Developing anomaly based network intrusion Detection system model using deep learning approach

Abstract

Network intrusion detection system is a process of automatic detection that applies during the
network security policy violence and malicious activities which tries to compromise
authentication, integrity, and confidentiality. Anomaly-based network intrusion detection system
provides additional security mechanisms for the data that is accumulated through networked
computers. Hence it has an incredible role in today's digital world. For example, attack
categories such as DOS, U2R, Probe, and R2L are becoming the most considerable threats in
computer network technology, particularly on internet networks. Nowadays there are different
plenty of signature-based tools and technologies that have been developed to secure networks.
But these tools and technologies are unable to detect novel attacks. Deep learning is a very
common recent technology that is used in anomaly-based network intrusion detection systems.
However, the attackers have advanced their strategy to penetrate a network and attack at any
situation. As a result, different models have been established for network intrusion detection
systems, but still, the challenge occurs to identify an appropriate and the most suitable deep
learning model that can use and manipulate as reliable network intrusion detection system that
capable of increasing detection accuracy rate and reducing the error rate. The purpose of this
thesis work is to contribute its part by identifying the most appropriate deep learning algorithm
through the computational process. To implement this algorithm comparison; datasets are
required. The dataset used for this thesis work is the NSL-KDD dataset which is a real network
traffic dataset prepared by the MIT Lincoln laboratory group. We have used 80% for training and
20% testing. After having different experiments on the selected datasets the comparison result
showed us the LSTM deep learning model achieved about ninety-nine percent out of hundred
percent (99.4%) accuracy. On the other hand, rule-of thump techniques used to determine the
number of hidden layers and hidden neuron while we design deep neural network model, and
MinMaxScaler function to rescale the preprocessed data all feature values in the range between
[0, 1] has a great impact on the improvement of the detection accuracy. In this study, the main
technique used to improve the NIDS detection accuracy performance is applying the
MinMaxScaler normalization technique. The proposed system is evaluated by accuracy,
precision, recall, and F1-score measurement metrics. Based on this metric LSTM DNN model is
proposed for classifying the normal and attack network traffic data depending on the training
knowledge in the training phase.