Learning to Detect: A Data-driven Approach for Network Intrusion Detection
This work addresses intrusion detection for network security, but it is incremental as it builds on existing methods with a hierarchical approach and oversampling techniques.
The paper tackles network intrusion detection by using a hierarchical strategy that first classifies intrusion vs. normal behavior and then specific attack types, demonstrating advantages of unsupervised representation learning for binary detection and addressing data imbalance with SVM-SMOTE oversampling in 4-class classification.
With massive data being generated daily and the ever-increasing interconnectivity of the world's Internet infrastructures, a machine learning based intrusion detection system (IDS) has become a vital component to protect our economic and national security. In this paper, we perform a comprehensive study on NSL-KDD, a network traffic dataset, by visualizing patterns and employing different learning-based models to detect cyber attacks. Unlike previous shallow learning and deep learning models that use the single learning model approach for intrusion detection, we adopt a hierarchy strategy, in which the intrusion and normal behavior are classified firstly, and then the specific types of attacks are classified. We demonstrate the advantage of the unsupervised representation learning model in binary intrusion detection tasks. Besides, we alleviate the data imbalance problem with SVM-SMOTE oversampling technique in 4-class classification and further demonstrate the effectiveness and the drawback of the oversampling mechanism with a deep neural network as a base model.