research-article

RANet: : Network intrusion detection with group-gating convolutional neural network

Authors:

Xiaoqing Zhang,

Wei SheAuthors Info & Claims

Volume 198, Issue C

https://doi.org/10.1016/j.jnca.2021.103266

Published: 01 February 2022 Publication History

Abstract

With the rapid increase of human activities in cyberspace, various network intrusions are tended to be frequent and hidden. Network intrusion detection (NID) has attracted more and more attention from industrial and academic fields. Over the years, researchers have developed artificial intelligence methods to tackle them. However, most existing methods are usually not feasible and sustainable when faced with the demands of current NID systems. To alleviate this problem, this paper proposes a novel convolutional neural network (CNN) named RANet for NID automatically. In RANet, we not only introduce a Group-Gating module but also apply the overlapping method to the last max-pooling layer. Based on the hyper-parameter settings of our RANet, a lot of performance comparison experiments are conducted. The results demonstrate that RANet achieves better NID performance than strong baselines and existing state-of-the-art methods on five publicly available NID benchmarks. For example, the RANet improves accuracy with approximately 5.3% on NSL-KDD T e s t − 21 dataset through comparisons to state-of-the-art baselines. Moreover, the results of RANet also indicate that it has the great potential or use in current NID systems.

References

[1]

Aceto G., Ciuonzo D., Montieri A., Pescapè A., MIMETIC: Mobile encrypted traffic classification using multimodal deep learning, Comput. Netw. 165 (2019).

Digital Library

[2]

Aceto G., Ciuonzo D., Montieri A., Pescapé A., Mobile encrypted traffic classification using deep learning: Experimental evaluation, lessons learned, and challenges, IEEE Trans. Netw. Serv. Manag. 16 (2) (2019) 445–458.

[3]

Agarap A.F.M., A neural network architecture combining gated recurrent unit (GRU) and support vector machine (SVM) for intrusion detection in network traffic data, in: Proceedings of the 2018 10th International Conference on Machine Learning and Computing, ACM, 2018, pp. 26–30.

[4]

Aksu D., Aydin M.A., Detecting port scan attempts with comparative analysis of deep learning and support vector machine algorithms, in: 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), IEEE, 2018, pp. 77–80.

[5]

Al-Yaseen W.L., Othman Z.A., Nazri M.Z.A., Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system, Expert Syst. Appl. 67 (2017) 296–303,.

Digital Library

[6]

Aliakbarisani R., Ghasemi A., Wu S.F., A data-driven metric learning-based scheme for unsupervised network anomaly detection, Comput. Electr. Eng. 73 (2019) 71–83.

[7]

Alrawashdeh K., Purdy C., Toward an online anomaly intrusion detection system based on deep learning, in: 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA), IEEE, 2016, pp. 195–200,.

[8]

Ambusaidi M.A., He X., Nanda P., Tan Z., Building an intrusion detection system using a filter-based feature selection algorithm, IEEE Trans. Comput. 65 (10) (2016) 2986–2998,.

Digital Library

[9]

Chawla A., Lee B., Fallon S., Jacob P., Host based intrusion detection system with combined CNN/RNN model, in: Joint European Conference on Machine Learning and Knowledge Discovery in Databases, Springer, 2018, pp. 149–158.

[10]

Collobert R., Weston J., A unified architecture for natural language processing: Deep neural networks with multitask learning, in: Proceedings of the 25th International Conference on Machine Learning, ACM, 2008, pp. 160–167,.

Digital Library

[11]

Collobert R., Weston J., Bottou L., Karlen M., Kavukcuoglu K., Kuksa P., Natural language processing (almost) from scratch, J. Mach. Learn. Res. 12 (Aug) (2011) 2493–2537.

[12]

Cui J., Long J., Min E., Liu Q., Li Q., Comparative study of CNN and RNN for deep learning based intrusion detection system, in: International Conference on Cloud Computing and Security, Springer, 2018, pp. 159–170.

[13]

Dauphin Y.N., Fan A., Auli M., Grangier D., Language modeling with gated convolutional networks, in: Proceedings of the 34th International Conference on Machine Learning-Volume 70, JMLR. org, 2017, pp. 933–941.

[14]

Ferrag M.A., Maglaras L., Moschoyiannis S., Janicke H., Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study, J. Inf. Secur. Appl. 50 (2020).

Digital Library

[15]

Garg S., Singh R., Obaidat M.S., Bhalla V.K., Sharma B., Statistical vertical reduction-based data abridging technique for big network traffic dataset, Int. J. Commun. Syst. 33 (4) (2020).

[16]

Hacibeyoğlu M., Karlik B., et al., Design of multilevel hybrid classifier with variant feature sets for intrusion detection system, IEICE Trans. Inf. Syst. 99 (7) (2016) 1810–1821,.

[17]

Hasan M.A.M., Nasser M., Pal B., Ahmad S., Support vector machine and random forest modeling for intrusion detection system (IDS), J. Intell. Learn. Syst. Appl. 6 (01) (2014) 45,.

[18]

Howard A.G., Zhu M., Chen B., Kalenichenko D., Wang W., Weyand T., Andreetto M., Adam H., Mobilenets: Efficient convolutional neural networks for mobile vision applications, 2017, arXiv preprint arXiv:1704.04861.

[19]

Hua B.-S., Tran M.-K., Yeung S.-K., Pointwise convolutional neural networks, in: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2018, pp. 984–993,.

[20]

Ingre B., Yadav A., Performance analysis of NSL-KDD dataset using ANN, in: 2015 International Conference on Signal Processing and Communication Engineering Systems, IEEE, 2015, pp. 92–96,.

[21]

Ioffe S., Szegedy C., Batch normalization: Accelerating deep network training by reducing internal covariate shift, 2015, pp. 448–456. URL http://jmlr.org/proceedings/papers/v37/ioffe15.pdf.

[22]

Kalchbrenner N., Grefenstette E., Blunsom P., A convolutional neural network for modelling sentences, 2014,. arXiv preprint arXiv:1404.2188.

[23]

Khammassi C., Krichen S., A GA-LR wrapper approach for feature selection in network intrusion detection, Comput. Secur. 70 (2017) 255–277,.

[24]

Kim J., Shin N., Jo S.Y., Kim S.H., Method of intrusion detection using deep neural network, in: 2017 IEEE International Conference on Big Data and Smart Computing (BigComp), IEEE, 2017, pp. 313–316,.

[25]

Kingma D.P., Ba J., Adam: A method for stochastic optimization, 2014, arXiv preprint arXiv:1412.6980.

[26]

Krause J., Jin H., Yang J., Fei-Fei L., Fine-grained recognition without part annotations, in: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2015, pp. 5546–5555,.

[27]

Krizhevsky A., Sutskever I., Hinton G.E., Imagenet classification with deep convolutional neural networks, in: Advances in Neural Information Processing Systems, 2012, pp. 1097–1105,.

Digital Library

[28]

Li Z., Qin Z., Huang K., Yang X., Ye S., Intrusion detection using convolutional neural networks for representation learning, in: International Conference on Neural Information Processing, Springer, 2017, pp. 858–866.

[29]

Li Y., Xu Y., Liu Z., Hou H., Zheng Y., Xin Y., Zhao Y., Cui L., Robust detection for network intrusion of industrial IoT based on multi-CNN fusion, Measurement 154 (2020),. URL http://www.sciencedirect.com/science/article/pii/S026322411931317X.

[30]

Lin, S.Z., Shi, Y., Xue, Z., 2018. Character-level intrusion detection based on convolutional neural networks. In: 2018 International Joint Conference on Neural Networks (IJCNN), pp. 1–8.

[31]

Liu H., Lang B., Liu M., Yan H., CNN and RNN based payload classification methods for attack detection, Knowl.-Based Syst. 163 (2019) 332–341,. URL http://www.sciencedirect.com/science/article/pii/S0950705118304325.

[32]

Malaiya R.K., Kwon D., Kim J., Suh S.C., Kim H., Kim I., An empirical evaluation of deep learning for network anomaly detection, in: 2018 International Conference on Computing, Networking and Communications (ICNC), IEEE, 2018, pp. 893–898.

[33]

Moustafa, N., Slay, J., 2015. Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6.

[34]

Moustafa N., Slay J., Creech G., Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks, IEEE Trans. Big Data 5 (4) (2019) 481–494.

[35]

Papamartzivanos D., Mármol F.G., Kambourakis G., Dendron: Genetic trees driven rule induction for network intrusion detection systems, Future Gener. Comput. Syst. 79 (2018) 558–574,.

Digital Library

[36]

Parsaei M.R., Rostami S.M., Javidan R., A hybrid data mining approach for intrusion detection on imbalanced NSL-KDD dataset, Int. J. Adv. Comput. Sci. Appl. 7 (6) (2016) 20–25,.

[37]

Ramaiah M., Chandrasekaran V., Ravi V., Kumar N., An intrusion detection system using optimized deep neural network architecture, Trans. Emerg. Telecommun. Technol. 32 (4) (2021).

[38]

Ravi V., Alazab M., Srinivasan S., Arunachalam A., Soman K., Adversarial defense: DGA-based botnets and DNS homographs detection through integrated deep learning, IEEE Trans. Eng. Manage. (2021).

[39]

Sharafaldin I., Lashkari A.H., Ghorbani A.A., Toward generating a new intrusion detection dataset and intrusion traffic characterization, ICISSp 1 (2018) 108–116.

[40]

Shone N., Ngoc T.N., Phai V.D., Shi Q., A deep learning approach to network intrusion detection, IEEE Trans. Emerg. Top. Comput. Intell. 2 (1) (2018) 41–50,.

[41]

Simonyan K., Zisserman A., Very deep convolutional networks for large-scale image recognition, 2014, arXiv preprint arXiv:1409.1556.

[42]

Singh R., Kumar H., Singla R., An intrusion detection system using network traffic profiling and online sequential extreme learning machine, Expert Syst. Appl. 42 (22) (2015) 8609–8624,.

Digital Library

[43]

Song Y., Hu J., Large-scale group decision making with multiple stakeholders based on probabilistic linguistic preference relation, Appl. Soft Comput. 80 (2019) 712–722,.

Digital Library

[44]

Song J., Takakura H., Okabe Y., Description of kyoto university benchmark data, 2006, Available at link: http://www.takakura.com/Kyoto_data/BenchmarkData-Description-v5.pdf, [Accessed on 15 March 2016].

[45]

Song J., Takakura H., Okabe Y., Inoue D., Eto M., Nakao K., A comparative study of unsupervised anomaly detection techniques using honeypot data, IEICE Trans. Inf. Syst. E93.D (9) (2010) 2544–2554,.

[46]

Sriram S., Simran K., Vinayakumar R., Akarsh S., Soman K., Towards evaluating the robustness of deep intrusion detection models in adversarial environment, in: International Symposium on Security in Computing and Communication, Springer, 2019, pp. 111–120.

[47]

Sriram S., Vinayakumar R., Alazab M., Soman K., Network flow based IoT botnet attack detection using deep learning, in: IEEE INFOCOM 2020-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), IEEE, 2020, pp. 189–194.

[48]

Srivastava N., Hinton G., Krizhevsky A., Sutskever I., Salakhutdinov R., Dropout: A simple way to prevent neural networks from overfitting, J. Mach. Learn. Res. 15 (56) (2014) 1929–1958. URL http://jmlr.org/papers/v15/srivastava14a.html.

[49]

Szegedy, C., Ioffe, S., Vanhoucke, V., Alemi, A.A., 2017. Inception-v4, inception-resnet and the impact of residual connections on learning. In: Thirty-First AAAI Conference on Artificial Intelligence.

[50]

Szegedy C., Vanhoucke V., Ioffe S., Shlens J., Wojna Z., Rethinking the inception architecture for computer vision, in: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2016, pp. 2818–2826,.

[51]

Tavallaee M., Bagheri E., Lu W., Ghorbani A.A., A detailed analysis of the KDD cup 99 data set, in: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, IEEE, 2009, pp. 1–6,.

[52]

Venkatraman S., Alazab M., Vinayakumar R., A hybrid deep learning image-based analysis for effective malware detection, J. Inf. Secur. Appl. 47 (2019) 377–389.

Digital Library

[53]

Vinayakumar R., Alazab M., Soman K., Poornachandran P., Al-Nemrat A., Venkatraman S., Deep learning approach for intelligent intrusion detection system, IEEE Access 7 (2019) 41525–41550.

[54]

Vinayakumar R., Alazab M., Srinivasan S., Pham Q.-V., Padannayil S.K., Simran K., A visualized botnet detection system based deep learning for the internet of things networks of smart cities, IEEE Trans. Ind. Appl. 56 (4) (2020) 4436–4456.

[55]

Vinayakumar R., Soman K., Poornachandran P., Applying convolutional neural network for network intrusion detection, in: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), IEEE, 2017, pp. 1222–1228.

[56]

Wang L., Lu H., Ruan X., Yang M.-H., Deep networks for saliency detection via local estimation and global search, in: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2015, pp. 3183–3192,.

[57]

Wang S.-H., Muhammad K., Hong J., Sangaiah A.K., Zhang Y.-D., Alcoholism identification via convolutional neural network based on parametric ReLU, dropout, and batch normalization, Neural Comput. Appl. 32 (3, SI) (2020) 665–680,.

Digital Library

[58]

Wu P., Guo H., Lunet: A deep neural network for network intrusion detection, 2019, arXiv preprint arXiv:1909.10031.

[59]

Wu Z., Wang J., Hu L., Zhang Z., Wu H., A network intrusion detection method based on semantic re-encoding and deep learning, J. Netw. Comput. Appl. 164 (2020),. URL http://www.sciencedirect.com/science/article/pii/S1084804520301624.

[60]

Xiao Y., Xing C., Zhang T., Zhao Z., An intrusion detection model based on feature reduction and convolutional neural networks, IEEE Access 7 (2019) 42210–42219.

[61]

Xiao T., Xu Y., Yang K., Zhang J., Peng Y., Zhang Z., The application of two-level attention models in deep convolutional neural network for fine-grained image classification, in: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2015, pp. 842–850,.

[62]

Yan B., Han G., LA-GRU: Building combined intrusion detection model based on imbalanced learning and gated recurrent unit neural network, Secur. Commun. Netw. 2018 (2018),.

Digital Library

[63]

Yin C., Zhu Y., Fei J., He X., A deep learning approach for intrusion detection using recurrent neural networks, IEEE Access 5 (2017) 21954–21961.

[64]

Yuan Y., Huo L., Hogrefe D., Two layers multi-class detection method for network intrusion detection system, in: 2017 IEEE Symposium on Computers and Communications (ISCC), IEEE, 2017, pp. 767–772,.

[65]

Zhang T., Qi G.-J., Xiao B., Wang J., Interleaved group convolutions, in: Proceedings of the IEEE International Conference on Computer Vision, 2017, pp. 4373–4382,.

[66]

Zhang X., Zhao H., Zhang S., Li R., A novel deep neural network model for multi-label chronic disease prediction, Front. Genet. 10 (2019),.

Cited By

Wang XWang ZWang ESun Z(2024)Spatial-temporal knowledge distillation for lightweight network traffic anomaly detectionComputers and Security10.1016/j.cose.2023.103636137:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103636
Li ZHuang CQiu W(2024)An intrusion detection method combining variational auto-encoder and generative adversarial networksComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2024.110724253:COnline publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1016/j.comnet.2024.110724
Han F(2023)Research on Network Security Technology Based on Machine LearningProceedings of the 6th International Conference on Information Technologies and Electrical Engineering10.1145/3640115.3640189(455-461)Online publication date: 3-Nov-2023
https://dl.acm.org/doi/10.1145/3640115.3640189
Show More Cited By

Index Terms

RANet: Network intrusion detection with group-gating convolutional neural network

Index terms have been assigned to the content through auto-classification.

Recommendations

Filtering False Positives Based on Server-Side Behaviors

Reducing the rate of false positives is of vital importance in enhancing the usefulness of signature-based network intrusion detection systems (NIDSs). To reduce the number of false positives, a network administrator must thoroughly investigate a ...
Alert verification evasion through server response forging
RAID'07: Proceedings of the 10th international conference on Recent advances in intrusion detection

Intrusion Detection Systems (IDSs) are necessary components in the defense of any computer network. Network administrators rely on IDSs to detect attacks, but ultimately it is their responsibility to investigate IDS alerts and determine the damage done. ...
Enhancing byte-level network intrusion detection signatures with context
CCS '03: Proceedings of the 10th ACM conference on Computer and communications security

Many network intrusion detection systems (NIDS) use byte sequences as signatures to detect malicious activity. While being highly efficient, they tend to suffer from a high false-positive rate. We develop the concept of contextual signatures as an ...

Comments

Information & Contributors

Information

Published In

cover image Journal of Network and Computer Applications

Journal of Network and Computer Applications Volume 198, Issue C

Feb 2022

161 pages

ISSN:1084-8045

Issue’s Table of Contents

Elsevier Ltd.

Publisher

Academic Press Ltd.

United Kingdom

Publication History

Published: 01 February 2022

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang XWang ZWang ESun Z(2024)Spatial-temporal knowledge distillation for lightweight network traffic anomaly detectionComputers and Security10.1016/j.cose.2023.103636137:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103636
Li ZHuang CQiu W(2024)An intrusion detection method combining variational auto-encoder and generative adversarial networksComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2024.110724253:COnline publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1016/j.comnet.2024.110724
Han F(2023)Research on Network Security Technology Based on Machine LearningProceedings of the 6th International Conference on Information Technologies and Electrical Engineering10.1145/3640115.3640189(455-461)Online publication date: 3-Nov-2023
https://dl.acm.org/doi/10.1145/3640115.3640189
Zhang XWu XXiao ZHu LQiu ZSun QHigashita RLiu J(2023)Mixed‐decomposed convolutional networkCAAI Transactions on Intelligence Technology10.1049/cit2.122469:2(319-332)Online publication date: 4-Jun-2023
https://dl.acm.org/doi/10.1049/cit2.12246
Vo HDu HNguyen H(2023)AI-powered intrusion detection in large-scale traffic networks based on flow sensing strategy and parallel deep analysisJournal of Network and Computer Applications10.1016/j.jnca.2023.103735220:COnline publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1016/j.jnca.2023.103735
Yao WShi HZhao H(2023)Scalable anomaly-based intrusion detection for secure Internet of Things using generative adversarial networks in fog environmentJournal of Network and Computer Applications10.1016/j.jnca.2023.103622214:COnline publication date: 1-May-2023
https://dl.acm.org/doi/10.1016/j.jnca.2023.103622
Zhou YHu BZhang JSun LZhu XLiu T(2023)Detecting suspicious transactions in a virtual-currency-enabled online social networkJournal of Network and Computer Applications10.1016/j.jnca.2022.103555211:COnline publication date: 1-Feb-2023
https://dl.acm.org/doi/10.1016/j.jnca.2022.103555
Mushtaq EZameer ANasir R(2023)Knacks of a hybrid anomaly detection model using deep auto-encoder driven gated recurrent unitComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2023.109681226:COnline publication date: 1-May-2023
https://dl.acm.org/doi/10.1016/j.comnet.2023.109681

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents