Abstract
Intrusion detection systems (IDS) identify cyber attacks given a sample of network traffic collected from real-world computer networks. As a powerful classification tool, deep learning (DL) models have been used as IDSs. Although most models achieve high accuracy, they may not always detect underrepresented attacks. Also, their accuracy depends on the dataset, its features, and the proportion of samples. This paper proposes BLoCNet, a hybrid DL model that combines convolutional neural network (CNN) and bidirectional long short-term memory (BLSTM) layers. CNN allows the IDS to recognize patterns in the features of the network data in a fast computation time. The results are sent to two BLSTM layers, which capitalize on the forward and backward propagation of data to identify malicious traffic. BLoCNet was evaluated against four datasets, and its results compared with five DL models and seven related studies. BLoCNet had a higher attack detection rate for CIC-IDS2017, IoT-23 and UNSW-NB15 than the five DL models. For CIC-IDS2017 and IoT-23 datasets, BLoCNet had an accuracy of 98% and 99%, which is similar performance as related studies, albeit not an exact comparison due to different sampling approaches. For the original UNSW-NB15 dataset, BLoCNet had an accuracy of 76.34% vs. 75.56% of related work. These results demonstrate that BLoCNet performed well across various datasets and confirms that its hybrid model provides good detection results.
Similar content being viewed by others
Data Availability
All data generated or analyzed during this study are included in this published article. The datasets used in this study are publicly available and links to them can be found in the references section of this article.
References
Aarthi, B., Shafana J.N., Flavia, J., Chelliah, B.J.: A hybrid multiclass classifier approach for the detection of malicious domain names using RNN model. In: Smys, S., Tavares, J.M.R.S., Balas, V.E. (eds.) Computational Vision and Bio-Inspired Computing (Singapore), pp. 471–482. Singapore (2022). https://doi.org/10.1007/978-981-16-9573-5_35
Abdalgawad, N., Sajun, A., Kaddoura, Y., Zualkernan, I.A., Aloul, F.: Generative deep learning to detect cyberattacks for the IoT-23 dataset. IEEE Access 10, 6430–6441 (2022)
Allyn, B.: 22 texas towns hit with ransomware attack in ‘new front’ of cyberassault (2019). https://www.npr.org/2019/08/20/752695554/23-texas-towns-hit-with-ransomware-attack-in-new-front-of-cyberassault
Altini, M.: Dealing with imbalanced data: undersampling, oversampling, and proper cross-validation (2015). https://www.marcoaltini.com/blog/dealing-with-imbalanced-data-undersampling-oversampling-and-proper-cross-validation
Berman, D.S., Buczak, A.L., Chavis, J.S., Corbett, C.L.: A survey of deep learning methods for cyber security. Information 10(4) (2019). https://www.mdpi.com/2078-2489/10/4/122
Chollet, F.: Deep Learning with Python. Manning Publishing Company, Shelter Island (2018)
Dixit, P., Silakari, S.: Deep learning algorithms for cybersecurity applications: a technological and status review. Comput. Sci. Rev. 39, 100317 (2021)
Dutta, V., Choraś, M., Pawlicki, M., Kozik, R.: A deep learning ensemble for network anomaly and cyber-attack detection. Sensors 20(16), 4583 (2020). https://doi.org/10.3390/s20164583
Elsayed, M.S., Le-Khac, N.-A., Dev, S., Jurcut, A.D.: DDoSNet: a deep-learning model for detecting network attacks, pp. 391–396 (2020). https://doi.org/10.1109/WoWMoM49955.2020.00072
Elsayed, N., Zaghloul, Z.S., Azumah, S.W., Li, C.: Intrusion detection system in smart home network using bidirectional LSTM and convolutional neural networks hybrid model. In: 2021 IEEE International Midwest Symposium on Circuits and Systems (MWSCAS), pp. 55–58 (2021). https://doi.org/10.1109/MWSCAS47672.2021.9531683
Fang, Y., Zhang, C., Huang, C., Liu, L., Yand, Y.: Phishing email detection using improved RCNN model with multilevel vectors and attention mechanism. IEEE Access 7, 56329–56340 (2019). https://doi.org/10.1109/ACCESS.2019.2913705
Ferrag, M.A., Maglaras, L., Moschoyiannis, S., Janicke, H.: Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J. Inf. Secur. Appl. 50, 102419 (2020)
Fu, Y., Du, Y., Cao, Z., Li, Q., Xiang, W.: A deep learning model for network intrusion detection with imbalanced data. Electronics 11(6), 898 (2022). https://doi.org/10.3390/electronics11060898
Haghighat, M.H., Li, J.: Intrusion detection system using voting-based neural network. Tsinghua Sci. Technol. 26(4), 484–495 (2021). https://doi.org/10.26599/TST.2020.9010022
Hill, M., Swinhoe, D.: The 15 biggest data breaches of the 21st century (2021). https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
Ho, S., Jufout, S.A., Dajani, K., Mozumdar, M.: A novel intrusion detection model for detecting known and innovative cyberattacks using convolutional neural network. IEEE Open J. Comput. Soc. 2, 14–25 (2021)
Huan, R., Zhan, Z., Ge, L., Chi, K., Chen, P., Liang, R.: Design and development of a deep learning-based model for anomaly detection in IoT networks. Multimedia Tools Appl. 80, 36159–36182 (2021). https://doi.org/10.1007/s11042-021-11363-4
Indre, I., Lemnaru, C.: Detection and prevention system against cyber attacks and botnet malware for information systems and internet of things, pp. 175–182 (2016). https://doi.org/10.1109/ICCP.2016.7737142
Jiang, K., Wang, W., Aili, W., Haibin, W.: Network intrusion detection combined hybrid sampling with deep hierarchical network. IEEE Access 8, 32464–32476 (2020). https://doi.org/10.1109/ACCESS.2020.2973730
Kang, H., Ahn, D.H., Lee, G.M., Yoo, J.D., Park, K.H., Kim, H.K.: Iot network intrusion dataset (2019). https://doi.org/10.21227/q70p-q449
Khan, R.U., Zhang, X., Alazab, M., Kumar, R.: An improved convolutional neural network model for intrusion detection in networks, pp. 74–77 (2019). https://doi.org/10.1109/CCC.2019.000-6
Kim, K., Aminanto, M.E., Tanuwidjaja, H.C.: Network intrusion detection using deep learning. Spring Briefs on Cyber Security Systems and Networks (2018)
Kim, M.: Early network attack identification, Ph.D. thesis, p. 67 (2021). https://www.proquest.com/dissertations-theses/early-network-attack-identification/docview/2533142789/se-2
Kocher, G., Kumar, G.: A hybrid deep learning approach for effective intrusion detection systems using spatial-temporal features. Adv. Eng. Sci. 54(2), 1503–1519 (2022)
Kocher, G., Kumar, G.: Machine learning and deep learning methods for intrusion detection systems: recent developments and challenges. Soft. Comput. 25(15), 9731–9763 (2021)
Koroniotis, N., Moustafa, N., Sitnikova, E., Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Futur. Gener. Comput. Syst. 100, 779–796 (2019)
Kovacs, G.: An empirical comparison and evaluation of minority oversampling techniques on a large number of imbalanced datasets. Appl. Soft Comput. (2019). https://doi.org/10.1016/j.asoc.2019.105662
Kumar, G.: An improved ensemble approach for effective intrusion detection. J. Supercomput. 76(1), 275–291 (2020)
Kumar, G., Thakur, K., Ayyagari, M.R.: Mlesidss: machine learning-based ensembles for intrusion detection systems—a review. J. Supercomput. 76(11), 8938–8971 (2020)
Lai, S., Xu, L., Liu, K., Zhao, J.: Recurrent convolutional neural networks for text classification. In: 29th AAAI Conference on Artificial Intelligence, vol 29, no. 3. (2015). https://doi.org/10.1609/aaai.v29i1.9513
Liu, C., Zhaojun, G., Wang, J.: A hybrid intrusion detection system based on scalable k-means + random forest and deep learning. IEEE Access 9, 75729–75740 (2021). https://doi.org/10.1109/ACCESS.2021.3082147
Liu, L., Wang, P., Lin, J., Liu, L.: Intrusion detection of imbalanced network traffic based on machine learning and deep learning. IEEE Access 9, 7550–7563 (2021). https://doi.org/10.1109/ACCESS.2020.3048198
Liu, X., Liu, J.: Malicious traffic detection combined deep neural network with hierarchical attention mechanism. Sci. Rep. 11, 12363 (2021). https://doi.org/10.1038/s41598-021-91805-z
Mahapatra, S.: Why deep learning over traditional machine learning (2018). https://towardsdatascience.com/why-deep-learning-is-needed-over-traditional-machine-learning-1b6a99177063
McMillen, D.: Internet of threats: Iot botnets drive surge in network attacks (2021). https://securityintelligence.com/posts/internet-of-threats-iot-botnets-network-attacks/
McMillen, D., Gao, W., DeBeck, C.: A new botnet attack just mozied into town, 17 September (2020). https://securityintelligence.com/posts/botnet-attack-mozi-mozied-into-town/
Moustafa, N., Slay, J.: Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set), 2015 Military Communications and Information Systems Conference (MilCIS), 1–6 (2015)
Oha, C.V., Farouk, F.S., Patel, P.P., Meka, P., Nekkanti, S., Nayini, B., Carvalho, S.X., Desai, N., Patel, M., Butakov, S.: Machine learning models for malicious traffic detection in IoT networks /IoT-23 dataset/. In: Renault, É., Boumerdassi, S., Mühlethaler, P. (eds.) Machine Learning for Networking (Cham), pp. 69–84. Springer, New York (2022). https://doi.org/10.1007/978-3-030-98978-1_5
Ontario Tech University: Iot intrusion detection datasets (2021). https://sites.google.com/view/iotdataset1
Passricha, V., Aggarwal, R.K.: A hybrid of deep CNN and bidirectional LSTM for automatic speech recognition. J. Intell. Syst. (2019). https://doi.org/10.1515/jisys-2018-0372
Rattan, V., Mittal, R., Singh, J., Malik, V.: Analyzing the application of smote on machine learning classifiers. In: 2021 International Conference on Emerging Smart Computing and Informatics (ESCI), 9 April, pp. 692–695 (2021). https://doi.org/10.1109/ESCI50559.2021.9396962
Rebala, G.: Ravi, A, Churiwala, S: An introducation to machine learning. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15729-6
Satter, R.: Up to 1,500 business affected by ransomware attack (2021). https://www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/
Sharafaldin, I., Lashkari, A.H., Hakak, S., Ghorbani, A.A.: Developing realistic distributed denial of service (ddos) attack dataset and taxonomy, pp. 1–8 (2019). https://ieeexplore.ieee.org/document/8888419
Tongtong, S., Sun, H., Zhu, J., Wang, S., Li, Y.: BAT: deep learning methods on network intrusion detection using NSL-KDD dataset. IEEE Access 8, 29575–29585 (2020). https://doi.org/10.1109/ACCESS.2020.2972627
Tait, K.-A., Khan, J.S., Alqahtani, F., Shah, A.A., Khan, F.A., Ur Rehman, M., Boulila, W., Ahmad, J.: Intrusion detection using machine learning techniques: an experimental comparison. In: 2021 International Congress of Advanced Technology and Engineering (ICOTEN), pp. 1–10 (2021). https://doi.org/10.1109/ICOTEN52080.2021.9493543
Thakur, K., Kumar, G.: Nature inspired techniques and applications in intrusion detection systems: recent progress and updated perspective. Arch. Comput. Methods Eng. 28(4), 2897–2919 (2021)
Turton, W., Mehrotra, K.: Hackers breached colonial pipeline using compromised password, 4 June, (2021). https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
Ullah, I., Mahmoud, Q.: An anomaly detection model for IoT networks based on flow and flag features using a feed-forward neural network. In: 2022 IEEE 19th Annual Consumer Communications and Networking Conference (CCNC), pp. 363–368 (2022)
Ullah, I., Mahmoud, Q.H.: Design and development of a deep learning-based model for anomaly detection in IoT networks. IEEE Access 9, 103906–103926 (2021). https://doi.org/10.1109/ACCESS.2021.3094024
University of New Brunswick: Cicflowmeter (2017). https://www.unb.ca/cic/research/applications.html
University of New Brunswick (UNB): Intrusion detection evaluation dataset (cic-ids2017) (2017). https://www.unb.ca/cic/datasets/ids-2017.html
Velazco, C., Lerman, R.: Shut down everything: global ransomware attack takes a small maryland town offline (2021). https://www.washingtonpost.com/technology/2021/07/08/kaseya-ransomware-attack-leonardtown-maryland/
Wu, K., Chen, Z., Li, W.: A novel intrusion detection model for a massive network using convolutional neural networks. IEEE Access 6, 50850–50859 (2018). https://doi.org/10.1109/ACCESS.2018.2868993
Xin, Y., Kong, L., Liu, Z., Chen, Y., Li, Y., Zhu, H., Gao, M., Hou, H., Wang, C.: Machine learning and deep learning methods for cybersecurity. IEEE Access 6, 35365–35381 (2018). https://doi.org/10.1109/ACCESS.2018.2836950
Zhang, Y., Chen, X., Guo, D., Song, M., Teng, Y., Wang, X.: PCCN: parallel cross convolutional neural network for abnormal network traffic flows detection in multi-class imbalanced network traffic flows. IEEE Access 7, 119904–119916 (2019). https://doi.org/10.1109/ACCESS.2019.2933165
Acknowledgements
This research was supported in part by the Air Force Research Laboratory (AFRL) and Department of Homeland Security (DHS) Science and Technology (S &T) Directorate under award FA8750-19-C-0077. Portions of this research were conducted with the advanced computing resources provided by Texas A &M High Performance Research Computing.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict interests
The authors declare that they have no conflict of interest.
Human and animals participants
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Bowen, B., Chennamaneni, A., Goulart, A. et al. BLoCNet: a hybrid, dataset-independent intrusion detection system using deep learning. Int. J. Inf. Secur. 22, 893–917 (2023). https://doi.org/10.1007/s10207-023-00663-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-023-00663-5