...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Future Internet >Comparison of Machine Learning and Deep Learning Models for Network Intrusion Detection Systems
【24h】

Comparison of Machine Learning and Deep Learning Models for Network Intrusion Detection Systems

机译:网络入侵检测系统机器学习与深层学习模型的比较

获取原文
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The development of robust anomaly-based network detection systems, which are preferred over static signal-based network intrusion, is vital for cybersecurity. The development of a flexible and dynamic security system is required to tackle the new attacks. Current intrusion detection systems (IDSs) suffer to attain both the high detection rate and low false alarm rate. To address this issue, in this paper, we propose an IDS using different machine learning (ML) and deep learning (DL) models. This paper presents a comparative analysis of different ML models and DL models on Coburg intrusion detection datasets (CIDDSs). First, we compare different ML- and DL-based models on the CIDDS dataset. Second, we propose an ensemble model that combines the best ML and DL models to achieve high-performance metrics. Finally, we benchmarked our best models with the CIC-IDS2017 dataset and compared them with state-of-the-art models. While the popular IDS datasets like KDD99 and NSL-KDD fail to represent the recent attacks and suffer from network biases, CIDDS, used in this research, encompasses labeled flow-based data in a simulated office environment with both updated attacks and normal usage. Furthermore, both accuracy and interpretability must be considered while implementing AI models. Both ML and DL models achieved an accuracy of 99% on the CIDDS dataset with a high detection rate, low false alarm rate, and relatively low training costs. Feature importance was also studied using the Classification and regression tree (CART) model. Our models performed well in 10-fold cross-validation and independent testing. CART and convolutional neural network (CNN) with embedding achieved slightly better performance on the CIC-IDS2017 dataset compared to previous models. Together, these results suggest that both ML and DL methods are robust and complementary techniques as an effective network intrusion detection system.
机译:基于稳健的基于异常的网络检测系统的开发,这些网络检测系统是基于静态信号的网络侵入,对网络安全至关重要。需要开发灵活和动态的安全系统来解决新攻击。当前入侵检测系统(IDS)受到高检测率和低误报率的影响。要解决此问题,请在本文中,我们建议使用不同机器学习(ML)和深度学习(DL)模型的ID。本文介绍了对Coburg入侵检测数据集(CIDDS)的不同ML模型和DL模型的比较分析。首先,我们在CIDDS数据集上比较基于ML和DL的模型。其次,我们提出了一个合并模型,这些模型结合了最佳ML和DL模型来实现高性能度量。最后,我们将我们的最佳模型与CIC-IDS2017数据集进行基准测试,并将其与最先进的模型进行比较。虽然流行的IDS数据集如KDD99和NSL-KDD,但最近的攻击并遭受网络偏差,但在本研究中使用的CIDD包括在模拟的办公环境中包含标记的基于流的数据,其中包含更新的攻击和正常使用情况。此外,在实现AI模型时必须考虑精度和可解释性。两个ML和DL型号在CIDDS数据集中实现了99%的精度,具有高检测率,低误报率和相对较低的培训成本。还使用分类和回归树(推车)模型来研究特征重要性。我们的模型在10倍交叉验证和独立测试中表现良好。与以前的型号相比,CAST和卷积神经网络(CNN)在CIC-IDS2017数据集中实现了略微更好的性能。这些结果表明,ML和DL方法都是坚固的互补技术,作为有效的网络入侵检测系统。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号