Intrusion Detection System Using Convolutional Neuronal Networks: A Cognitive Computing Approach for Anomaly Detection based on Deep Learning

Abstract

Network security is becoming more and more vital in our world as the internet permeates both the industry and our private life. Today, the means of production are networked and controlled by intelligent manufacturing process and the majority of the people are constantly connected to information systems by using mobile phones. Intrusion detection systems (IDS) are software components which detect attacks and malicious attempts to gain access to networks. How to design such systems efficiently is a question of both practical and research interest. We propose and approach based on cognitive computing using deep learning for this purpose. Our method has two main advantages: It is highly efficient and accurate, yet it is simple, builds on existing standard software, and can easily be implemented and enriched with domain knowledge by an expert from computer security with little background in machine learning. Furthermore, with the parallelism and big data support of the platform, our method will also scale well with the size of the dataset available for training. In deep learning, Convolutional neural network (CNNs) have successfully been applied to a variety of classification tasks in various fields. They are also available in easily accessible and scalable standard frameworks such as TensorFlow. In this paper, we present an approach to constructing an IDS based on CNN. Network traffic is presented based on features of TCP/IP connections and the approach is trained based on known attack signatures. We evaluate this approach using the widely available NSLKDD dataset. We are able to achieve the accuracy, precision, recall and $F_{1}$-score of 98.92%, 99.82%, 92.34%, and 96.34%, respectively. Based on its simplicity and these surprisingly good performance results, we can conclude that our approach is highly suitable for constructing IDS.