Abstract
With the rapid explosion of Internet traffic volume and the continuous evolution of cyber-attack technology, existing network intrusion detection mechanisms are confronted with growing threats of more sophisticated attack traffic. Continuous recognition and modeling of new attack patterns on-the-fly are desired with human-aided automated learning. Numerous learning-based intrusion detection methods have been put forward in recent years, but the traditional data-training-testing-iterating based machine learning procedure really lacks involvement of human intelligence and instant feedbacks when being applied in the ambiguous and volatile network intrusion traffic. This paper proposes a novel approach for learning-based intrusion detection based on interactive reinforcement learning with human experience and interaction in the loop. We first transform the process of intrusion detection into a general Markov Decision Process. Then the interactive human input as manually labeling the observed network traffic occasionally is introduced into the modeling interactions to accelerate the model convergence. We customize a hybrid structure of the Q-network for such interactive network intrusion detection with Long Short-Term Memory incorporated into deep reinforcement learning. Experimental results on the NSL-KDD dataset show that the proposed modeling and detection solution achieves significantly higher precision and recall rates compared with previous learning-based detection mechanisms, with continuous model optimization by human intelligent interactions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Roesch, M.: Snort: lightweight intrusion detection for networks. In: Large Installation System Administration Conference (LISA), vol. 99, no. 1, pp. 229–238 (1999)
Kalnoor, G., Agarkhed, J.: Pattern matching intrusion detection technique for Wireless sensor networks. In: 2016 2nd International Conference on Advances in Electrical, Electronics, Information, Communication and Bio-Informatics (AEEICB), pp. 724–728. IEEE (2016)
Lee, C.L., Yang, T.H.: A flexible pattern-matching algorithm for network intrusion detection systems using multi-core processors. Algorithms 10(2), 58 (2017)
Le Dang, N., Le, D.N., Le, V.T.: A new multiple-pattern matching algorithm for the network intrusion detection system. Int. J. Eng. Technol. Sci. 8(2), 94–100 (2012)
Pajouh, H.H., Dastghaibyfard, G.H., Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)
Flanagan, K., Fallon, E., Connolly, P., et al.: Network anomaly detection in time series using distance based outlier detection with cluster density analysis. In: 2017 Internet Technologies and Applications (ITA), pp. 116–121. IEEE (2017)
Garg, S., Singh, A., Batra, S., et al.: EnClass: ensemble-based classification model for network anomaly detection in massive datasets. In: 2017 IEEE Global Communications Conference (GLOBECOM), pp. 1–7. IEEE (2017)
Ara, L., Luo, X.: A data-driven network intrusion detection model based on host clustering and integrated learning: a case study on botnet detection. In: Wang, G., Feng, J., Bhuiyan, M.Z.A., Lu, R. (eds.) SpaCCS 2019. LNCS, vol. 11611, pp. 102–116. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24907-6_9
Callegari, C., Pagano, M.: A novel bivariate entropy-based network anomaly detection system. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10658, pp. 168–179. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72395-2_17
Javaid, A., Niyaz, Q., Sun, W., et al.: A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), pp. 21–26 (2016)
Yin, C., Zhu, Y., Fei, J., et al.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017)
Shone, N., Ngoc, T.N., Phai, V.D., et al.: A deep learning approach to network intrusion detection[J]. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 41–50 (2018)
Manavi, M., Zhang, Y.: A new intrusion detection system based on gated recurrent unit (GRU) and genetic algorithm. In: Wang, G., Feng, J., Bhuiyan, M.Z.A., Lu, R. (eds.) SpaCCS 2019. LNCS, vol. 11611, pp. 368–383. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24907-6_28
Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A.: Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Syst. Appl. 141, 112963 (2019)
Sutton, R.S., Barto, A.G., Williams, R.J.: Reinforcement learning is direct adaptive optimal control. IEEE Control Syst. Mag. 12(2), 19–22 (1992)
Van Hasselt, H., Guez, A., Silver, D.: Deep Reinforcement learning with double Q-learning. In: 30th Association-for-the-Advancement-of-Artificial-Intelligence (AAAI) Conference on Artificial Intelligence, pp. 2094–2100 (2016)
Schaul, T., Quan, J., Antonoglou, I., et al.: Prioritized experience replay. In: Proceedings of the 4th International Conference on Learning Representations (ICLR), pp. 322–355 (2016)
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
Tavallaee, M., Bagheri, E., Lu, W., et al.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), pp. 1–6. IEEE (2009)
Zhang, C., Ruan, F., Yin, L., et al.: A deep learning approach for network intrusion detection based on NSL-KDD dataset. In: 2019 IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID), pp. 41–45. IEEE (2019)
Gurung, S., Ghose, M.K., Subedi, A.: Deep learning approach on network intrusion detection system using NSL-KDD dataset. Int. J. Comput. Netw. Inf. Secur. (IJCNIS) 11(3), 8–14 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Liu, Z. (2021). Reinforcement-Learning Based Network Intrusion Detection with Human Interaction in the Loop. In: Wang, G., Chen, B., Li, W., Di Pietro, R., Yan, X., Han, H. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2020. Lecture Notes in Computer Science(), vol 12382. Springer, Cham. https://doi.org/10.1007/978-3-030-68851-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-68851-6_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-68850-9
Online ISBN: 978-3-030-68851-6
eBook Packages: Computer ScienceComputer Science (R0)