The importance of time: modelling network intrusions with long short-term memory recurrent neural networks
Loading...
Date
2024
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of the Western Cape
Abstract
We claim that modelling network traffic as a time series with a supervised learning approach, using known genuine and malicious behaviour, improves intrusion detection. To substantiate this, we trained long short-term memory (LSTM) recurrent neural networks with the training data provided by the DARPA KDD Cup 99 challenge. After preprocessing all frature, to improve information gain. we applied a number of intuitive steps to extract salient features,which resulted in the creation of a number of minimal fcature sets that could be used for detecting attack classes. The preprocessed KDD Cup 99 data was then used to test the performance of five very common and well-known classifiers. Decision trees. naive Bayes, Bayesian networks, feed forward neural network and support vector machines. Our results show a performance comparable to the winning entries of the KDD Cup 99 challengc. Finally, we applied the LSTM recurrent neural network classifier to the preprocessed data using the minimal feature sets. Our results show that the LSTM classifier provides superior performance in comparison to other strong static classifiers t rained. This is due to the fact that, LSTM learns to look back in time and correlate constructive collection records. For the' first time ever, we have demonstrated the usefulness of LSTM networks to intrusion detection.
Description
Keywords
Network intrusion detection, Machine learning, Time series, Feature extraction, Decision trees
Citation
N/A