Efficacy of Bidirectional LSTM Model for Network-Based Anomaly Detection

Abstract

The Internet is vital in daily applications such as education, health, business, etc. Increasing the usage of the Internet and technology also increases the risk. Cyber attackers can use technology to compromise the triad of the CIA (confidentiality, integrity, and confidentiality). Malicious activities occur in our surroundings without our knowing it. Cyberattacks cannot be seen physically, though occurring to our Internet of things (IoT) devices, personal computers, laptops, and even our networking devices. Network anomaly detection is an efficient way of detecting malicious activities. Network-based anomaly detection captures and analyzes attributes of abnormal behavior in a network. Machine learning and deep learning-based approach are attractive among various known methods for network anomaly detection because they can efficiently analyze big network traffic data for malicious activities and detect zero-day attacks. A Recurrent Neural Network (RNN) model is designed to recognize the sequential characteristics of data and then use the patterns to predict the coming scenario. In this research work, seven different optimizers (Nadam, Adam, RMSprop, Adamax, SGD, Adagrad, and Ftrl), epochs, batch size, and the ratio of training testing data size are analyzed for the Bidirectional Long Short Term Memory (Bi-LSTM) network anomaly detection which provides the highest anomaly detection accuracy of 98.52% on the NSL-KDD binary dataset. The performance is compared using accuracy and F1-score metrics. Performance assessment regarding the accuracy and F1-score revealed that the proposed Bi-LSTM anomaly detection model exhibited better performance than the other existing anomaly detection methods.