Abstract:
The desire for more efficient and flexible Network Intrusion Detection Systems (NIDSs) has escalated due to the growing complexity and frequency of network-based intrusions. Most signature-based classical detection methods can solely recognize known malicious threats and are incapable of mitigating new and continuously emerging threats. The integration work is a new model proposed to refine the precision of the detection system and at the same time makes it more robust based on deep learning and machine learning. In this papers, we investigate several established machine learning algorithms such as SVM, RF and XGBoost for the proposed task. Furthermore, we compare deep learning methods such as Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) networks. Multiple models will be trained and tested on the UNSW-NB15 dataset. The dataset’s rich network traffic and attack family features lend themselves well to running large-scale performance experiments of our system. The experimental hybrid model obtained the testing accuracy of 98.99% by leveraging the advantage of ensemble learning and deep learning at last. Our hybrid approach performed considerably better than both individual models in both unique and zero-day attacks. This work presents several promising new attributes such as network traffic profile based: byte ratio, packet ratio and protocol type.This work demonstrates that combination between deep learning and machine learning methods for intrusion detection provides a better model, Adaptation properties of the Deep Learning Neural Network over the Machine Learning lead to overcome the disadvantage when we are using the single model. The experimental results demonstrate that the hybrid model achieves better detection performance for different types of network attacks, what suggesting a solid base for further study in the field of cyber security.
