Multi-phase optimized intrusion detection system based on deep learning algorithms for computer networks

Abstract

Computer networks have revolutionized the entire workspace in recent times, so their potentials and contributions cannot be underestimated. As a result of the immense advantages of computer networks, many organizations and companies depend on them for everyday activities that range fromsearching for resources to disseminating information. The large dependency on Internet services has faced the challenge of privacy and security. This is due to the fact that individuals with malicious intent devise some strategies to exploit the networks and nodes to steal information thereby causing damage. To this end, several techniques and technologies such as firewalls are being used to deter cyber-attacks fromoccurring. One challenge with this approach is the issue of False Positives where real information is identified as threats. One way to solve this is the use of an IntrusionDetection System (IDS) that monitors and inspects network activities to detect threats. IDS developed usingMachine Learning (ML) and Deep Learning (DL) algorithms have shown prevalence over knowledge-based IDS. In this work, we leverage the capabilities of ML and DL to develop IDS for computer networks. Specifically, two IDS models are developed based on Tabular data and Image data. First, we preprocess the data into a compatible format and handle the imbalance with Synthetic Minority Oversampling Technique (SMOTE). On the tabular data, we use One-Dimensional Convolution Neural Network (1D-CNN) and some ML classifiers while Transfer Learning (TL) is used on the image data. Image data are generated by transforming the sampled dataset into a 64x64x3 RGB image. These images are fed into the CNN, which has an excellent performance in extracting features fromimages used in the learning process. This ability of CNN to automatically extract relevant features from network traffic is used to classify the traffic into different categories. Five different pre-trained models based on CNN: Visual Geometry Group (VGG16 and VGG19), InceptionV3 (IV3),MobileNetV3Small (MNV3S), and EfficientNetV2B0 (ENV2B0) are used to develop the IDS based on images generated from the datasets and in the end, we develop an optimized Ensemble Lightweight Transfer Learning IDS (ELETL-IDS) capable of detecting and classifying network traffic into its attack type such DDoS, DoS, Bot, Brute force, Infiltration, PortScan, Heartbleed and Web Attacks. On evaluation, the models show high performance with 1D-CNN reaching a weighted average accuracy of 99.11% and ELETL-IDS has 100% accuracy in classifying each of the classes. We performmodel quantization to reduce the model size to about 77% (about 4x smaller than the original model size) with a drop of 1.1% in accuracy, making the IDS models highly efficient and suitable in different application domains.