International Journal of Network Security & Its Applications (IJNSA)
ISSN: 0974 - 9330 (Online); 0975 - 2307 (Print)
A Combination of Temporal Sequence Learning and Data Description for Anomaly - based NIDS
Nguyen Thanh Van1,2, Tran Ngoc Thinh1 and Le Thanh Sach1, 1Ho Chi Minh City University of Technology, VietNam and 2Ho Chi Minh City University of Technology and Education, VietNam
Abstract
Through continuous observation and modelling of normal behavior in networks, Anomaly-based Network Intrusion Detection System (A-NIDS) offers a way to find possible threats via deviation from the normal model. The analysis of network traffic based on time series model has the advantage of exploiting the relationship between packages within network traffic and observing trends of behaviors over a period of time. It will generate new sequences with good features that support anomaly detection in network traffic and provide the ability to detect new attacks. Besides, an anomaly detection technique, which focuses on the normal data and aims to build a description of it, will be an effective technique for anomaly detection in imbalanced data. In this paper, we propose a combination model of Long Short Term Memory (LSTM) architecture for processing time series and a data description Support Vector Data Description (SVDD) for anomaly detection in A-NIDS to obtain the advantages of them. This model helps parameters in LSTM and SVDD are jointly trained with joint optimization method. Our experimental results with KDD99 dataset show that the proposed combined model obtains high performance in intrusion detection, especially DoS and Probe attacks with 98.0% and 99.8%, respectively.
Keywords
Anomaly-based network intrusion detection system, temporal sequence, data description
