Toward an Online Anomaly Intrusion Detection System Based on Deep Learning

In the past twenty years, progress in intrusion detection has been steady but slow. The biggest challenge is to detect new attacks in real time. In this work, a deep learning approach for anomaly detection using a Restricted Boltzmann Machine (RBM) and a deep belief network are implemented. Our method uses a one-hidden layer RBM to perform unsupervised feature reduction. The resultant weights from this RBM are passed to another RBM producing a deep belief network. The pre-trained weights are passed into a fine tuning layer consisting of a Logistic Regression (LR) classifier with multi-class soft-max. We have implemented the deep learning architecture in C++ in Microsoft Visual Studio 2013 and we use the DARPA KDDCUP'99 dataset to evaluate its performance. Our architecture outperforms previous deep learning methods implemented by Li and Salama in both detection speed and accuracy. We achieve a detection rate of 97.9% on the total 10% KDDCUP'99 test dataset. By improving the training process of the simulation, we are also able to produce a low false negative rate of 2.47%. Although the deficiencies in the KDDCUP'99 dataset are well understood, it still presents machine learning approaches for predicting attacks with a reasonable challenge. Our future work will include applying our machine learning strategy to larger and more challenging datasets, which include larger classes of attacks.