Article Preview
Top1. Introduction
The world is moving towards digitization and involving more and more automated intelligent machines for simple to highly complex and crucial tasks. It gives rise to malicious intentions to get the financial and other benefits. As a result, the global infrastructure is highly exposed to several cyber threats. Several laws are proposed to penalize the malevolent and to provide protection against those threats. But the law alone is not sufficient to ensure security in critical infrastructures. The current trend of cyber-attacks (Embroker, n.d.) against various global infrastructure sectors requires highly robust and dynamic solutions and laws. It provides a protective wall for intruders or attackers. The main challenge in this field is to handle the vast amount of traffic data generated from the cyber platforms to design security frameworks for cyber-attack detection. Machine learning (ML) and deep learning (DL) are two popular approaches applied to handle high volumes of network traffic data. It assists in designing an intelligent framework that can be either static or dynamic. This framework can dynamically adapt to the future trend of attacks with proper implementation. The deep learning steps consider unorganized raw data by exempting the data preprocessing and feature engineering compared to traditional machine learning techniques.
An intrusion detection system (IDS) is one of the techniques used to defend against known and unknown cyber-attacks. It can be defined as a method or tool that passively monitors the copy of real-time traffic to detect any intrusive or malicious traffic in the network. Most of the work related to the IDS are broadly categorized as a) Signature-based, b) Anomaly-based and c) Hybrid approach. The first category solely tries to extract attack patterns to find any intrusive traffic. At the same time, the anomaly-based approach involves finding the deviation of incoming traffics from the normal traffic profile on which the approach is trained. Most of the existing works on IDS (Rawat et al., n.d.) apply traditional machine learning approaches. Further, this category can be subcategorized into Network-based or Host-based IDS.
Motivation: Tree-based algorithms have the advantage of generating human-readable decisions, which assist security experts in detecting malicious traffic. Most tree-based algorithms apply traditional feature selection methods for feature extraction, which is difficult in real-time traffic scenarios due to high traffic volume. The deep learning approach has an advantage over other traditional machine learning techniques that do not need to separate feature selection and extraction techniques. This approach also boosts better learning parameters that best fit the training data to improve the classification performance.
This motivates authors of this paper proposes a hybrid approach that combines deep autoencoder and ML classifiers for attack detection and evaluation. Autoencoder (AE) acts as a feature optimization tool in contrast to the traditional methods. The performance of the autoencoder is evaluated for a different number of neurons in the bottleneck layer. The best feature vector for which reconstruction error of AE is lowest applied on several ML classification and regression models (Decision tree, Random Forest, XGBoost, Logistic Regression and SVM) on three different datasets such as NSL-KDD (Tavallaee et al., 2009), UNSW-NB15(Moustafa & Slay, 2015) and BoT-IoT (Koroniotis et al., 2019) in a sequential fashion. The accuracy of the proposed framework for NSL-KDD is 77.85%, UNSW-NB15 is 80.89% and Bot-IoT is 99.98%. The result analysis shows a promising performance of the proposed work on each model where AE is applied as a feature optimization tool.
The contribution of the paper is summarized below:
•Deal with class imbalance problems using SMOTE technique.
•Proposed autoencoder (AE) as feature selection technique in contrast to the traditional methods like filter, wrapper, etc.
•Different traditional datasets (NSL-KDD, UNSW-NB15 and Bot-IoT) are used to visualize the effectiveness of AE as feature selection.
•Design an IDS applying several ML classifications and regression models (Decision tree, Random Forest, XGBoost, Logistic Regression and SVM). These models use the learned code of the bottleneck layer of AE, which is trained and tested against every aforesaid traditional dataset.