Deep learning techniques for network intrusion detection

Abstract

With the increasing prevalence of security threats and the exponential growth of network traffic, the need for robust and efficient Intrusion Detection Systems (IDS) has reached a critical point in the field of cybersecurity. Machine Learning (ML) and other anomaly detection techniques play a crucial role in identifying and isolating anomalous elements within network traffic data.

The aim of this work was to leverage transformer networks, a Deep Learning (DL) - based model, to develop a dynamic and efficient IDS capable of identifying and categorising cyberattacks. To assess the effectiveness of this model, extensive experiments were carried out on the widely accessible Canadian Institute for Cybersecurity IDS 2017 (CICIDS2017) dataset, encompassing a diverse array of threats such as Distributed Denial of Service (DDoS), brute force, Cross-Site Scripting (XSS), Structured Query Language (SQL) injection, and Botnet (BoT) activities. The proposed model underwent thorough evaluation and comparison against classical ML algorithms, including Random Forest (RF), Support Vector Machine (SVM) and Vanilla Neural Network (VNN), as well as DL models such as Recurrent Neural Network (RNN), Convolutional Neural Network (CNN), and Long Short-Term Memory (LSTM). The assessment, utilising fundamental performance metrics including accuracy, precision, recall, and f1-score, underscored the effectiveness of the transformer network in detecting network intrusion threats. Specifically focusing on overall benign (non-malicious) and Denial of Service (DoS) GoldenEye binary classification within the CICIDS2017 dataset, the results unveiled impressive metrics: a precision of 99%, recall of 96%, f1-score of 97%, and an accuracy of 98%, achieved within a processing time of 513 seconds.