DDR Scheme and LSTM RNN Algorithm for Building an Efficient IDS

Abstract

The growth in IT sector is touching new pinnacles day by day, and hence the number of devices that are connected through Internet have increased tremendously, resulting into Big Data issue, more computation time and an increased rate of malicious activities. The vulnerabilities in the network or devices give an open invitation to hackers to carry out malicious activities, by which the organization and the end user have to bare a huge loss. Thus, in order to provide more security - Intrusion Detection System (IDS) were introduced which played a major role in the past few years, when it comes to security. IDS and the humongous amount of data it uses are inter-related when it comes to speed and time. Data being collected from data packets contains a lot of irrelevant information which adds to the increased size and dimension of data sets used by IDS, hence leading to the high dimensionality problem. No doubt, IDS encounters lot many problems such as low detection rate, high false positive rates due to the intense quantity of data. In order to develop an efficient IDS, data mining strategy plays a significant role in the field of data analysis. In this sense, high dimensional data is the fundamental problem. To reduce the dataset in an effective way, we proposed a Data Dimensionality Reduction (DDR) scheme which reduces the number of features and tuples in the training set to find out the better detection rate. Our scheme has been evaluated based on four classifiers (XGBoost, SVM, CTree, Nnet). For this experiment, a benchmark dataset NSL-KDD and latest intrusion dataset i.e. CICIDS 2017 have been used. To further enhance the detection rate and lower the false alarm rate of IDS, the other approach has been proposed based upon Deep Neural Network. Out of several deep neural network techniques available, this research focuses on one aspect of Recurrent Neural Network called Long ShortTerm Memory (LSTM) and TensorFlow and Keras library has been used to build and train a deep neural network model to detect the presence of malicious activities on a network. This model can be used to develop an Intrusion Detection System (IDS) to aid in detecting different types of attacks on the network. Also, at the completion of this work, the expectation of the produced model is to have higher detection accuracy rates, and a low false alarm rates. This deep learning model has also been evaluated on both the datasets (NSL-KDD and CICIDS 2017). Besides this, the comparison between both the proposed approaches has also been represented in this work.