Skip to main content
SpringerLink
Log in

Reinforcement-Learning Based Network Intrusion Detection with Human Interaction in the Loop

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12382))

Abstract

With the rapid explosion of Internet traffic volume and the continuous evolution of cyber-attack technology, existing network intrusion detection mechanisms are confronted with growing threats of more sophisticated attack traffic. Continuous recognition and modeling of new attack patterns on-the-fly are desired with human-aided automated learning. Numerous learning-based intrusion detection methods have been put forward in recent years, but the traditional data-training-testing-iterating based machine learning procedure really lacks involvement of human intelligence and instant feedbacks when being applied in the ambiguous and volatile network intrusion traffic. This paper proposes a novel approach for learning-based intrusion detection based on interactive reinforcement learning with human experience and interaction in the loop. We first transform the process of intrusion detection into a general Markov Decision Process. Then the interactive human input as manually labeling the observed network traffic occasionally is introduced into the modeling interactions to accelerate the model convergence. We customize a hybrid structure of the Q-network for such interactive network intrusion detection with Long Short-Term Memory incorporated into deep reinforcement learning. Experimental results on the NSL-KDD dataset show that the proposed modeling and detection solution achieves significantly higher precision and recall rates compared with previous learning-based detection mechanisms, with continuous model optimization by human intelligent interactions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Roesch, M.: Snort: lightweight intrusion detection for networks. In: Large Installation System Administration Conference (LISA), vol. 99, no. 1, pp. 229–238 (1999)

    Google Scholar 

  2. Kalnoor, G., Agarkhed, J.: Pattern matching intrusion detection technique for Wireless sensor networks. In: 2016 2nd International Conference on Advances in Electrical, Electronics, Information, Communication and Bio-Informatics (AEEICB), pp. 724–728. IEEE (2016)

    Google Scholar 

  3. Lee, C.L., Yang, T.H.: A flexible pattern-matching algorithm for network intrusion detection systems using multi-core processors. Algorithms 10(2), 58 (2017)

    Article  MathSciNet  Google Scholar 

  4. Le Dang, N., Le, D.N., Le, V.T.: A new multiple-pattern matching algorithm for the network intrusion detection system. Int. J. Eng. Technol. Sci. 8(2), 94–100 (2012)

    Google Scholar 

  5. Pajouh, H.H., Dastghaibyfard, G.H., Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)

    Article  Google Scholar 

  6. Flanagan, K., Fallon, E., Connolly, P., et al.: Network anomaly detection in time series using distance based outlier detection with cluster density analysis. In: 2017 Internet Technologies and Applications (ITA), pp. 116–121. IEEE (2017)

    Google Scholar 

  7. Garg, S., Singh, A., Batra, S., et al.: EnClass: ensemble-based classification model for network anomaly detection in massive datasets. In: 2017 IEEE Global Communications Conference (GLOBECOM), pp. 1–7. IEEE (2017)

    Google Scholar 

  8. Ara, L., Luo, X.: A data-driven network intrusion detection model based on host clustering and integrated learning: a case study on botnet detection. In: Wang, G., Feng, J., Bhuiyan, M.Z.A., Lu, R. (eds.) SpaCCS 2019. LNCS, vol. 11611, pp. 102–116. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24907-6_9

    Chapter  Google Scholar 

  9. Callegari, C., Pagano, M.: A novel bivariate entropy-based network anomaly detection system. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10658, pp. 168–179. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72395-2_17

    Chapter  Google Scholar 

  10. Javaid, A., Niyaz, Q., Sun, W., et al.: A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), pp. 21–26 (2016)

    Google Scholar 

  11. Yin, C., Zhu, Y., Fei, J., et al.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017)

    Article  Google Scholar 

  12. Shone, N., Ngoc, T.N., Phai, V.D., et al.: A deep learning approach to network intrusion detection[J]. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 41–50 (2018)

    Article  Google Scholar 

  13. Manavi, M., Zhang, Y.: A new intrusion detection system based on gated recurrent unit (GRU) and genetic algorithm. In: Wang, G., Feng, J., Bhuiyan, M.Z.A., Lu, R. (eds.) SpaCCS 2019. LNCS, vol. 11611, pp. 368–383. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24907-6_28

    Chapter  Google Scholar 

  14. Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A.: Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Syst. Appl. 141, 112963 (2019)

    Article  Google Scholar 

  15. Sutton, R.S., Barto, A.G., Williams, R.J.: Reinforcement learning is direct adaptive optimal control. IEEE Control Syst. Mag. 12(2), 19–22 (1992)

    Article  Google Scholar 

  16. Van Hasselt, H., Guez, A., Silver, D.: Deep Reinforcement learning with double Q-learning. In: 30th Association-for-the-Advancement-of-Artificial-Intelligence (AAAI) Conference on Artificial Intelligence, pp. 2094–2100 (2016)

    Google Scholar 

  17. Schaul, T., Quan, J., Antonoglou, I., et al.: Prioritized experience replay. In: Proceedings of the 4th International Conference on Learning Representations (ICLR), pp. 322–355 (2016)

    Google Scholar 

  18. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)

    Article  Google Scholar 

  19. Tavallaee, M., Bagheri, E., Lu, W., et al.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), pp. 1–6. IEEE (2009)

    Google Scholar 

  20. Zhang, C., Ruan, F., Yin, L., et al.: A deep learning approach for network intrusion detection based on NSL-KDD dataset. In: 2019 IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID), pp. 41–45. IEEE (2019)

    Google Scholar 

  21. Gurung, S., Ghose, M.K., Subedi, A.: Deep learning approach on network intrusion detection system using NSL-KDD dataset. Int. J. Comput. Netw. Inf. Secur. (IJCNIS) 11(3), 8–14 (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing, 210094, China

    Ze Liu

Authors
  1. Ze Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ze Liu .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Aeronautics and Astronautics, Nanjing University, Nanjing, China

    Bing Chen

  3. Computer Science, Georgia State University, Atlanta, GA, USA

    Wei Li

  4. College of Science and Engineering, Qatar Foundation Education City, Doha, Qatar

    Roberto Di Pietro

  5. Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Xuefeng Yan

  6. Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Hao Han

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, Z. (2021). Reinforcement-Learning Based Network Intrusion Detection with Human Interaction in the Loop. In: Wang, G., Chen, B., Li, W., Di Pietro, R., Yan, X., Han, H. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2020. Lecture Notes in Computer Science(), vol 12382. Springer, Cham. https://doi.org/10.1007/978-3-030-68851-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-68851-6_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-68850-9

  • Online ISBN: 978-3-030-68851-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation