[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content
Log in

BLoCNet: a hybrid, dataset-independent intrusion detection system using deep learning

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Intrusion detection systems (IDS) identify cyber attacks given a sample of network traffic collected from real-world computer networks. As a powerful classification tool, deep learning (DL) models have been used as IDSs. Although most models achieve high accuracy, they may not always detect underrepresented attacks. Also, their accuracy depends on the dataset, its features, and the proportion of samples. This paper proposes BLoCNet, a hybrid DL model that combines convolutional neural network (CNN) and bidirectional long short-term memory (BLSTM) layers. CNN allows the IDS to recognize patterns in the features of the network data in a fast computation time. The results are sent to two BLSTM layers, which capitalize on the forward and backward propagation of data to identify malicious traffic. BLoCNet was evaluated against four datasets, and its results compared with five DL models and seven related studies. BLoCNet had a higher attack detection rate for CIC-IDS2017, IoT-23 and UNSW-NB15 than the five DL models. For CIC-IDS2017 and IoT-23 datasets, BLoCNet had an accuracy of 98% and 99%, which is similar performance as related studies, albeit not an exact comparison due to different sampling approaches. For the original UNSW-NB15 dataset, BLoCNet had an accuracy of 76.34% vs. 75.56% of related work. These results demonstrate that BLoCNet performed well across various datasets and confirms that its hybrid model provides good detection results.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data Availability

All data generated or analyzed during this study are included in this published article. The datasets used in this study are publicly available and links to them can be found in the references section of this article.

References

  1. Aarthi, B., Shafana J.N., Flavia, J., Chelliah, B.J.: A hybrid multiclass classifier approach for the detection of malicious domain names using RNN model. In: Smys, S., Tavares, J.M.R.S., Balas, V.E. (eds.) Computational Vision and Bio-Inspired Computing (Singapore), pp. 471–482. Singapore (2022). https://doi.org/10.1007/978-981-16-9573-5_35

  2. Abdalgawad, N., Sajun, A., Kaddoura, Y., Zualkernan, I.A., Aloul, F.: Generative deep learning to detect cyberattacks for the IoT-23 dataset. IEEE Access 10, 6430–6441 (2022)

    Article  Google Scholar 

  3. Allyn, B.: 22 texas towns hit with ransomware attack in ‘new front’ of cyberassault (2019). https://www.npr.org/2019/08/20/752695554/23-texas-towns-hit-with-ransomware-attack-in-new-front-of-cyberassault

  4. Altini, M.: Dealing with imbalanced data: undersampling, oversampling, and proper cross-validation (2015). https://www.marcoaltini.com/blog/dealing-with-imbalanced-data-undersampling-oversampling-and-proper-cross-validation

  5. Berman, D.S., Buczak, A.L., Chavis, J.S., Corbett, C.L.: A survey of deep learning methods for cyber security. Information 10(4) (2019). https://www.mdpi.com/2078-2489/10/4/122

  6. Chollet, F.: Deep Learning with Python. Manning Publishing Company, Shelter Island (2018)

    Google Scholar 

  7. Dixit, P., Silakari, S.: Deep learning algorithms for cybersecurity applications: a technological and status review. Comput. Sci. Rev. 39, 100317 (2021)

    Article  MathSciNet  Google Scholar 

  8. Dutta, V., Choraś, M., Pawlicki, M., Kozik, R.: A deep learning ensemble for network anomaly and cyber-attack detection. Sensors 20(16), 4583 (2020). https://doi.org/10.3390/s20164583

    Article  Google Scholar 

  9. Elsayed, M.S., Le-Khac, N.-A., Dev, S., Jurcut, A.D.: DDoSNet: a deep-learning model for detecting network attacks, pp. 391–396 (2020). https://doi.org/10.1109/WoWMoM49955.2020.00072

  10. Elsayed, N., Zaghloul, Z.S., Azumah, S.W., Li, C.: Intrusion detection system in smart home network using bidirectional LSTM and convolutional neural networks hybrid model. In: 2021 IEEE International Midwest Symposium on Circuits and Systems (MWSCAS), pp. 55–58 (2021). https://doi.org/10.1109/MWSCAS47672.2021.9531683

  11. Fang, Y., Zhang, C., Huang, C., Liu, L., Yand, Y.: Phishing email detection using improved RCNN model with multilevel vectors and attention mechanism. IEEE Access 7, 56329–56340 (2019). https://doi.org/10.1109/ACCESS.2019.2913705

    Article  Google Scholar 

  12. Ferrag, M.A., Maglaras, L., Moschoyiannis, S., Janicke, H.: Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J. Inf. Secur. Appl. 50, 102419 (2020)

    Google Scholar 

  13. Fu, Y., Du, Y., Cao, Z., Li, Q., Xiang, W.: A deep learning model for network intrusion detection with imbalanced data. Electronics 11(6), 898 (2022). https://doi.org/10.3390/electronics11060898

    Article  Google Scholar 

  14. Haghighat, M.H., Li, J.: Intrusion detection system using voting-based neural network. Tsinghua Sci. Technol. 26(4), 484–495 (2021). https://doi.org/10.26599/TST.2020.9010022

    Article  Google Scholar 

  15. Hill, M., Swinhoe, D.: The 15 biggest data breaches of the 21st century (2021). https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html

  16. Ho, S., Jufout, S.A., Dajani, K., Mozumdar, M.: A novel intrusion detection model for detecting known and innovative cyberattacks using convolutional neural network. IEEE Open J. Comput. Soc. 2, 14–25 (2021)

    Article  Google Scholar 

  17. Huan, R., Zhan, Z., Ge, L., Chi, K., Chen, P., Liang, R.: Design and development of a deep learning-based model for anomaly detection in IoT networks. Multimedia Tools Appl. 80, 36159–36182 (2021). https://doi.org/10.1007/s11042-021-11363-4

    Article  Google Scholar 

  18. Indre, I., Lemnaru, C.: Detection and prevention system against cyber attacks and botnet malware for information systems and internet of things, pp. 175–182 (2016). https://doi.org/10.1109/ICCP.2016.7737142

  19. Jiang, K., Wang, W., Aili, W., Haibin, W.: Network intrusion detection combined hybrid sampling with deep hierarchical network. IEEE Access 8, 32464–32476 (2020). https://doi.org/10.1109/ACCESS.2020.2973730

    Article  Google Scholar 

  20. Kang, H., Ahn, D.H., Lee, G.M., Yoo, J.D., Park, K.H., Kim, H.K.: Iot network intrusion dataset (2019). https://doi.org/10.21227/q70p-q449

  21. Khan, R.U., Zhang, X., Alazab, M., Kumar, R.: An improved convolutional neural network model for intrusion detection in networks, pp. 74–77 (2019). https://doi.org/10.1109/CCC.2019.000-6

  22. Kim, K., Aminanto, M.E., Tanuwidjaja, H.C.: Network intrusion detection using deep learning. Spring Briefs on Cyber Security Systems and Networks (2018)

  23. Kim, M.: Early network attack identification, Ph.D. thesis, p. 67 (2021). https://www.proquest.com/dissertations-theses/early-network-attack-identification/docview/2533142789/se-2

  24. Kocher, G., Kumar, G.: A hybrid deep learning approach for effective intrusion detection systems using spatial-temporal features. Adv. Eng. Sci. 54(2), 1503–1519 (2022)

    Google Scholar 

  25. Kocher, G., Kumar, G.: Machine learning and deep learning methods for intrusion detection systems: recent developments and challenges. Soft. Comput. 25(15), 9731–9763 (2021)

    Article  Google Scholar 

  26. Koroniotis, N., Moustafa, N., Sitnikova, E., Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Futur. Gener. Comput. Syst. 100, 779–796 (2019)

    Article  Google Scholar 

  27. Kovacs, G.: An empirical comparison and evaluation of minority oversampling techniques on a large number of imbalanced datasets. Appl. Soft Comput. (2019). https://doi.org/10.1016/j.asoc.2019.105662

    Article  Google Scholar 

  28. Kumar, G.: An improved ensemble approach for effective intrusion detection. J. Supercomput. 76(1), 275–291 (2020)

    Article  Google Scholar 

  29. Kumar, G., Thakur, K., Ayyagari, M.R.: Mlesidss: machine learning-based ensembles for intrusion detection systems—a review. J. Supercomput. 76(11), 8938–8971 (2020)

    Article  Google Scholar 

  30. Lai, S., Xu, L., Liu, K., Zhao, J.: Recurrent convolutional neural networks for text classification. In: 29th AAAI Conference on Artificial Intelligence, vol 29, no. 3. (2015). https://doi.org/10.1609/aaai.v29i1.9513

  31. Liu, C., Zhaojun, G., Wang, J.: A hybrid intrusion detection system based on scalable k-means + random forest and deep learning. IEEE Access 9, 75729–75740 (2021). https://doi.org/10.1109/ACCESS.2021.3082147

    Article  Google Scholar 

  32. Liu, L., Wang, P., Lin, J., Liu, L.: Intrusion detection of imbalanced network traffic based on machine learning and deep learning. IEEE Access 9, 7550–7563 (2021). https://doi.org/10.1109/ACCESS.2020.3048198

    Article  Google Scholar 

  33. Liu, X., Liu, J.: Malicious traffic detection combined deep neural network with hierarchical attention mechanism. Sci. Rep. 11, 12363 (2021). https://doi.org/10.1038/s41598-021-91805-z

    Article  Google Scholar 

  34. Mahapatra, S.: Why deep learning over traditional machine learning (2018). https://towardsdatascience.com/why-deep-learning-is-needed-over-traditional-machine-learning-1b6a99177063

  35. McMillen, D.: Internet of threats: Iot botnets drive surge in network attacks (2021). https://securityintelligence.com/posts/internet-of-threats-iot-botnets-network-attacks/

  36. McMillen, D., Gao, W., DeBeck, C.: A new botnet attack just mozied into town, 17 September (2020). https://securityintelligence.com/posts/botnet-attack-mozi-mozied-into-town/

  37. Moustafa, N., Slay, J.: Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set), 2015 Military Communications and Information Systems Conference (MilCIS), 1–6 (2015)

  38. Oha, C.V., Farouk, F.S., Patel, P.P., Meka, P., Nekkanti, S., Nayini, B., Carvalho, S.X., Desai, N., Patel, M., Butakov, S.: Machine learning models for malicious traffic detection in IoT networks /IoT-23 dataset/. In: Renault, É., Boumerdassi, S., Mühlethaler, P. (eds.) Machine Learning for Networking (Cham), pp. 69–84. Springer, New York (2022). https://doi.org/10.1007/978-3-030-98978-1_5

    Chapter  Google Scholar 

  39. Ontario Tech University: Iot intrusion detection datasets (2021). https://sites.google.com/view/iotdataset1

  40. Passricha, V., Aggarwal, R.K.: A hybrid of deep CNN and bidirectional LSTM for automatic speech recognition. J. Intell. Syst. (2019). https://doi.org/10.1515/jisys-2018-0372

    Article  Google Scholar 

  41. Rattan, V., Mittal, R., Singh, J., Malik, V.: Analyzing the application of smote on machine learning classifiers. In: 2021 International Conference on Emerging Smart Computing and Informatics (ESCI), 9 April, pp. 692–695 (2021). https://doi.org/10.1109/ESCI50559.2021.9396962

  42. Rebala, G.: Ravi, A, Churiwala, S: An introducation to machine learning. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15729-6

    Book  Google Scholar 

  43. Satter, R.: Up to 1,500 business affected by ransomware attack (2021). https://www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/

  44. Sharafaldin, I., Lashkari, A.H., Hakak, S., Ghorbani, A.A.: Developing realistic distributed denial of service (ddos) attack dataset and taxonomy, pp. 1–8 (2019). https://ieeexplore.ieee.org/document/8888419

  45. Tongtong, S., Sun, H., Zhu, J., Wang, S., Li, Y.: BAT: deep learning methods on network intrusion detection using NSL-KDD dataset. IEEE Access 8, 29575–29585 (2020). https://doi.org/10.1109/ACCESS.2020.2972627

    Article  Google Scholar 

  46. Tait, K.-A., Khan, J.S., Alqahtani, F., Shah, A.A., Khan, F.A., Ur Rehman, M., Boulila, W., Ahmad, J.: Intrusion detection using machine learning techniques: an experimental comparison. In: 2021 International Congress of Advanced Technology and Engineering (ICOTEN), pp. 1–10 (2021). https://doi.org/10.1109/ICOTEN52080.2021.9493543

  47. Thakur, K., Kumar, G.: Nature inspired techniques and applications in intrusion detection systems: recent progress and updated perspective. Arch. Comput. Methods Eng. 28(4), 2897–2919 (2021)

    Article  MathSciNet  Google Scholar 

  48. Turton, W., Mehrotra, K.: Hackers breached colonial pipeline using compromised password, 4 June, (2021). https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password

  49. Ullah, I., Mahmoud, Q.: An anomaly detection model for IoT networks based on flow and flag features using a feed-forward neural network. In: 2022 IEEE 19th Annual Consumer Communications and Networking Conference (CCNC), pp. 363–368 (2022)

  50. Ullah, I., Mahmoud, Q.H.: Design and development of a deep learning-based model for anomaly detection in IoT networks. IEEE Access 9, 103906–103926 (2021). https://doi.org/10.1109/ACCESS.2021.3094024

    Article  Google Scholar 

  51. University of New Brunswick: Cicflowmeter (2017). https://www.unb.ca/cic/research/applications.html

  52. University of New Brunswick (UNB): Intrusion detection evaluation dataset (cic-ids2017) (2017). https://www.unb.ca/cic/datasets/ids-2017.html

  53. Velazco, C., Lerman, R.: Shut down everything: global ransomware attack takes a small maryland town offline (2021). https://www.washingtonpost.com/technology/2021/07/08/kaseya-ransomware-attack-leonardtown-maryland/

  54. Wu, K., Chen, Z., Li, W.: A novel intrusion detection model for a massive network using convolutional neural networks. IEEE Access 6, 50850–50859 (2018). https://doi.org/10.1109/ACCESS.2018.2868993

    Article  Google Scholar 

  55. Xin, Y., Kong, L., Liu, Z., Chen, Y., Li, Y., Zhu, H., Gao, M., Hou, H., Wang, C.: Machine learning and deep learning methods for cybersecurity. IEEE Access 6, 35365–35381 (2018). https://doi.org/10.1109/ACCESS.2018.2836950

  56. Zhang, Y., Chen, X., Guo, D., Song, M., Teng, Y., Wang, X.: PCCN: parallel cross convolutional neural network for abnormal network traffic flows detection in multi-class imbalanced network traffic flows. IEEE Access 7, 119904–119916 (2019). https://doi.org/10.1109/ACCESS.2019.2933165

Download references

Acknowledgements

This research was supported in part by the Air Force Research Laboratory (AFRL) and Department of Homeland Security (DHS) Science and Technology (S &T) Directorate under award FA8750-19-C-0077. Portions of this research were conducted with the advanced computing resources provided by Texas A &M High Performance Research Computing.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ana Goulart.

Ethics declarations

Conflict interests

The authors declare that they have no conflict of interest.

Human and animals participants

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix A: Detailed performance metrics

Appendix A: Detailed performance metrics

Tables 19, 20, and 21 provide detailed performance results using BLoCNet and other DL models for each class of attack for the CIC-IDS2017, IoT-23, and Bot-IoT datasets, respectively.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bowen, B., Chennamaneni, A., Goulart, A. et al. BLoCNet: a hybrid, dataset-independent intrusion detection system using deep learning. Int. J. Inf. Secur. 22, 893–917 (2023). https://doi.org/10.1007/s10207-023-00663-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-023-00663-5

Keywords

Navigation