BAT: Deep Learning Methods on Network Intrusion Detection Using NSL-KDD Dataset

Intrusion detection can identify unknown attacks from network traffics and has been an effective means of network security. Nowadays, existing methods for network anomaly detection are usually based on traditional machine learning models, such as KNN, SVM, etc. Although these methods can obtain some...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE access 2020, Vol.8, p.29575-29585
Hauptverfasser:	Su, Tongtong, Sun, Huazhi, Zhu, Jinqi, Wang, Sheng, Li, Yabo
Format:	Artikel
Sprache:	eng
Schlagworte:	Anomalies Anomaly detection attention mechanism BLSTM Classification Communications traffic Datasets Deep learning Feature extraction Intrusion detection Intrusion detection systems Machine learning Machine learning algorithms Model testing Network traffic Obsolescence Pattern matching Traffic engineering Traffic models
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	29585
container_issue
container_start_page	29575
container_title	IEEE access
container_volume	8
creator	Su, Tongtong Sun, Huazhi Zhu, Jinqi Wang, Sheng Li, Yabo
description	Intrusion detection can identify unknown attacks from network traffics and has been an effective means of network security. Nowadays, existing methods for network anomaly detection are usually based on traditional machine learning models, such as KNN, SVM, etc. Although these methods can obtain some outstanding features, they get a relatively low accuracy and rely heavily on manual design of traffic features, which has been obsolete in the age of big data. To solve the problems of low accuracy and feature engineering in intrusion detection, a traffic anomaly detection model BAT is proposed. The BAT model combines BLSTM (Bidirectional Long Short-term memory) and attention mechanism. Attention mechanism is used to screen the network flow vector composed of packet vectors generated by the BLSTM model, which can obtain the key features for network traffic classification. In addition, we adopt multiple convolutional layers to capture the local features of traffic data. As multiple convolutional layers are used to process data samples, we refer BAT model as BAT-MC. The softmax classifier is used for network traffic classification. The proposed end-to-end model does not use any feature engineering skills and can automatically learn the key features of the hierarchy. It can well describe the network traffic behavior and improve the ability of anomaly detection effectively. We test our model on a public benchmark dataset, and the experimental results demonstrate our model has better performance than other comparison methods.
doi_str_mv	10.1109/ACCESS.2020.2972627
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2454731855</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8988230</ieee_id><doaj_id>oai_doaj_org_article_a5196c430cf14cd78ce15e638537b408</doaj_id><sourcerecordid>2454731855</sourcerecordid><originalsourceid>FETCH-LOGICAL-c474t-e9e6e04de3fe3f1db19a3f8c81eb9ac29d8fd2bf78f9ec2e3308dfeafe3fb7fd3</originalsourceid><addsrcrecordid>eNpNUctOwzAQjBBIVIUv4BKJc4ofSWxzKw2PigKHtmfLsdeQUuJiu0L8PQmpEKuVdjWamV1pkuQCownGSFxNZ7Pb5XJCEEETIhgpCTtKRgSXIqMFLY__7afJeQgb1BXvoIKNkpeb6eo6rQB26QKUb5v2NX2C-OZMSF2bPkP8cv49nbfR70PTIRVE0LHf1qEnPy8X2WNVpZWKKkA8S06s2gY4P8xxsr67Xc0essXL_Xw2XWQ6Z3nMQEAJKDdAbdfY1FgoarnmGGqhNBGGW0Nqy7gVoAlQirixoHp2zayh42Q--BqnNnLnmw_lv6VTjfwFnH-VysdGb0GqAotS5xRpi3NtGNeACygpLyirc8Q7r8vBa-fd5x5ClBu39233viR5kTOKeVF0LDqwtHcheLB_VzGSfRByCEL2QchDEJ3qYlA1APCn4IJzQhH9AVXQg8c</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2454731855</pqid></control><display><type>article</type><title>BAT: Deep Learning Methods on Network Intrusion Detection Using NSL-KDD Dataset</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Su, Tongtong ; Sun, Huazhi ; Zhu, Jinqi ; Wang, Sheng ; Li, Yabo</creator><creatorcontrib>Su, Tongtong ; Sun, Huazhi ; Zhu, Jinqi ; Wang, Sheng ; Li, Yabo</creatorcontrib><description>Intrusion detection can identify unknown attacks from network traffics and has been an effective means of network security. Nowadays, existing methods for network anomaly detection are usually based on traditional machine learning models, such as KNN, SVM, etc. Although these methods can obtain some outstanding features, they get a relatively low accuracy and rely heavily on manual design of traffic features, which has been obsolete in the age of big data. To solve the problems of low accuracy and feature engineering in intrusion detection, a traffic anomaly detection model BAT is proposed. The BAT model combines BLSTM (Bidirectional Long Short-term memory) and attention mechanism. Attention mechanism is used to screen the network flow vector composed of packet vectors generated by the BLSTM model, which can obtain the key features for network traffic classification. In addition, we adopt multiple convolutional layers to capture the local features of traffic data. As multiple convolutional layers are used to process data samples, we refer BAT model as BAT-MC. The softmax classifier is used for network traffic classification. The proposed end-to-end model does not use any feature engineering skills and can automatically learn the key features of the hierarchy. It can well describe the network traffic behavior and improve the ability of anomaly detection effectively. We test our model on a public benchmark dataset, and the experimental results demonstrate our model has better performance than other comparison methods.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2020.2972627</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Anomalies ; Anomaly detection ; attention mechanism ; BLSTM ; Classification ; Communications traffic ; Datasets ; Deep learning ; Feature extraction ; Intrusion detection ; Intrusion detection systems ; Machine learning ; Machine learning algorithms ; Model testing ; Network traffic ; Obsolescence ; Pattern matching ; Traffic engineering ; Traffic models</subject><ispartof>IEEE access, 2020, Vol.8, p.29575-29585</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c474t-e9e6e04de3fe3f1db19a3f8c81eb9ac29d8fd2bf78f9ec2e3308dfeafe3fb7fd3</citedby><cites>FETCH-LOGICAL-c474t-e9e6e04de3fe3f1db19a3f8c81eb9ac29d8fd2bf78f9ec2e3308dfeafe3fb7fd3</cites><orcidid>0000-0003-4546-3917 ; 0000-0003-4021-6466</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8988230$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,864,2102,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Su, Tongtong</creatorcontrib><creatorcontrib>Sun, Huazhi</creatorcontrib><creatorcontrib>Zhu, Jinqi</creatorcontrib><creatorcontrib>Wang, Sheng</creatorcontrib><creatorcontrib>Li, Yabo</creatorcontrib><title>BAT: Deep Learning Methods on Network Intrusion Detection Using NSL-KDD Dataset</title><title>IEEE access</title><addtitle>Access</addtitle><description>Intrusion detection can identify unknown attacks from network traffics and has been an effective means of network security. Nowadays, existing methods for network anomaly detection are usually based on traditional machine learning models, such as KNN, SVM, etc. Although these methods can obtain some outstanding features, they get a relatively low accuracy and rely heavily on manual design of traffic features, which has been obsolete in the age of big data. To solve the problems of low accuracy and feature engineering in intrusion detection, a traffic anomaly detection model BAT is proposed. The BAT model combines BLSTM (Bidirectional Long Short-term memory) and attention mechanism. Attention mechanism is used to screen the network flow vector composed of packet vectors generated by the BLSTM model, which can obtain the key features for network traffic classification. In addition, we adopt multiple convolutional layers to capture the local features of traffic data. As multiple convolutional layers are used to process data samples, we refer BAT model as BAT-MC. The softmax classifier is used for network traffic classification. The proposed end-to-end model does not use any feature engineering skills and can automatically learn the key features of the hierarchy. It can well describe the network traffic behavior and improve the ability of anomaly detection effectively. We test our model on a public benchmark dataset, and the experimental results demonstrate our model has better performance than other comparison methods.</description><subject>Anomalies</subject><subject>Anomaly detection</subject><subject>attention mechanism</subject><subject>BLSTM</subject><subject>Classification</subject><subject>Communications traffic</subject><subject>Datasets</subject><subject>Deep learning</subject><subject>Feature extraction</subject><subject>Intrusion detection</subject><subject>Intrusion detection systems</subject><subject>Machine learning</subject><subject>Machine learning algorithms</subject><subject>Model testing</subject><subject>Network traffic</subject><subject>Obsolescence</subject><subject>Pattern matching</subject><subject>Traffic engineering</subject><subject>Traffic models</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUctOwzAQjBBIVIUv4BKJc4ofSWxzKw2PigKHtmfLsdeQUuJiu0L8PQmpEKuVdjWamV1pkuQCownGSFxNZ7Pb5XJCEEETIhgpCTtKRgSXIqMFLY__7afJeQgb1BXvoIKNkpeb6eo6rQB26QKUb5v2NX2C-OZMSF2bPkP8cv49nbfR70PTIRVE0LHf1qEnPy8X2WNVpZWKKkA8S06s2gY4P8xxsr67Xc0essXL_Xw2XWQ6Z3nMQEAJKDdAbdfY1FgoarnmGGqhNBGGW0Nqy7gVoAlQirixoHp2zayh42Q--BqnNnLnmw_lv6VTjfwFnH-VysdGb0GqAotS5xRpi3NtGNeACygpLyirc8Q7r8vBa-fd5x5ClBu39233viR5kTOKeVF0LDqwtHcheLB_VzGSfRByCEL2QchDEJ3qYlA1APCn4IJzQhH9AVXQg8c</recordid><startdate>2020</startdate><enddate>2020</enddate><creator>Su, Tongtong</creator><creator>Sun, Huazhi</creator><creator>Zhu, Jinqi</creator><creator>Wang, Sheng</creator><creator>Li, Yabo</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0003-4546-3917</orcidid><orcidid>https://orcid.org/0000-0003-4021-6466</orcidid></search><sort><creationdate>2020</creationdate><title>BAT: Deep Learning Methods on Network Intrusion Detection Using NSL-KDD Dataset</title><author>Su, Tongtong ; Sun, Huazhi ; Zhu, Jinqi ; Wang, Sheng ; Li, Yabo</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c474t-e9e6e04de3fe3f1db19a3f8c81eb9ac29d8fd2bf78f9ec2e3308dfeafe3fb7fd3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Anomalies</topic><topic>Anomaly detection</topic><topic>attention mechanism</topic><topic>BLSTM</topic><topic>Classification</topic><topic>Communications traffic</topic><topic>Datasets</topic><topic>Deep learning</topic><topic>Feature extraction</topic><topic>Intrusion detection</topic><topic>Intrusion detection systems</topic><topic>Machine learning</topic><topic>Machine learning algorithms</topic><topic>Model testing</topic><topic>Network traffic</topic><topic>Obsolescence</topic><topic>Pattern matching</topic><topic>Traffic engineering</topic><topic>Traffic models</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Su, Tongtong</creatorcontrib><creatorcontrib>Sun, Huazhi</creatorcontrib><creatorcontrib>Zhu, Jinqi</creatorcontrib><creatorcontrib>Wang, Sheng</creatorcontrib><creatorcontrib>Li, Yabo</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Su, Tongtong</au><au>Sun, Huazhi</au><au>Zhu, Jinqi</au><au>Wang, Sheng</au><au>Li, Yabo</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>BAT: Deep Learning Methods on Network Intrusion Detection Using NSL-KDD Dataset</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2020</date><risdate>2020</risdate><volume>8</volume><spage>29575</spage><epage>29585</epage><pages>29575-29585</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Intrusion detection can identify unknown attacks from network traffics and has been an effective means of network security. Nowadays, existing methods for network anomaly detection are usually based on traditional machine learning models, such as KNN, SVM, etc. Although these methods can obtain some outstanding features, they get a relatively low accuracy and rely heavily on manual design of traffic features, which has been obsolete in the age of big data. To solve the problems of low accuracy and feature engineering in intrusion detection, a traffic anomaly detection model BAT is proposed. The BAT model combines BLSTM (Bidirectional Long Short-term memory) and attention mechanism. Attention mechanism is used to screen the network flow vector composed of packet vectors generated by the BLSTM model, which can obtain the key features for network traffic classification. In addition, we adopt multiple convolutional layers to capture the local features of traffic data. As multiple convolutional layers are used to process data samples, we refer BAT model as BAT-MC. The softmax classifier is used for network traffic classification. The proposed end-to-end model does not use any feature engineering skills and can automatically learn the key features of the hierarchy. It can well describe the network traffic behavior and improve the ability of anomaly detection effectively. We test our model on a public benchmark dataset, and the experimental results demonstrate our model has better performance than other comparison methods.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2020.2972627</doi><tpages>11</tpages><orcidid>https://orcid.org/0000-0003-4546-3917</orcidid><orcidid>https://orcid.org/0000-0003-4021-6466</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2020, Vol.8, p.29575-29585
issn	2169-3536 2169-3536
language	eng
recordid	cdi_proquest_journals_2454731855
source	IEEE Open Access Journals; DOAJ Directory of Open Access Journals; EZB-FREE-00999 freely available EZB journals
subjects	Anomalies Anomaly detection attention mechanism BLSTM Classification Communications traffic Datasets Deep learning Feature extraction Intrusion detection Intrusion detection systems Machine learning Machine learning algorithms Model testing Network traffic Obsolescence Pattern matching Traffic engineering Traffic models
title	BAT: Deep Learning Methods on Network Intrusion Detection Using NSL-KDD Dataset
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T23%3A29%3A43IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=BAT:%20Deep%20Learning%20Methods%20on%20Network%20Intrusion%20Detection%20Using%20NSL-KDD%20Dataset&rft.jtitle=IEEE%20access&rft.au=Su,%20Tongtong&rft.date=2020&rft.volume=8&rft.spage=29575&rft.epage=29585&rft.pages=29575-29585&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2020.2972627&rft_dat=%3Cproquest_cross%3E2454731855%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2454731855&rft_id=info:pmid/&rft_ieee_id=8988230&rft_doaj_id=oai_doaj_org_article_a5196c430cf14cd78ce15e638537b408&rfr_iscdi=true