Deep Feature Extraction in Intrusion Detection System

Abstract

With the development of network technology and the updating of intelligent networking devices, the variety of cyber attacks and the number of users being attacked are increasing. Intrusion Detection Systems (IDS) are commonly used in the field of network security to detect anomalous activity and behavior. Many previous works have achieved high detection accuracy on standard testing data sets by implementing mature Machine Learning (ML) algorithms. Inspired by the network ontology researches,, we propose two Long Short-Term Memory (LSTM) based IDSs with deep feature extraction: multi-class feature extraction IDS and dual-class feature extraction IDS. Through our experiments on the CICIDS2017 data set, we have found that multi-class feature extraction IDS can better identify the types of cyber attacks while the dual-class feature extraction IDS can better recall new attacks. We conclude that when the structure and characteristics of the classifier are limited, a reasonable selection of the feature extraction space can help improve the characteristics of the classifier and better achieve the downstream tasks in the security field.