Automatic Intrusion Detection System Using Deep Recurrent Neural Network Paradigm

Ahmed Elsherif


Network security field had gained research community attention in the last decade due to its growing importance. This paper addresses directly one vital problem in that field is “Intrusion Detection System” (IDS). As much as many researchers tackle this problem, many challenges arise while converting this research to reliable automatic system. The biggest challenge is to make the system works with low false alarm with new unseen threats. In this paper, we address this challenge by building a descriptive model using different models of deep Recurrent Neural Network (RNNs). (RNN) models has the ability to generalize the knowledge that can be used to identify seen and unseen threats. This generalization comes from RNN capabilities to define in its terms the normal behavior and the deviation accepted to be normal. Four different models of RNN were tested on a benchmark dataset, NSL-KDD, which is a standard test dataset for network intrusion. The proposed system showed superiority over other previously developed systems according to the standard measurements: accuracy, recall, precision and f-measure.

Full Text:



Abie, H., & Balasingham, I. (2012, February). Risk-based adaptive security for smart IoT in eHealth. In Proceedings of the 7th International Conference on Body Area Networks (pp. 269-275). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering).

Luo, X., Liu, J., Zhang, D., & Chang, X. (2016). A large-scale web QoS prediction scheme for the Industrial Internet of Things based on a kernel machine learning algorithm. Computer Networks, 101, 81-89.

Xu, K., Wang, X., Wei, W., Song, H., & Mao, B. (2016). Toward software defined smart home. IEEE Communications Magazine, 54(5), 116-122

Clinefelter, D. L., & Aslanian, C. B. (2015). Online College Students 2015: Comprehensive data on demands and preferences. Louisville, KY: The Learning House, Inc.

* Mullainathan, Sendhil, and Jann Spiess. 2017. “Machine Learning: An Applied Econometric Approach.” Journal of Economic Perspectives 31 (2): 87–106.

Kim, J., Kim, J., & Kim, H. (2015). An Approach to Build an Efficient Intrusion Detection Classifier. JOURNAL OF PLATFORM TECHNOLOGY, 3(4), 43-52.

B. Mukherjee, L. T. Heberlein, and K. N. Levitt, “Network intrusion detection,” IEEE Netw., vol. 8, no. 3, pp. 26–41, May 1994.

SANS Institute, “The History and Evolution of Intrusion Detection.” [Online]. Available: whitepapers/detection/history-evolution-intrusion-detection-344. [last seen : 8-Jan- 2017]

R. Mitchell and I.-R. Chen, “A survey of intrusion detection techniques for cyber-physical systems,” ACM Comput. Surv., vol. 46, no. 4, pp. 1–29, Mar. 2014.

Farooq, M. U., Waseem, M., Khairi, A., & Mazhar, S. (2015). A critical analysis on the security concerns of the internet of things (IoT). International Journal of Computer Applications, 111(7)

Fiore, Ugo and Palmieri, Francesco and Castiglione, Aniello and De Santis, Alfredo, Network AnomalyDetection with the Restricted Boltzmann Machine," Neurocomput., vol. 122, pp. 13{23, 2013.

Dua, S., & Du, X. (2016). Data mining and machine learning in cybersecurity. CRC press.

Esmalifalak, M., Liu, L., Nguyen, N., Zheng, R., & Han, Z. (2014). Detecting stealthy false data injection using machine learning in smart grid. IEEE Systems Journal.

H. Debar, M. Dacier, and A. Wespi, “A revised taxonomy for intrusion-detection systems,” Ann. Des Télécommunications, vol. 55, no. 7–8, pp. 361–378.

J. Shun and H. a. Malki, “Network Intrusion Detection System Using Neural Networks,” 2008 Fourth Int. Conf. Nat. Comput., vol. 5, pp. 242–246, 2008.

Hasan, M. A. M., Nasser, M., Ahmad, S., & Molla, K. I. (2016). Feature Selection for Intrusion Detection Using Random Forest. Journal of Information Security, 7(03), 129.

Li Deng, “A tutorial survey of architectures, algorithms, and applications for deep learning,” APSIPA Trans. Signal Inf. Process., vol. 3, no. e2, pp. 1--29, 2014.

Bengio Y., Courville A. C., Vincent P. (2012); Unsupervised feature learning and deep learning: A review and new perspectives, CoRR, abs/1206.5538, 1, 2012.

Bengio Y., Goodfellow I. J., Courville A. (2016); Deep Learning, The MIT Press, 2016.

Conorich, D. G. (2004). Monitoring intrusion detection systems: From data to knowledge. Information Systems Security 13(2), 19- 30. Retrieved October 02, 2006, from WilsonSelect Plus database

Moses Garuba, Chunmei Liu, and Duane Fraites, “Intrusion Techniques : Comparative study of Intrusion Detection Systems”, 5th International Conference on Information Technolgy, IEEE 2008

Teenam Bansode, B.B.Meshram, “Intrusion Prevention System: for End Users”, International Conference Ahmadnagar, March 2009.

R. Heady, G.F. Luger, A. Maccabe and M. Servilla, “The architecture of a Network Level Intrusion Detection System,” Department of Computer Science, College of Engineering, University of New Mexico, 1990, pp. 1-17.

R. Bace and P. Mell, “NIST Special Publication on Intrusion Detection Systems,” Booz- Allen and Hamilton inc, Mclean VA, 2001, pp. 5-22.

B. Shanmugam and N. B. Idris, Hybrid intrusion detection systems (HIDS) using Fuzzy logic. INTECH Open Access Publisher, 2011.

R. P. R. I. Sravan Kumar Jonnalagadda, “A Literature Survey and Comprehensive Study of Intrusion Detection,” Int. J. Comput. Appl., vol. 11, no. 81(16), pp. 40–47, 2013.

R. Mitchell and I.-R. Chen, “A survey of intrusion detection techniques for cyber-physical systems,” ACM Comput. Surv., vol. 46, no. 4, pp. 1–29, Mar. 2014.

McHugh, J., Christie, A., & Allen, J. (2000). Defending yourself: The role of intrusion detection systems. IEEE Software 17(5), 42- 51. Retrieved October 2, 2006, from IEEE Computer Society Digital Library database.

M. Tavallaee, E. Bagheri, W. Lu, and A. Ghorbani, A detailed analysis of the KDD CUP 99 data set, 2009 IEEE Int. Conf. Comput. Intell. Security Defense Appl., 2009, pp. 53–58.

R. Mitchell and I.-R. Chen, “A survey of intrusion detection techniques for cyber-physical systems,” ACM Comput. Surv., vol. 46, no. 4, pp. 1–29, Mar. 2014.

N. K. Mittal, “A survey on Wireless Sensor Network for Community Intrusion Detection Systems,” in 2016 3rd International Conference on Recent Advances in Information Technology (RAIT), 2016, pp. 107–111.

J. Shun and H. a. Malki, “Network Intrusion Detection System Using Neural Networks,” 2008 Fourth Int. Conf. Nat. Comput., vol. 5, pp. 242–246, 2008.

A. G. Tokhtabayev and V. A. Skormin, “Non- Stationary Markov Models and Anomaly Propagation Analysis in IDS,” in Third International Symposium on Information Assurance and Security, 2007, pp. 203–208.

R. Mandal and S. Yadav, “An improved intrusion system design using hybrid classification technique,” International Journal of Computer Applications, vol. 117, no. 10, 2015

S. H. Vasudeo, P. Patil, and R. V. Kumar, “IMMIX-intrusion detection and prevention system,” in 2015 International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), 2015, pp. 96–101.

R. S. Naoum, N. A. Abid, and Z. N. Al-Sultani, An Enhanced Resilient Back-propagation Artificial Neural Network for Intrusion Detection System, International Journal of Computer Science and Network Security, vol. 12, no. 3, pp. 11{16, 2012.

H.-s. Chae, B.-o. Jo, S.-H. Choi, and T.-k. Park, Feature Selection for Intrusion Detection using NSL-KDD," Recent Advances in Computer Science, pp. 184-187, 2013.

S. Thaseen and C. A. Kumar, An Analysis of Supervised Tree based Classifiers for Intrusion Detection System," in Pattern Recognition, Informatics and Mobile Engineering (PRIME), 2013International Conference on, pp. 294-299, IEEE, 2013.

M. Panda, A. Abraham, and M. R. Patra, Discriminative Multinomial Naive Bayes for Network Intrusion Detection," in Information Assurance and Security (IAS), 2010 Sixth International Conference on, pp. 5-10, IEEE, 2010.

H. F. Eid, A. Darwish, A. E. Hassanien, and A. Abraham, Principle Components Analysis and Support Vector Machine based Intrusion Detection System," in Intelligent Systems Design and Applications (ISDA), 2010 10th International Conference on, pp. 363-367, IEEE, 2010.

I. Syarif, A. Prugel-Bennett, and G. Wills, Unsupervised Clustering Approach for Network Anomaly Detection," in Networked Digital Technologies, pp. 135{145, Springer, 2012.

J. Kim, J. Kim, H. L. T. Thu, and H. Kim, “Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection,” in 2016 International Conference on Platform Technology and Service (PlatCon), 2016, pp. 1–5.

U. Fiore, F. Palmieri, A. Castiglione, and A. De Santis, “Network anomaly detection with the restricted Boltzmann machine,” Neurocomputing, vol. 122, pp. 13–23, Dec. 2013

M. Z. Alom, V. Bontupalli, and T. M. Taha, “Intrusion detection using deep belief networks,” in 2015 National Aerospace and Electronics Conference (NAECON), 2015, pp. 339–344

utskever, I. Vinyals, O. & Le. Q. V. Sequence to sequence learning with neural networks. InProc. Advances in Neural Information Processing Systems 27 3104–3112 (2014).

Gers, F.A., Schraudolph, N.N., Schmidhuber, J.: Learning precise timing with LSTM recurrent networks. Journal of Machine Learning Research 3, 115–143 (2003)

J. McHugh, “Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory,” ACM Transactions on Information and System Security, vol. 3, no. 4, pp. 262–294, 2000.


  • There are currently no refbacks.