Intrusion detection system (IDS) is a piece of hardware or software that looks for malicious activity or policy violations in a network. It looks for malicious activity or security flaws on a network or system. IDS protects hosts or networks by looking for indications of known attacks or deviations from normal behavior (Network-based intrusion detection system, or NIDS for short). Due to the rapidly increasing amount of network data, traditional intrusion detection systems (IDSs) are far from being able to quickly and efficiently identify complex and varied network attacks, especially those linked to low-frequency attacks. The SCGNet (Stacked Convolution with Gated Recurrent Unit Network) is a novel deep learning architecture that we propose in this study. It exhibits promising results on the NSL-KDD dataset in both task, network attack detection, and attack type classification with 99.76% and 98.92% accuracy, respectively. We have also introduced a general data preprocessing pipeline that is easily applicable to other similar datasets. We have also experimented with conventional machine-learning techniques to evaluate the performance of the data processing pipeline.
翻译:入侵检测系统(IDS)是一种用于监测网络中恶意活动或策略违规的硬件或软件。它旨在发现网络或系统中的恶意活动或安全漏洞。IDS通过寻找已知攻击的迹象或偏离正常行为(简称基于网络的入侵检测系统,NIDS)的模式来保护主机或网络。由于网络数据量快速增长,传统的入侵检测系统远不能快速有效地识别复杂多样的网络攻击,尤其是与低频攻击相关的攻击。本研究提出的SCGNet(基于堆叠卷积门控循环单元网络)是一种新颖的深度学习架构。在NSL-KDD数据集上,该模型在网络攻击检测和攻击类型分类两项任务中均表现出优异性能,准确率分别达到99.76%和98.92%。我们还引入了一个通用的数据预处理流程,该流程可轻松应用于其他类似数据集。此外,我们通过传统机器学习技术进行了实验,以评估数据处理流程的性能。