A Simple Recurrent Unit Model Based Intrusion Detection System With DCGAN

Due to the complex and time-varying network environments, traditional methods are difficult to extract accurate features of intrusion behavior from the high-dimensional data samples and process the high-volume of these data efficiently. Even worse, the network intrusion samples are submerged into a large number of normal data packets, which leads to insufficient samples for model training; therefore it is accompanied by high false detection rates. To address the challenge of unbalanced positive and negative learning samples, we propose using deep convolutional generative adversarial networks (DCGAN), which allows features to be extracted directly from the rawdata, and then generates new training-sets by learning from the rawdata. Given the fact that the attack samples are usually intra-dependent time sequence data, we apply long short-term memory (LSTM) to automatically learn the features of network intrusion behaviors. However, it is hard to parallelize the learning/training of the LSTM network, since the LSTM algorithm depends on the result of the previous moment. To remove such dependency and enable intrusion detection in real time, we propose a simple recurrent unit based (SRU)-based model. The proposed model was verified by extensive experiments on the benchmark datasets KDD'99 and NSL-KDD, which effectively identifies normal and abnormal network activities. It achieves 99.73% accuracy on the KDD'99 dataset and 99.62% on the NSL-KDD dataset.