A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network
With the rapid advancements of ubiquitous information and communication technologies, a large number of trustworthy online systems and services have been deployed. However, cybersecurity threats are still mounting. An intrusion detection (ID) system can play a significant role in detecting such secu...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2019-04-01
|
Series: | Symmetry |
Subjects: | |
Online Access: | https://www.mdpi.com/2073-8994/11/4/583 |
id |
doaj-08bd9508df6c451fa362155ac8c4d6da |
---|---|
record_format |
Article |
spelling |
doaj-08bd9508df6c451fa362155ac8c4d6da2020-11-24T21:49:08ZengMDPI AGSymmetry2073-89942019-04-0111458310.3390/sym11040583sym11040583A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM NetworkMuhammad Ashfaq Khan0Md. Rezaul Karim1Yangwoo Kim2Department of Information and Communication Engineering, Dongguk University, 30-Pildong-ro 1-gil, Jung-gu, Seoul 100-715, KoreaFraunhofer Institute for Applied Information Technology FIT, 53754 Sankt Augustin, GermanyDepartment of Information and Communication Engineering, Dongguk University, 30-Pildong-ro 1-gil, Jung-gu, Seoul 100-715, KoreaWith the rapid advancements of ubiquitous information and communication technologies, a large number of trustworthy online systems and services have been deployed. However, cybersecurity threats are still mounting. An intrusion detection (ID) system can play a significant role in detecting such security threats. Thus, developing an intelligent and accurate ID system is a non-trivial research problem. Existing ID systems that are typically used in traditional network intrusion detection system often fail and cannot detect many known and new security threats, largely because those approaches are based on classical machine learning methods that provide less focus on accurate feature selection and classification. Consequently, many known signatures from the attack traffic remain unidentifiable and become latent. Furthermore, since a massive network infrastructure can produce large-scale data, these approaches often fail to handle them flexibly, hence are not scalable. To address these issues and improve the accuracy and scalability, we propose a scalable and hybrid IDS, which is based on Spark ML and the convolutional-LSTM (Conv-LSTM) network. This IDS is a two-stage ID system: the first stage employs the anomaly detection module, which is based on Spark ML. The second stage acts as a misuse detection module, which is based on the Conv-LSTM network, such that both global and local latent threat signatures can be addressed. Evaluations of several baseline models in the ISCX-UNB dataset show that our hybrid IDS can identify network misuses accurately in 97.29% of cases and outperforms state-of-the-art approaches during 10-fold cross-validation tests.https://www.mdpi.com/2073-8994/11/4/583intrusion detection systemdeep learningSpark MLCNNLSTMConv-LSTM |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Muhammad Ashfaq Khan Md. Rezaul Karim Yangwoo Kim |
spellingShingle |
Muhammad Ashfaq Khan Md. Rezaul Karim Yangwoo Kim A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network Symmetry intrusion detection system deep learning Spark ML CNN LSTM Conv-LSTM |
author_facet |
Muhammad Ashfaq Khan Md. Rezaul Karim Yangwoo Kim |
author_sort |
Muhammad Ashfaq Khan |
title |
A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network |
title_short |
A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network |
title_full |
A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network |
title_fullStr |
A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network |
title_full_unstemmed |
A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network |
title_sort |
scalable and hybrid intrusion detection system based on the convolutional-lstm network |
publisher |
MDPI AG |
series |
Symmetry |
issn |
2073-8994 |
publishDate |
2019-04-01 |
description |
With the rapid advancements of ubiquitous information and communication technologies, a large number of trustworthy online systems and services have been deployed. However, cybersecurity threats are still mounting. An intrusion detection (ID) system can play a significant role in detecting such security threats. Thus, developing an intelligent and accurate ID system is a non-trivial research problem. Existing ID systems that are typically used in traditional network intrusion detection system often fail and cannot detect many known and new security threats, largely because those approaches are based on classical machine learning methods that provide less focus on accurate feature selection and classification. Consequently, many known signatures from the attack traffic remain unidentifiable and become latent. Furthermore, since a massive network infrastructure can produce large-scale data, these approaches often fail to handle them flexibly, hence are not scalable. To address these issues and improve the accuracy and scalability, we propose a scalable and hybrid IDS, which is based on Spark ML and the convolutional-LSTM (Conv-LSTM) network. This IDS is a two-stage ID system: the first stage employs the anomaly detection module, which is based on Spark ML. The second stage acts as a misuse detection module, which is based on the Conv-LSTM network, such that both global and local latent threat signatures can be addressed. Evaluations of several baseline models in the ISCX-UNB dataset show that our hybrid IDS can identify network misuses accurately in 97.29% of cases and outperforms state-of-the-art approaches during 10-fold cross-validation tests. |
topic |
intrusion detection system deep learning Spark ML CNN LSTM Conv-LSTM |
url |
https://www.mdpi.com/2073-8994/11/4/583 |
work_keys_str_mv |
AT muhammadashfaqkhan ascalableandhybridintrusiondetectionsystembasedontheconvolutionallstmnetwork AT mdrezaulkarim ascalableandhybridintrusiondetectionsystembasedontheconvolutionallstmnetwork AT yangwookim ascalableandhybridintrusiondetectionsystembasedontheconvolutionallstmnetwork AT muhammadashfaqkhan scalableandhybridintrusiondetectionsystembasedontheconvolutionallstmnetwork AT mdrezaulkarim scalableandhybridintrusiondetectionsystembasedontheconvolutionallstmnetwork AT yangwookim scalableandhybridintrusiondetectionsystembasedontheconvolutionallstmnetwork |
_version_ |
1725889353734946816 |