Variant Gated Recurrent Units With Encoders to Preprocess Packets for Payload-Aware Intrusion Detection

This paper investigates variant-gated recurrent units with encoders to preprocess packets for payload-aware intrusion detection. The variant-gated recurrent units include an encoded gated recurrent unit (E-GRU) and an encoded binarized gated recurrent unit (E-BinGRU). First, the originally collected traffic is split into packets that are segmented into fixed length. Next, the temporal features of the segmented packets with payloads and headers are extracted by the encoders of variant-gated recurrent units. Then, the performance of the intrusion detection system (IDS) is evaluated in terms of accuracy, detection rate, and false alarm rate. It is worth noting that we use the encoder to automatically preprocess network packets to obtain the features that accurately represent the network packets. The variant-gated recurrent units automatically learn network packet payload and header features to effectively improve the detection rate of the IDS. In addition, the E-BinGRU drastically reduces the memory size required and replaces most arithmetic operations with the bit-wise operations. E-GRU and E-BinGRU have never been used before in the network intrusion detection. The experimental results based on ISCX2012 show that the intrusion detection based on the investigated variant-gated recurrent units achieves higher accuracy and detection rates than three of the state-of-the-art methods. The accuracy rates of E-GRU and E-BinGRU are up to 99.9% and 99.7%, respectively, and the detection rates of E-GRU and E-BinGRU are up to 99.9% and 99.8%, respectively. The memory usage of E-GRU is approximately 32 times that of GRU.