Anomaly-based Network Intrusion Detection System using Deep Intelligent Technique

Abstract

Background and objectives: Computer systems and network infrastructures are still exposed to
many security risks and cyber-attack vulnerabilities despite advancements of information security.
Traditional signature-based intrusion detection systems and security solutions by matching rule-based
mechanism and prior knowledge are insufficient of fully protecting computer networks against novel
attacks. For this purpose, Anomaly-based Network Intrusion Detection System (A-NIDS) as cyber
security tool is considered for identifying and detecting anomalous behavior in the flow-based network
traffic alongside with firewalls and other security measures. The main objective of the research is to
improve the detection rate and reduce false-positive rates of the classifier using anomaly-based
technique.
Methods: an intelligent technique using deep learning algorithm and mutual information feature
selection (MIFS) method to select optimal features on the benchmark datasets. Proposed method
accurately capable of classifying normal and anomalous states of the data packets in a comprehensive
way by combination of Long-Short term memory (LSTM) algorithm and MIFS method.
Results: The model achieved encouraging results in terms of accuracy 99.79%, 0.002 false-positive rate
with minimum time compared to other models recorded only 81.75s on CSE-CIC-IDS2018 dataset. At
the end of the study, comparative studies are conducted to verify the effectiveness of proposed method
on three realistic and latest intrusion detection data

Deep Learninsets, named CSE_CIC-IDS2018, CIC-IDS2017, and
NF-CSE-CIC-IDS2018 dataset.
Conclusions: Proposed model in a combination of LSTM NN and Feature selection method (MIFS)
increased detection rate and reduced false-positive alarms, also the model able to detect low frequent
attacks while other existing models are suffering from