A hybrid intrusion detection system with K-means and CNN+LSTM

Haifeng Lv; Yong Ding

doi:10.4108/eetsis.5667

Authors

Haifeng Lv Wuzhou University
Yong Ding Guilin University of Electronic Technology

DOI:

https://doi.org/10.4108/eetsis.5667

Keywords:

Intrusion detection systems, anomaly detection, NSL-KDD, K-means, CNN, LSTM

Abstract

Intrusion detection system (IDS) plays an important role as it provides an efficient mechanism to prevent or mitigate cyberattacks. With the recent advancement of artificial intelligence (AI), there have been many deep learning methods for intrusion anomaly detection to improve network security. In this research, we present a novel hybrid framework called KCLSTM, combining the K-means clustering algorithm with convolutional neural network (CNN) and long short-term memory (LSTM) architecture for the binary classification of intrusion detection systems. Extensive experiments are conducted to evaluate the performance of the proposed model on the well-known NSL-KDD dataset in terms of accuracy, precision, recall, F1-score, detection rate (DR), and false alarm rate (FAR). The results are compared with traditional machine learning approaches and deep learning methods. The proposed model demonstrates superior performance in terms of accuracy, DR, and F1-score, showcasing its effectiveness in identifying network intrusions accurately while minimizing false positives.

References

Gauthama Raman M R, Somu N, Jagarapu S, et al. An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm[J]. Artificial Intelligence Review, 2020, 53: 3255-3286.

Zhang J, Ling Y, Fu X, et al. Model of the intrusion detection system based on the integration of spatial-temporal features[J]. Computers & Security, 2020, 89: 101681.

Manzoor I, Kumar N. A feature reduced intrusion detection system using ANN classifier[J]. Expert Systems with Applications, 2017, 88: 249-257.

Wang W, Liu J, Pitsilis G, et al. Abstracting massive data for lightweight intrusion detection in computer networks[J]. Information Sciences, 2018, 433: 417-430.

Marin G A. Network security basics[J]. IEEE security & privacy, 2005, 3(6): 68-72.

Jabez J, Muthukumar B. Intrusion Detection System (IDS): Anomaly detection using outlier detection approach[J]. Procedia Computer Science, 2015, 48: 338-346.

Depren O, Topallar M, Anarim E, et al. An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks[J]. Expert systems with Applications, 2005, 29(4): 713-722.

Gyanchandani M, Rana J L, Yadav R N. Taxonomy of anomaly based intrusion detection system: a review[J]. International Journal of Scientific and Research Publications, 2012, 2(12): 1-13.

Jyothsna V, Prasad R, Prasad K M. A review of anomaly based intrusion detection systems[J]. International Journal of Computer Applications, 2011, 28(7): 26-35.

Wagh S K, Pachghare V K, Kolhe S R. Survey on intrusion detection system using machine learning techniques[J]. International Journal of Computer Applications, 2013, 78(16): 30-37.

Liao H J, Lin C H R, Lin Y C, et al. Intrusion detection system: A comprehensive review[J]. Journal of Network and Computer Applications, 2013, 36(1): 16-24.

Avci İ, Özarpa C. Machine learning applications and security analysis in smart cities[M]//Machine Learning for Smart Environments/Cities: An IoT Approach. Cham: Springer International Publishing, 2022: 183-197.

Zhang P, Wang C, Jiang C, et al. Deep reinforcement learning assisted federated learning algorithm for data management of IIoT[J]. IEEE Transactions on Industrial Informatics, 2021, 17(12): 8475-8484.

Vallathan G, John A, Thirumalai C, et al. Suspicious activity detection using deep learning in secure assisted living IoT environments[J]. The Journal of Supercomputing, 2021, 77: 3242-3260.

Serinelli B M, Collen A, Nijdam N A. Training guidance with kdd cup 1999 and nsl-kdd data sets of anidinr: Anomaly-based network intrusion detection system[J]. Procedia Computer Science, 2020, 175: 560-565.

Tavallaee M, Bagheri E, Lu W, et al. A detailed analysis of the KDD CUP 99 data set[C]//2009 IEEE symposium on computational intelligence for security and defense applications. Ieee, 2009: 1-6.

Zhou Y, Cheng G, Jiang S, et al. Building an efficient intrusion detection system based on feature selection and ensemble classifier[J]. Computer networks, 2020, 174: 107247.

Al-Hawawreh M, Sitnikova E, Aboutorab N. Asynchronous peer-to-peer federated capability-based targeted ransomware detection model for industrial IoT[J]. IEEE Access, 2021, 9: 148738-148755.

Kasongo S M. An advanced intrusion detection system for IIoT based on GA and tree based algorithms[J]. IEEE Access, 2021, 9: 113199-113212.

Liu J, Yang D, Lian M, et al. Research on intrusion detection based on particle swarm optimization in IoT[J]. IEEE Access, 2021, 9: 38254-38268.

Zhou X, Hu Y, Liang W, et al. Variational LSTM enhanced anomaly detection for industrial big data[J]. IEEE Transactions on Industrial Informatics, 2020, 17(5): 3469-3477.

Gao J, Chai S, Zhang B, et al. Research on network intrusion detection based on incremental extreme learning machine and adaptive principal component analysis[J]. Energies, 2019, 12(7): 1223.

Vinayakumar R, Alazab M, Soman K P, et al. Deep learning approach for intelligent intrusion detection system[J]. Ieee Access, 2019, 7: 41525-41550.

Mushtaq E, Zameer A, Umer M, et al. A two-stage intrusion detection system with auto-encoder and LSTMs[J]. Applied Soft Computing, 2022, 121: 108768.

Liu C, Gu Z, Wang J. A hybrid intrusion detection system based on scalable K-Means+ random forest and deep learning[J]. IEEE Access, 2021, 9: 75729-75740.

Xu W, Jang-Jaccard J, Singh A, et al. Improving performance of autoencoder-based network anomaly detection on nsl-kdd dataset[J]. IEEE Access, 2021, 9: 140136-140146.

Vinayakumar R, Alazab M, Soman K P, et al. Deep learning approach for intelligent intrusion detection system[J]. Ieee Access, 2019, 7: 41525-41550.

Patil D R, Pattewar T M. Majority voting and feature selection based network intrusion detection system[J]. EAI Endorsed Transactions on Scalable Information Systems, 2022, 9(6).

Venkateswaran N, Prabaharan S P. An efficient neuro deep learning intrusion detection system for mobile adhoc networks[J]. EAI Endorsed Transactions on Scalable Information Systems, 2022, 9(6).

Singh R, Subramani S, Du J, et al. Antisocial Behavior Identification from Twitter Feeds Using Traditional Machine Learning Algorithms and Deep Learning[J]. EAI Endorsed Transactions on Scalable Information Systems, 2023, 10(4).

You M, Ge Y F, Wang K, et al. TLEF: Two-Layer Evolutionary Framework for t-Closeness Anonymization[C]//International Conference on Web Information Systems Engineering. Singapore: Springer Nature Singapore, 2023: 235-244.

Yin J, Chen G, Hong W, et al. Empowering Vulnerability Prioritization: A Heterogeneous Graph-Driven Framework for Exploitability Prediction[C]//International Conference on Web Information Systems Engineering. Singapore: Springer Nature Singapore, 2023: 289-299.

Ge Y F, Wang H, Bertino E, et al. Evolutionary dynamic database partitioning optimization for privacy and utility[J]. IEEE Transactions on Dependable and Secure Computing, 2023.

Ge Y F, Bertino E, Wang H, et al. Distributed cooperative coevolution of data publishing privacy and transparency[J]. ACM Transactions on Knowledge Discovery from Data, 2023, 18(1): 1-23.

Papalkar R R, Alvi A S. A Hybrid CNN Approach for Unknown Attack Detection in Edge-Based IoT Networks[J]. EAI Endorsed Transactions on Scalable Information Systems, 2024.

Papalkar R R, Alvi A S. Analysis of defense techniques for DDos attacks in IoT–A review[J]. ECS Transactions, 2022, 107(1): 3061.

Papalkar R R, Alvi A S, Ali S, et al. An optimized feature selection guided light-weight machine learning models for DDoS attacks detection in cloud computing[M]//Artificial Intelligence, Blockchain, Computing and Security Volume 1. CRC Press, 2023: 975-982.

Papalkar R R, Alvi A S. Review of unknown attack detection with deep learning techniques[M]//Artificial Intelligence, Blockchain, Computing and Security Volume 1. CRC Press, 2023: 989-997.

Hamadouche S, Boudraa O, Gasmi M. Combining Lexical, Host, and Content-based features for Phishing Websites detection using Machine Learning Models[J]. EAI Endorsed Transactions on Scalable Information Systems, 2024.

Hartigan J A, Wong M A. Algorithm AS 136: A k-means clustering algorithm[J]. Journal of the royal statistical society. series c (applied statistics), 1979, 28(1): 100-108.

Gu J, Wang Z, Kuen J, et al. Recent advances in convolutional neural networks[J]. Pattern recognition, 2018, 77: 354-377.

Chae H, Choi S H. Feature selection for efficient intrusion detection using attribute ratio[J]. Int. J. Comput. Commun, 2014, 8: 134-139.

Shaukat K, Luo S, Varadharajan V, et al. Performance comparison and current challenges of using machine learning techniques in cybersecurity[J]. Energies, 2020, 13(10): 2509.

Ashfaq R A R, Wang X Z, Huang J Z, et al. Fuzziness based semi-supervised learning approach for intrusion detection system[J]. Information sciences, 2017, 378: 484-497.

Pham N T, Foo E, Suriadi S, et al. Improving performance of intrusion detection system using ensemble methods and feature selection[C]//Proceedings of the Australasian computer science week multiconference. 2018: 1-6.

Gao Y, Liu Y, Jin Y, et al. A novel semi-supervised learning approach for network intrusion detection on cloud-based robotic system[J]. IEEE Access, 2018, 6: 50927-50938.

Tama B A, Comuzzi M, Rhee K H. TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system[J]. IEEE access, 2019, 7: 94497-94507.

Yin C, Zhu Y, Fei J, et al. A deep learning approach for intrusion detection using recurrent neural networks[J]. Ieee Access, 2017, 5: 21954-21961.

Qureshi A S, Khan A, Shamim N, et al. Intrusion detection using deep sparse auto-encoder and self-taught learning[J]. Neural Computing and Applications, 2020, 32(8): 3135-3147.

Su T, Sun H, Zhu J, et al. BAT: Deep learning methods on network intrusion detection using NSL-KDD dataset[J]. IEEE Access, 2020, 8: 29575-29585.