Flow-Based Anomaly Intrusion Detection System Using Machine Learning Techniques

Abstract

Cyber-attack increases from time to time. Personal and organization data and various resources found on the network are vulnerable to malicious attacks. An intrusion detection system plays a very important role in protecting computer network security. Various machine learning algorithms have been implemented in network intrusion detection systems. However, these machine algorithms require a long training time, have high computational complexity, have a high false positive rate, and low accuracy. Also, the current intrusion detection system suffers from the rate of new cyber-attack exponentially increased, the speed of network lines growth, high dimension network traffic flow which is difficult to monitor, analyze, identify and detect the attack. To overcome the problem mentioned above flow-based anomaly intrusion detection proposed. Flow-based anomaly intrusion detection system uses the information of network interaction, not payload to detect known, unforeseen and unpredictable cyber-attacks. The unsupervised deep learning algorithm, Denoising Autoencoder used to develop flexible and effective intrusion detection systems. CICIDS2017 data set used. CICIDS2017 dataset consists of 85 features, over 3 million records and all features tell the information of network interaction. Dataset is divided into three, that is training dataset, validation dataset, and test dataset. Denoising Autoencoder train on training dataset and develop model, tune parameters to find optimal hyperparameters on validation dataset and performance of the model was evaluated using the test dataset. Any deviation from the built model is considered an attack. The model learned the abstract and high dimensional feature representation of the CICIDS2017 by passing them into hidden layers. The experimental results show that the performance of the proposed flow-based anomaly intrusion detection system model is significantly better than other network intrusion detection models, which achieved the best detection accuracy 99.98%, ROC 99.98%, short training time, low model loss, low reconstruction error, low false-positive rate, and low overfitting. Through rigorous experimental testing, it is confirmed that the flow-based anomaly intrusion detection system performs well in comparison to the previous studies