ارائه یک روش ترکیبی شبکه های عصبی عمیق جهت جلوگیری از نفوذ در شبکه های کامپیوتری
محورهای موضوعی : پردازش چند رسانه ای، سیستمهای ارتباطی، سیستمهای هوشمند
محسن رکن الدینی
1
,
عرفانه نوروزی
2
1 - گروه مهندسی کامپیوتر، واحدقشم، دانشگاه آزاد اسلامی،قشم،ایران
2 - گروه مهندسی کامپیوتر، واحد سپیدان، دانشگاه آزاد اسلامی،فارس،ایران
کلید واژه: یادگیری عمیق, شبکه عصبی, انتخاب ویژگی, سیستم تشخیص نفوذ,
چکیده مقاله :
چکیده: در این پژوهش به بررسی و ارائه یک روش ترکیبی شبکههای عصبی عمیق جهت جلوگیری از نفوذ در شبکههای کامپیوتری پرداخته میشود. هدف اصلی این پژوهش، افزایش کارایی سیستم تشخیص نفوذ است. برای دستیابی به این هدف، یک روش ترکیبی از یادگیری عمیق و شبکه عصبی مصنوعی ارائه شده است. این روش با استفاده از شبکههای عصبی عمیق، ویژگیهای پیچیدهتر را تشخیص داده و عملکرد مدل را بهبود میبخشد. با استفاده از روشهای ترکیبی شامل ترکیب معماری شبکههای عصبی، ویژگیها، خروجیها و ترکیب نتایج از شبکههای عصبی مختلف، تنوع و قدرت تشخیصی مدل افزایش مییابد و درستی و عملکرد آن بهبود مییابد. نتایج شبیهسازیها نشان میدهد که روشهای شبکههای عصبی عمیق مانند MLP، CNN، LSTM و GRU نتایج خوبی نسبت به دیگر روشهای تکلایهای یادگیری ماشین دارند. در این پژوهش دو روش ترکیبی شبکه عصبی عمیق CNN-GRU و CNN-LSTM معرفی شدند که بهمنظور تحلیل و ارزیابی کلی بر روی مجموعهداده KDD CUP'99 آزمایش شد. دو رویکرد ترکیبی، صحت بالا و خطای دستهبندی کمتری نسبت به دیگر روشهای معرفی شده، دارند؛ بنابراین، میتوان نتیجه گرفت که در مجموعهداده KDD CUP'99 روش ترکیبی CNN-LSTM عملکرد مناسبی دارد.
Introduction: Nowadays, computer networks have significant impacts on our daily lives, leading to cybersecurity becoming a crucial area of research. Cybersecurity techniques mainly encompass antivirus software, firewalls, and intrusion detection systems. Intrusion detection system is one of the fundamental security tools in the field of computer networks and systems. The primary goal of an intrusion detection system is to identify and alert about any unauthorized activities, threats, or attacks on a system or network. By analyzing the flow of data and network/system events, the intrusion detection system attempts to identify patterns and indicators related to various attacks and intrusions. Intrusion detection systems can operate based on rules or learning. In the rule-based approach, algorithms and rules created by security experts and analysts are used to detect patterns and identify attacks. However, in the machine learning approach, machine learning algorithms and deep neural networks are employed to extract patterns and features related to attacks from real data.
Method: This study focuses on the examination and presentation of a combined approach using deep neural networks to prevent intrusions in computer networks. The primary objective of this research is to enhance the efficiency of intrusion detection systems. To achieve this goal, a combined approach of deep learning and artificial neural networks is proposed. This approach utilizes deep neural networks to detect more complex features and improves the model's performance.
Results: Simulation results demonstrate that deep neural network methods such as MLP, CNN, LSTM, and GRU yield favorable outcomes compared to other single-layer machine learning techniques. In this study, two combined methods, CNN-GRU and CNN-LSTM, were introduced and tested on the KDD CUP'99 dataset for comprehensive analysis and evaluation. Both combined approaches exhibit high accuracy and lower classification errors compared to other introduced methods. Therefore, it can be concluded that the CNN-LSTM combined approach performs well on the KDD CUP'99 dataset.
Discussion: Based on the achieved results, the combined CNN-LSTM and CNN-GRU methods offer very good performance with accuracies of 99.95% and 99.92%, respectively, on the KDD CUP'99 dataset. Among these methods, minor differences in the performance of some parameters for classes may exist, yet both approaches remain acceptable. Hence, it can be concluded that the combined CNN-LSTM approach performs well on the KDD CUP'99 dataset.
[1] Anderson, J. P. (1980). Computer security threat monitoring and surveillance. Technical Report, James P. Anderson Company.
[2] Ashoor, A. S., & Gore, S. (2011). Importance of intrusion detection system (IDS). International Journal of Scientific and Engineering Research, 2(1), 1-4.
[3] Michie, D., Spiegelhalter, D. J., Taylor, C. C., & Campbell, J. (Eds.). (1995). Machine learning, neural and statistical classification. Ellis Horwood.
[4] Depren, O., Topallar, M., Anarim, E., & Ciliz, M. K. (2005). An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert systems with Applications, 29(4), 713-722.
[5] Kasongo, S. M., & Sun, Y. (2020). A deep long short-term memory based classifier for wireless intrusion detection system. ICT Express, 6(2), 98-103.
[6] Yang, H., & Wang, F. (2019). Wireless network intrusion detection based on improved convolutional neural network. Ieee Access, 7, 64366-64374.
[7] Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access, 5, 21954-21961.
[8] Kim, A., Park, M., & Lee, D. H. (2020). AI-IDS: Application of deep learning to real-time Web intrusion detection. IEEE Access, 8, 70245-70261.
[9] Hao, Y., Sheng, Y., & Wang, J. (2019). Variant gated recurrent units with encoders to preprocess packets for payload-aware intrusion detection. IEEE Access, 7, 49985-49998.
[10] Yang, Y., Zheng, K., Wu, C., & Yang, Y. (2019). Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network. Sensors, 19(11), 2528.
[11] Wu, K., Chen, Z., & Li, W. (2018). A novel intrusion detection model for a massive network using convolutional neural networks. Ieee Access, 6, 50850-50859.
[12] Wang, H., Cao, Z., & Hong, B. (2020). A network intrusion detection system based on convolutional neural network. Journal of Intelligent & Fuzzy Systems, 38(6), 7623-7637.
[13] Bui, N. T., Jung, J. H., & Kim, S. (2022). DeepLearningIDS: A deep learning-based intrusion detection system for software-defined networks.
[14] Stolfo, S. J., Fan, W., Lee, W., Prodromidis, A., & Chan, P. K. (2000). Cost-based Modeling and Evaluation for Data Mining with Application to Fraud and Intrusion Detection: Results from the JAM Project. Data Mining and Knowledge Discovery, 4(3), 225-243.
[15] Nazarpour, M., Nezafati, N., & Shokouhyar, S. (2023). Using the Modified Colonial Competition Algorithm to Increase the Speed and Accuracy of the Intelligent Intrusion Detection System.Intelligent Multimedia Processing and Communication Systems (IMPCS), 4(1) ,1-10.
[16] Ghaffari, A., & Hossinnezhad, R. (2022).Intrusions detection system in the cloud computing using heterogeneity detection technique.Intelligent Multimedia Processing and Communication Systems (IMPCS),3(1),37-46.
