Intrusion detection system using deep learning for cybersecurity enhancement

Abstract

The growth of the Internet allowed attacks not to increase only in numbers but also in diversity. Cybersecurity specialists in this field focus on designing an effective intrusion detection system (IDS) to minimize false alarm rates and detect known and unknown threats to networks. Intrusion detection systems take up a large space in the field of network security, where new methods continue to emerge regarding the intrusion detection process. The latest methods came up with the emergence of deep learning. A neural network, the fundamental component of deep learning, can imitate the human brain to perform analytical learning by learning and training. In intrusion detection systems, neural networks can be trained to detect malicious traffic patterns in a given environment. This research is carried out to develop an intrusion detection system using Convolutional Neural Network (CNN) and Long-Short Term Memory (LSTM) to detect and classify intrusions in networks automatically. The optimum CNN-LSTM structure was based on three layers, where all layers have a CNN layer, followed by max-pooling, batch normalization, LSTM, and finally dropout layer. The final layer is connected to a fully connected layer (FC) with a SoftMax unit to perform classification. Preprocessing steps are implemented to prepare the dataset before training the model. The model was trained on three recent binary and multiclass classification datasets, including CIC-IDS, UNSW-NB, and WSN-DS. The confusion matrix determines the system's effectiveness, which contains assessment criteria such as accuracy, precision, detection rate, F1-score, and false alarm rate (FAR). Experimental results demonstrated the proposed model's effectiveness. The CIC-IDS2017 dataset achieved the highest accuracies of 99.64 % and 99.60 %, respectively, and the highest detection rate of 99.70 % and 99.95 %, with the lowest false alarm rate of 0.10 % and 0.12 % when evaluated on binary and multiclass classification. The highest detection rates achieved on the UNSW-NB15 dataset were 94.53 % and 82.51 %, and the accuracies at ???? = 8 were 93.78 % and 81.83 %, respectively. The false alarm rates on binary and multiclass classification were 6 % and 2.3 %. At ???? = 10, the binary WSN-DS dataset achieved the highest accuracy, detection rate, and false alarm rate of 99.67 %, 98.14 %, and 0.18 %, respectively. At ???? = 8, multiclass classification achieved the highest detection rate of 98.83 %, while accuracy and false alarm rate were 98.35 % and 0.80 %, respectively. Finally, the model has been benchmarked with other deep learning models using similar datasets, and the results of our model outperformed benchmarked studies.