A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network

A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network

With the rapid advancements of ubiquitous information and communication technologies, a large number of trustworthy online systems and services have been deployed. However, cybersecurity threats are still mounting. An intrusion detection (ID) system can play a significant role in detecting such secu...

Full description

Bibliographic Details
Main Authors: Muhammad Ashfaq Khan, Md. Rezaul Karim, Yangwoo Kim
Format: Article
Language:English
Published: MDPI AG 2019-04-01
Series:Symmetry
Subjects:
intrusion detection system
deep learning
Spark ML
CNN
LSTM
Conv-LSTM
Online Access:https://www.mdpi.com/2073-8994/11/4/583
id doaj-08bd9508df6c451fa362155ac8c4d6da
record_format Article
spelling doaj-08bd9508df6c451fa362155ac8c4d6da2020-11-24T21:49:08ZengMDPI AGSymmetry2073-89942019-04-0111458310.3390/sym11040583sym11040583A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM NetworkMuhammad Ashfaq Khan0Md. Rezaul Karim1Yangwoo Kim2Department of Information and Communication Engineering, Dongguk University, 30-Pildong-ro 1-gil, Jung-gu, Seoul 100-715, KoreaFraunhofer Institute for Applied Information Technology FIT, 53754 Sankt Augustin, GermanyDepartment of Information and Communication Engineering, Dongguk University, 30-Pildong-ro 1-gil, Jung-gu, Seoul 100-715, KoreaWith the rapid advancements of ubiquitous information and communication technologies, a large number of trustworthy online systems and services have been deployed. However, cybersecurity threats are still mounting. An intrusion detection (ID) system can play a significant role in detecting such security threats. Thus, developing an intelligent and accurate ID system is a non-trivial research problem. Existing ID systems that are typically used in traditional network intrusion detection system often fail and cannot detect many known and new security threats, largely because those approaches are based on classical machine learning methods that provide less focus on accurate feature selection and classification. Consequently, many known signatures from the attack traffic remain unidentifiable and become latent. Furthermore, since a massive network infrastructure can produce large-scale data, these approaches often fail to handle them flexibly, hence are not scalable. To address these issues and improve the accuracy and scalability, we propose a scalable and hybrid IDS, which is based on Spark ML and the convolutional-LSTM (Conv-LSTM) network. This IDS is a two-stage ID system: the first stage employs the anomaly detection module, which is based on Spark ML. The second stage acts as a misuse detection module, which is based on the Conv-LSTM network, such that both global and local latent threat signatures can be addressed. Evaluations of several baseline models in the ISCX-UNB dataset show that our hybrid IDS can identify network misuses accurately in 97.29% of cases and outperforms state-of-the-art approaches during 10-fold cross-validation tests.https://www.mdpi.com/2073-8994/11/4/583intrusion detection systemdeep learningSpark MLCNNLSTMConv-LSTM
collection DOAJ
language English
format Article
sources DOAJ
author Muhammad Ashfaq Khan
Md. Rezaul Karim
Yangwoo Kim
spellingShingle Muhammad Ashfaq Khan
Md. Rezaul Karim
Yangwoo Kim
A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network
Symmetry
intrusion detection system
deep learning
Spark ML
CNN
LSTM
Conv-LSTM
author_facet Muhammad Ashfaq Khan
Md. Rezaul Karim
Yangwoo Kim
author_sort Muhammad Ashfaq Khan
title A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network
title_short A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network
title_full A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network
title_fullStr A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network
title_full_unstemmed A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network
title_sort scalable and hybrid intrusion detection system based on the convolutional-lstm network
publisher MDPI AG
series Symmetry
issn 2073-8994
publishDate 2019-04-01
description With the rapid advancements of ubiquitous information and communication technologies, a large number of trustworthy online systems and services have been deployed. However, cybersecurity threats are still mounting. An intrusion detection (ID) system can play a significant role in detecting such security threats. Thus, developing an intelligent and accurate ID system is a non-trivial research problem. Existing ID systems that are typically used in traditional network intrusion detection system often fail and cannot detect many known and new security threats, largely because those approaches are based on classical machine learning methods that provide less focus on accurate feature selection and classification. Consequently, many known signatures from the attack traffic remain unidentifiable and become latent. Furthermore, since a massive network infrastructure can produce large-scale data, these approaches often fail to handle them flexibly, hence are not scalable. To address these issues and improve the accuracy and scalability, we propose a scalable and hybrid IDS, which is based on Spark ML and the convolutional-LSTM (Conv-LSTM) network. This IDS is a two-stage ID system: the first stage employs the anomaly detection module, which is based on Spark ML. The second stage acts as a misuse detection module, which is based on the Conv-LSTM network, such that both global and local latent threat signatures can be addressed. Evaluations of several baseline models in the ISCX-UNB dataset show that our hybrid IDS can identify network misuses accurately in 97.29% of cases and outperforms state-of-the-art approaches during 10-fold cross-validation tests.
topic intrusion detection system
deep learning
Spark ML
CNN
LSTM
Conv-LSTM
url https://www.mdpi.com/2073-8994/11/4/583
work_keys_str_mv AT muhammadashfaqkhan ascalableandhybridintrusiondetectionsystembasedontheconvolutionallstmnetwork
AT mdrezaulkarim ascalableandhybridintrusiondetectionsystembasedontheconvolutionallstmnetwork
AT yangwookim ascalableandhybridintrusiondetectionsystembasedontheconvolutionallstmnetwork
AT muhammadashfaqkhan scalableandhybridintrusiondetectionsystembasedontheconvolutionallstmnetwork
AT mdrezaulkarim scalableandhybridintrusiondetectionsystembasedontheconvolutionallstmnetwork
AT yangwookim scalableandhybridintrusiondetectionsystembasedontheconvolutionallstmnetwork
_version_ 1725889353734946816

Similar Items