (2002)
Bailey-Lee, C., Roedel, C., Silenok, E.: Detection and characterization of port scan attacks. Univeristy of California, Department of Computer Science and Engineering pp. 1-7 (2003)
Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K., Kalita, J.K.: Detecting distributed denial of service attacks: Methods, tools and future directions. The Computer Journal 57(4), 537-556 (2014)
Zhao, G., Xu, K., Xu, L.,Wu, B.: Detecting apt malware infections based on malicious dns and traffic analysis. IEEE Access 3, 1132-1142 (2015)
Wang, W., Zhu, M., Zeng, X., Ye, X., Sheng, Y.: Malware traffic classification using convolutional neural network for representation learning. In: 2017 International Conference on Information Networking (ICOIN). pp. 712-717 (2017)
Maseer, Z.K., Yusof, R., Bahaman, N., Mostafa, S.A., Foozy, C.F.M.: Benchmarking of machine learning for anomaly based intrusion detection systems in the cicids2017 dataset. IEEE Access 9, 22351-22370 (2021)
He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR) (June 2016)
Szegedy, C., Liu, W., Jia, Y., Sermanet, P., Reed, S., Anguelov, D., Erhan, D., Vanhoucke, V., Rabinovich, A.: Going deeper with convolutions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR) (June 2016)
Mar´ın, G., Caasas, P., Capdehourat, G.: Deepmal-deep learning models for malware traffic detection and classification. In: Data Science-Analytics and Applications, pp. 105-112. Springer (2021)
Ran, J., Chen, Y., Li, S.: Three-dimensional convolutional neural network based traffic classification for wireless communications. In: 2018 IEEE Global Conference on Signal and Information Processing (GlobalSIP). pp. 624-627 (2018)
Lim, H.K., Kim, J.B., Heo, J.S., Kim, K., Hong, Y.G., Han, Y.H.: Packet-based network traffic classification using deep learning. In: 2019 International Conference on Artificial Intelligence in Information and Communication (ICAIIC). pp. 046-051 (2019)
Wang, W., Zhu, M., Wang, J., Zeng, X., Yang, Z.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). pp. 43-48 (2017)
Zhang, Y., Chen, X., Guo, D., Song, M., Teng, Y.,Wang, X.: Pccn: Parallel cross convolutional neural network for abnormal network traffic flows detection in multi-class imbalanced network traffic flows. IEEE Access 7, 119904-119916 (2019)
Yujie, P., Weina, N., Xiaosong, Z., Jie, Z., Wu, H., Ruidong, C.: End-to-end android malware classification based on pure traffic images. In: 2020 17th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP). pp. 240-245 (2020)
Ho, S., Jufout, S.A., Dajani, K., Mozumdar, M.: A novel intrusion detection model for detecting known and innovative cyberattacks using convolutional neural network. IEEE Open Journal of the Computer Society 2, 14-25 (2021)
Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A., Lloret, J.: Network traffic classifier with convolutional and recurrent neural networks for internet of things. IEEE Access 5, 18042- 18050 (2017)
Roopak, M., Yun Tian, G., Chambers, J.: Deep learning models for cyber security in iot networks. In: 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). pp. 0452-0457 (2019)
Feng, J., Shen, L., Chen, Z., Wang, Y., Li, H.: A two-layer deep learning method for android malware detection using network traffic. IEEE Access 8, 125786-125796 (2020)
Khan, M.A., Karim, M.R., Kim, Y.: A scalable and hybrid intrusion detection system based on the convolutional-lstm network. Symmetry 11(4) (2019)
Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security 31(3), 357-374 (2012)
Sun, P., Liu, P., Li, Q., Liu, C., Lu, X., Hao, R., Chen, J.: Dl-ids: Extracting features using cnnlstm hybrid network for intrusion detection system. Security and Communication Networks 2020 (2020)
Wang, M., Zheng, K., Luo, D., Yang, Y., Wang, X.: An encrypted traffic classification framework based on convolutional neural networks and stacked autoencoders. In: 2020 IEEE 6th International Conference on Computer and Communications (ICCC). pp. 634-641 (2020)
Zhang, W., Wang, J., Chen, S., Qi, H., Li, K.: A framework for resource-aware online traffic classification using cnn. In: Proceedings of the 14th International Conference on Future Internet Technologies. CFI’19, Association for Computing Machinery, New York, NY, USA (2019)
Zhang, C., Chen, Y., Meng, Y., Ruan, F., Chen, R., Li, Y., Yang, Y.: A novel framework design of network intrusion detection based on machine learning techniques. Security and Communication Networks 2021 (2021)
NETRESEC: Splitcap (2010), https://www.netresec.com/index.ashx?page= SplitCap
Chen, Z., He, K., Li, J., Geng, Y.: Seq2img: A sequence-to-image based approach towards ip traffic classification using convolutional neural networks. In: 2017 IEEE International Conference on Big Data (Big Data). pp. 1271-1276 (2017)
Gu, J., Wang, Z., Kuen, J., Ma, L., Shahroudy, A., Shuai, B., Liu, T., Wang, X., Wang, G., Cai, J., Chen, T.: Recent advances in convolutional neural networks. Pattern Recognition 77, 354-377 (2018)
Ioffe, S., Szegedy, C.: Batch normalization: Accelerating deep network training by reducing internal covariate shift. In: Bach, F., Blei, D. (eds.) Proceedings of the 32nd International Conference on Machine Learning. Proceedings of Machine Learning Research, vol. 37, pp. 448-456. PMLR, Lille, France (07-09 Jul 2015)
Azzouni, A., Pujolle, G.: A long short-term memory recurrent neural network framework for network traffic matrix prediction. arXiv preprint arXiv:1705.05690 (2017)
Yuan, X., Li, C., Li, X.: Deepdefense: Identifying ddos attack via deep learning. In: 2017 IEEE International Conference on Smart Computing (SMARTCOMP). pp. 1-8 (2017)
Hwang, R.H., Peng, M.C., Nguyen, V.L., Chang, Y.L.: An lstm-based deep learning approach for classifying malicious traffic at the packet level. Applied Sciences 9(16) (2019)
Kim, A., Park, M., Lee, D.H.: Ai-ids: Application of deep learning to real-time web intrusion detection. IEEE Access 8, 70245-70261 (2020)