Incident Detection with Pruned Residual Multilayer Perceptron Networks
Mohamad Soubra, Marek Kisiel-Dorohinicki, Marcin Kurdziel, Marek Zachara
DOI: http://dx.doi.org/10.15439/2023F6021
Citation: Proceedings of the 18th Conference on Computer Science and Intelligence Systems, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 35, pages 1143–1148 (2023)
Abstract. Internet of things (IoT) has opened new horizons in connecting all sorts of devices to the internet. However, continuous demand for connectivity increases the cybersecurity risks, rendering IoT devices more prone to cyberattacks. At the same time, rapid advances in Deep Learning (DL)-based algorithms provide state-of-the-art results in many classification tasks, including classification of network traffic or system logs. That said, deep learning algorithms are considered computationally expensive as they require substantial processing and storage capacity. Sadly, IoT devices have limited resources, making renowned DL models hard to implement in this environment. In this paper we present a Residual Neural Network inspired DL-based Intrusion Detection System (IDS) that incorporates weight pruning to make the model more compact in size and resource consumption. Additionally, the proposed system leverages feature selection algorithms to reduce the feature-space size. The model was trained on the NSL-KDD dataset benchmark. Experimental results show that the proposed system is effective, being able to classify network traffic with an F1 score of up to 98.9\% before the pruning and an F1 score of up to 97.5\% after pruning 90\% of network weights.
References
- P. P. Gaikwad, J. P. Gabhane, and S. S. Golait, “A survey based on smart homes system using internet-of-things,” in 2015 International Conference on Computation of Power, Energy, Information and Communication (ICCPEIC). IEEE, 2015, pp. 0330–0335.
- D. Kuipers and M. Fabro, “Control systems cyber security: Defense in depth strategies,” Idaho National Lab.(INL), Idaho Falls, ID (United States), Tech. Rep., 2006.
- Y. Lin, C. Wang, C. Ma, Z. Dou, and X. Ma, “A new combination method for multisensor conflict information,” J. Supercomputing, vol. 72, no. 7, pp. 2874–2890, 2016.
- H. Liao, C. R. Lin, Y. Lin, and K. Tung, “Intrusion detection system: A comprehensive review,” Journal of Network Computing Applications, vol. 36, no. 1, pp. 16–24, 2013.
- W. Liu, Z. Wang, X. Liu, N. Zeng, Y. Liu, and F. E. Alsaadi, “A survey of deep neural network architectures and their applications,” Neurocomputing, vol. 234, pp. 11–26, 2017.
- O. I. Abiodun, A. Jantan, A. E. Omolara, K. V. Dada, N. A. Mohamed, and H. Arshad, “State-of-the-art in artificial neural network applications: A survey,” Heliyon, vol. 4, no. 11, p. e00938, 2018.
- G. Apruzzese, M. Colajanni, L. Ferretti, A. Guido, and M. Marchetti, “On the effectiveness of machine and deep learning for cyber security,” in 10th International Conference on Cyber Conflict, CyCon 2018, Tallinn, Estonia, May 29 - June 1, T. Minárik, R. Jakschis, and L. Lindström, Eds. IEEE, 2018, pp. 371–390.
- S. H. Khan, H. Rahmani, S. A. A. Shah, and M. Bennamoun, A Guide to Convolutional Neural Networks for Computer Vision, ser. Synthesis Lectures on Computer Vision. Morgan & Claypool Publishers, 2018.
- Y. Xiao, C. Xing, T. Zhang, and Z. Zhao, “An intrusion detection model based on feature reduction and convolutional neural networks,” IEEE Access, vol. 7, pp. 42 210–42 219, 2019.
- W. Wang, M. Zhu, X. Zeng, X. Ye, and Y. Sheng, “Malware traffic classification using convolutional neural network for representation learning,” in 2017 International Conference on Information Networking, ICOIN 2017, Da Nang, Vietnam, January 11-13. IEEE, 2017, pp. 712–717.
- K. Wu, Z. Chen, and W. Li, “A novel intrusion detection model for a massive network using convolutional neural networks,” IEEE Access, vol. 6, pp. 50 850–50 859, 2018.
- K. He, X. Zhang, S. Ren, and J. Sun, “Deep residual learning for image recognition,” in 2016 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2016, Las Vegas, NV, USA, June 27-30. IEEE Computer Society, 2016, pp. 770–778.
- H. H. Pajouh, A. Dehghantanha, R. Khayami, and K. R. Choo, “A deep recurrent neural network based approach for internet of things malware threat hunting,” Future Generation Computing Systems, vol. 85, pp. 88–96, 2018.
- D. P. Kingma and J. Ba, “Adam: A method for stochastic optimization,” in 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7-9, Conference Track Proceedings, Y. Bengio and Y. LeCun, Eds., 2015.
- R. M. S. Priya, P. K. R. Maddikunta, P. M., S. Koppu, T. R. Gadekallu, C. L. Chowdhary, and M. Alazab, “An effective feature engineering for DNN using hybrid PCA-GWO for intrusion detection in iomt architecture,” Computing and Communication, vol. 160, pp. 139–149, 2020.
- S. Mirjalili, S. M. Mirjalili, and A. Lewis, “Grey wolf optimizer,” Advances in engineering software, vol. 69, pp. 46–61, 2014.
- C. D. McDermott, F. Majdani, and A. Petrovski, “Botnet detection in the internet of things using deep learning approaches,” in 2018 International Joint Conference on Neural Networks, IJCNN 2018, Rio de Janeiro, Brazil, July 8-13. IEEE, 2018, pp. 1–8.
- Y. Zhang, P. Li, and X. Wang, “Intrusion detection for iot based on improved genetic algorithm and deep belief network,” IEEE Access, vol. 7, pp. 31 711–31 722, 2019.
- B. A. Tama and K.-H. Rhee, “Attack classification analysis of IoT network via deep learning approach,” Res. Briefs Inf. Commun. Technol. Evol.(ReBICTE), vol. 3, pp. 1–9, 2017.
- N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in 2015 Military Communications and Information Systems Conference, MilCIS 2015, Canberra, Australia, November 10-12. IEEE, 2015, pp. 1–6.
- M. Ring, S. Wunderlich, D. Grüdl, D. Landes, and A. Hotho, “Flow-based benchmark data sets for intrusion detection,” in Proceedings of the 16th European conference on cyber warfare and security. ACPI, 2017, pp. 361–369.
- D. W. Vilela, T. F. Ed’Wilson, A. A. Shinoda, N. V. de Souza Araújo, R. De Oliveira, and V. E. Nascimento, “A dataset for evaluating intrusion detection systems in [ieee] 802.11 wireless networks,” in 2014 IEEE Colombian Conference on Communications and Computing (COLCOM). IEEE, 2014, pp. 1–5.
- J. Kim, “Estimating classification error rate: Repeated cross-validation, repeated hold-out and bootstrap,” Computational Statistics and Data Analysis, vol. 53, no. 11, pp. 3735–3745, 2009.
- M. Al-Hawawreh, N. Moustafa, and E. Sitnikova, “Identification of malicious activities in industrial internet of things based on deep learning models,” Journal of Information Security and Applications, vol. 41, pp. 1–11, 2018.
- S. Latif, Z. Zou, Z. Idrees, and J. Ahmad, “A novel attack detection scheme for the industrial internet of things using a lightweight random neural network,” IEEE Access, vol. 8, pp. 89 337–89 350, 2020.
- M. Pahl and F. Aubet, “Ds2os traffic traces IoT traffic traces gathered in a the ds2os iot environment,” 2018.
- N. Shone, N. N. Tran, V. D. Phai, and Q. Shi, “A deep learning approach to network intrusion detection,” IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 2, no. 1, pp. 41–50, 2018.
- G. Biau and E. Scornet, “A random forest guided tour,” Test, vol. 25, pp. 197–227, 2016.
- E. Min, J. Long, Q. Liu, J. Cui, and W. Chen, “TR-IDS: anomaly-based intrusion detection through text-convolutional neural network and random forest,” Secur. Commun. Networks, pp. 4 943 509:1–4 943 509:9, 2018.
- A. Shiravi, H. Shiravi, M. Tavallaee, and A. A. Ghorbani, “Toward developing a systematic approach to generate benchmark datasets for intrusion detection,” Comput. Secur., vol. 31, no. 3, pp. 357–374, 2012.
- C. Lin, Z. Wang, J. Deng, L. Wang, J. Ren, and G. Wu, “mts: Temporal-and spatial-collaborative charging for wireless rechargeable sensor networks with multiple vehicles,” in 2018 IEEE Conference on Computer Communications, INFOCOM 2018, Honolulu, HI, USA, April 16-19. IEEE, 2018, pp. 99–107.
- A. A. Diro and N. K. Chilamkurti, “Distributed attack detection scheme using deep learning approach for internet of things,” Future Generation Computing Systems, vol. 82, pp. 761–768, 2018.
- A. A. Bukhari, F. K. Hussain, and O. K. Hussain, “Fog node discovery and selection: A systematic literature review,” Future Generation Computing Systems, vol. 135, pp. 114–128, 2022.
- L. Dhanabal and S. Shantharajah, “A study on NSL-KDD dataset for intrusion detection system based on classification algorithms,” International journal of advanced research in computer and communication engineering, vol. 4, no. 6, pp. 446–452, 2015.
- A. A. Diro and N. K. Chilamkurti, “Deep learning: The frontier for distributed attack detection in fog-to-things computing,” IEEE Communincation Magazine, vol. 56, no. 2, pp. 169–175, 2018.
- M. Almiani, A. A. Ghazleh, A. Al-Rahayfeh, S. Atiewi, and A. Razaque, “Deep recurrent neural network for iot intrusion detection system,” Simulation Modelling and Practice Theory, vol. 101, p. 102031, 2020.
- S. M. Kasongo and Y. Sun, “A deep learning method with wrapper based feature extraction for wireless intrusion detection system,” Computer Security, vol. 92, p. 101752, 2020.
- P. Devan and N. Khare, “An efficient xgboost-dnn-based classification model for network intrusion detection system,” Neural Computations and Applications, vol. 32, no. 16, pp. 12 499–12 514, 2020.
- A. Nagisetty and G. P. Gupta, “Framework for detection of malicious activities in iot networks using keras deep learning library,” in 2019 3rd international conference on computing methodologies and communica- tion (ICCMC). IEEE, 2019, pp. 633–637.
- Z. Lv, L. Qiao, J. Li, and H. Song, “Deep-learning-enabled security issues in the internet of things,” IEEE Internet Things J., vol. 8, no. 12, pp. 9531–9538, 2021.
- M. Pal, “Random forest classifier for remote sensing classification,” International journal of remote sensing, vol. 26, no. 1, pp. 217–222, 2005.
- H. G. Kayacik, A. N. Zincir-Heywood, and M. I. Heywood, “Selecting features for intrusion detection: A feature relevance analysis on KDD 99 intrusion detection datasets,” in Proceedings of the third annual conference on privacy, security and trust, vol. 94. Citeseer, 2005, pp. 1723–1722.
- M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009, Ottawa, Canada, July 8-10. IEEE, 2009, pp. 1–6.
- G. Pyatt, “On the interpretation and disaggregation of gini coefficients,” The Economic Journal, vol. 86, no. 342, pp. 243–255, 1976.
- J. Frankle, G. K. Dziugaite, D. M. Roy, and M. Carbin, “Pruning neural networks at initialization: Why are we missing the mark?” in 9th International Conference on Learning Representations, ICLR 2021, Virtual Event, Austria, May 3-7. OpenReview.net, 2021.
- D. W. Blalock, J. J. G. Ortiz, J. Frankle, and J. V. Guttag, “What is the state of neural network pruning?” in Proceedings of Machine Learning and Systems 2020, MLSys 2020, Austin, TX, USA, March 2-4, I. S. Dhillon, D. S. Papailiopoulos, and V. Sze, Eds. mlsys.org, 2020.
- S. Ioffe and C. Szegedy, “Batch normalization: Accelerating deep network training by reducing internal covariate shift,” in Proceedings of the 32nd International Conference on Machine Learning, ICML 2015, Lille, France, 6-11 July, ser. JMLR Workshop and Conference Proceedings, F. R. Bach and D. M. Blei, Eds., vol. 37. JMLR.org, 2015, pp. 448–456.
- K. Fukushima, “Cognitron: A self-organizing multilayered neural network,” Biological cybernetics, vol. 20, no. 3-4, pp. 121–136, 1975.
- I. Sutskever, J. Martens, G. E. Dahl, and G. E. Hinton, “On the importance of initialization and momentum in deep learning,” in Proceedings of the 30th International Conference on Machine Learning, ICML 2013, Atlanta, GA, USA, 16-21 June, ser. JMLR Workshop and Conference Proceedings, vol. 28. JMLR.org, 2013, pp. 1139–1147.
- Y. Ho and S. Wookey, “The real-world-weight cross-entropy loss function: Modeling the costs of mislabeling,” IEEE Access, vol. 8, pp. 4806–4813, 2020.