Efficient and interpretable SRU combined with TabNet for network intrusion detection in the big data environment

Springer Science and Business Media LLC - Tập 22 - Trang 679-689 - 2022

Yingchun Chen¹, Jinguo Li¹, Naiwang Guo²

¹College of Computer Science and Technology, Shanghai University of Electric Power, Shanghai, China

²State Grid Shanghai Municipal Electric Power Company, Shanghai, China

Tóm tắt

While digital application infrastructure services are becoming increasingly abundant and the scale of the network continues to expand, many new network vulnerabilities and attacks (such as DoS, Botnet, and MITM) have emerged in an endless stream. The timely and accurate detection of network anomalies is of extraordinary importance for the stability of the network. Previous works designed based on deep learning have faced difficulties in their adoption in practice due to the lack of interpretability. Recently, Recurrent Neural Networks perform a superior ability to analyze high-dimensional complex network flow. However, these methods have the problems of limited parallelizability and time-consuming training, so they cannot meet the particular requirements of intrusion detection. To solve the above issues, we propose an efficient and interpretable intrusion detection scheme based on simple recurrent networks (Tab-AttSRU) to identify abnormal network traffic patterns accurately. Concretely, to obtain high-quality interpretation, we utilize model-specific feature importance and a learnable mask of TabNet for soft selection. The sequential attention mechanism is used to select the decision-making features for necessary interpretability. To realize efficient parallel computing, we combine SRU with attention mechanism to capture latent connections between traffic at different times and implement it on Spark. The performance of proposed method is assessed on the benchmark UNSW-NB15 and a real-world dataset UKM-IDS20. Experimental results have demonstrated the efficiency and interpretability of proposed method.

Tài liệu tham khảo

Gamage, S., Samarabandu, J.: Deep learning methods in network intrusion detection: a survey and an objective comparison. J. Netw. Comput. Appl. 169, 102767 (2020). https://doi.org/10.1016/j.jnca.2020.102767 Qassim, Qais, Jamil, Norziana, Daud, Maslina, Patel, Ahmed, Ja’affar, Norhamadi: A review of security assessment methodologies in industrial control systems. Inf. Comput. Secur. 27(1), 47–61 (2019). https://doi.org/10.1108/ICS-04-2018-0048 Patel, A., Alhussian, H., Pedersen, J.M., Bounabat, B., Junior, J.C., Katsikas, S.: A nifty collaborative intrusion detection and prevention architecture for smart grid ecosystems. Comput. Secur. (COSE) 64(C), 92–109 (2019). https://doi.org/10.1016/j.cose.2016.07.002 Yang, C.: Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment. Cluster Comput. 22, 8309–8317 (2019). https://doi.org/10.1007/s10586-018-1755-5 Althobaiti, M.M., Kumar, K.P.M., Gupta, D., Kumar, S., Mansour, R.F.: An intelligent cognitive computing based intrusion detection for industrial cyber-physical systems. Measurement 186, 110145 (2021). https://doi.org/10.1016/j.measurement.2021.110145 Patel, A., Taghavi, M., Bakhtiyari, K., Junior, J.C.: An intrusion detection and prevention system in cloud computing: a systematic review. J. Netw. Comput. Appl. 36(1), 25–41 (2013). https://doi.org/10.1016/j.jnca.2012.08.007 Venturi, A., Zanasi, C.: On the feasibility of adversarial machine learning in malware and network intrusion detection. In: 2021 IEEE 20th International Symposium on Network Computing and Applications (NCA), pp. 1-8. IEEE (2021). https://doi.org/10.1109/NCA53618.2021.9685709 Riyaz, B., Ganapathy, S.: A deep learning approach for effective intrusion detection in wireless networks using CNN. Soft Comput. 24, 17265–17278 (2020). https://doi.org/10.1007/s00500-020-05017-0 Sohn, I.: Deep belief network based intrusion detection techniques: a survey. Expert Syst. Appl. 167, 114170 (2021). https://doi.org/10.1016/j.eswa.2020.114170 Hu, W., Fu, Z., Guo, Z.: Local frequency interpretation and non-local self-similarity on graph for point cloud inpainting. IEEE Trans. Image Process. 28(8), 4087–4100 (2019). https://doi.org/10.1109/TIP.2019.2906554 Deore, B., Bhosale, S.: Intrusion detection system based on RNN classifier for feature reduction. SN Comput. Sci. 3, 114 (2022). https://doi.org/10.1007/s42979-021-00991-0 Liang, Y., Li, S., Yan, C., Li, M., Jiang, C.: Explaining the black-box model: a survey of local interpretation methods for deep neural networks. Neurocomputing 419, 168–182 (2021). https://doi.org/10.1016/j.neucom.2020.08.011 Zeiler, M.D., Fergus, R.: Visualizing and understanding convolutional networks. In: Fleet, D., Pajdla, T., Schiele, B., Tuytelaars, T. (eds.) Computer Vision – ECCV 2014. ECCV 2014. Lecture Notes in Computer Science, vol. 8689. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10590-1_53 Mahendran, A., Vedaldi, A.: Understanding deep image representations by inverting them. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 5188–5196 (2015) Yosinski, J., Clune, J., Nguyen, A., Fuchs, T., Lipson, H.: Understanding neural networks through deep visualization. arXiv:1506.06579 (2015) Zhang, Q., Wu, Y. N., Zhu, S. C.: Interpretable convolutional neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 8827–8836 (2018) Bau, D., Zhou, B., Khosla, A., Oliva, A., Torralba, A.: Network dissection: quantifying interpretability of deep visual representations. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 6541–6549 (2017) Ribeiro, M.T., Singh, S., Guestrin, C.: “ Why should i trust you?” Explaining the predictions of any classifier. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1135–1144 (2016). https://doi.org/10.1145/2939672.2939778 Guo, W., Mu, D., Xu, J., Su, P., Wang, G., Xing, X.: Lemna: explaining deep learning based security applications. In: proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 364–379 (2018). https://doi.org/10.1145/3243734.3243792 Zhou, B., Khosla, A., Lapedriza, A., Oliva, A., Torralba, A.: Learning deep features for discriminative localization. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2921–2929 (2016) Lin, M., Chen, Q., Yan, S.: Network in network. arXiv:1312.4400 (2013) Oquab, M., Bottou, L., Laptev, I., Sivic, J.: Is object localization for free?-weakly-supervised learning with convolutional neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 685–694 (2015) Pinheiro, P.O., Collobert, R.: From image-level to pixel-level labeling with convolutional networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1713–1721 (2015) Selvaraju, R.R., Cogswell, M., Das, A., Vedantam, R., Parikh, D., Batra, D.: Grad-cam: visual explanations from deep networks via gradient-based localization. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 618–626 (2017) Yu, J., Ye, X., Li, H.: A high precision intrusion detection system for network security communication based on multi-scale convolutional neural network. Future Gener. Comput. Syst. 129, 399–406 (2022). https://doi.org/10.1016/j.future.2021.10.018 Moizuddin, M.D., Jose, M.V.: A bio-inspired hybrid deep learning model for network intrusion detection. Knowl.-Based Syst. 238, 107894 (2022). https://doi.org/10.1016/j.knosys.2021.107894 Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017). https://doi.org/10.1109/ACCESS.2017.2762418 Albahar, M.A.: Recurrent neural network model based on a new regularization technique for real-time intrusion detection in SDN environments. Secur. Commun. Netw. (2019). https://doi.org/10.1155/2019/8939041 Zhou, X., Hu, Y., Liang, W., Ma, J., Jin, Q.: Variational LSTM enhanced anomaly detection for industrial big data. IEEE Trans. Ind. Inform. 17(5), 3469–3477 (2020). https://doi.org/10.1109/TII.2020.3022432 Singh, N.B., Singh, M.M., Sarkar, A., Mandal, J.K.: A novel wide and deep transfer learning stacked GRU framework for network intrusion detection. J. Inf. Secur. Appl. 61, 102899 (2021). https://doi.org/10.1016/j.jisa.2021.102899 Arik, S.Ö., Pfister, T.: Tabnet: attentive interpretable tabular learning. In: Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 35, No. 8, pp. 6679–6687 (2021). https://ojs.aaai.org/index.php/AAAI/article/view/16826 Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6 (2015). https://doi.org/10.1109/MilCIS.2015.7348942 Mahfouz, A., Abuhussein, A., Venugopal, D., Shiva, S.: Ensemble classifiers for network intrusion detection using a novel network attack dataset. Future Internet 12(11), 180 (2020). https://doi.org/10.3390/fi12110180 Al-Daweri, M.S., Abdullah, S., Ariffin, K.A.Z.: An adaptive method and a new dataset, UKM-IDS20, for the network intrusion detection system. Comput. Commun. 180, 57–76 (2021). https://doi.org/10.1016/j.comcom.2021.09.007 Peng, K., Leung, V., Zheng, L., Wang, S., Huang, C., Lin, T.: Intrusion detection system based on decision tree over big data in fog environment. Wirel. Commun. Mob. Comput. (2018). https://doi.org/10.1155/2018/4680867 Reddy, R.R., Ramadevi, Y., Sunitha, K.N.: Effective discriminant function for intrusion detection using SVM. In: 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 1148–1153. IEEE (2016). https://doi.org/10.1109/ICACCI.2016.7732199 Mughal, M.O., Kim, S.: Signal classification and jamming detection in wide-band radios using Naíve Bayes classifier. IEEE Commun. Lett. 22(7), 1398–1401 (2018). https://doi.org/10.1109/LCOMM.2018.2830769 Liu, J., Gao, Y., Hu, F.: A fast network intrusion detection system using adaptive synthetic oversampling and LightGBM. Comput. Secur. 106, 102289 (2021). https://doi.org/10.1016/j.cose.2021.102289 Yang, S.U.: Research on network behavior anomaly analysis based on bidirectional LSTM. In: 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), pp. 798–802. IEEE (2019). https://doi.org/10.1109/ITNEC.2019.8729475 Roy, B., Cheung, H.: A deep learning approach for intrusion detection in internet of things using bi-directional long short-term memory recurrent neural network. In: 2018 28th International Telecommunication Networks and Applications Conference (ITNAC), pp. 1–6. IEEE (2018). https://doi.org/10.1109/ATNAC.2018.8615294

Scholar Hub - Công cụ hỗ trợ trích dẫn và phân tích khoa học Việt Nam

Về chúng tôi

Scholar Hub là công cụ hỗ trợ trích dẫn và phân tích các bài báo, công bố khoa học Việt Nam. Công cụ trợ giúp người nghiên cứu, tạp chí, đơn vị nghiên cứu tra cứu, phân tích và thống kê dữ liệu nghiên cứu khoa học tại Việt Nam và quốc tế.
ScholarHub KHÔNG đăng thông tin tổng hợp, KHÔNG đăng lại nội dung từ các trang báo chí Việt Nam hoặc trang thông tin điện tử khác tại Việt Nam.

Thông tin, cập nhật

Đăng ký Tạp chí tham gia vào Scholar Hub

Phản hồi ý kiến về Scholar Hub

Bài viết, nội dung cập nhật

Chủ đề khoa học

Website liên kết

Phần mềm kiểm tra trùng lặp Kiểm Tra Tài Liệu

Phần mềm xuất bản tạp chí điện tử VOJS

Công cụ kiểm tra chính tả và thể thức Viver

Nền tảng trắc nghiệm và đề thi đa lĩnh vực LetQA