Abstract
The growing need to use online services has made it necessary to ensure protection against all kinds of cyber-threats. This research effort aims to tackle network security problems as follows: It introduces the hybrid intrusion detection system COREM2 that successfully detects nine cyber-attacks. Its architecture comprises of a two-dimensional convolutional neural network (2-D CNN), a recurrent neural network with long short-term memory layers and a multilayer perceptron. The COREM2 was successfully tested against the timely Kitsune Network Attack Dataset, achieving an overall accuracy of 98.64% and 98.92% in the training and testing phases, respectively. Since this is a multiclass classification effort, the “one-versus-all strategy” was employed to validate the introduced model, which has proved its ability to generalize. COREM2 outperforms other state-of-the-art approaches achieving overall accuracy above 98%, rare for field cyber-security intrusion. We strongly suggest that it can be safely used as a prototype for further research on network security enhancement. Furthermore, this research introduces a holistic approach for cyber intrusion detection, using the COREM2 in order to classify network traffic as benign or malicious. It captures network flow packets in the form of PCAP files (packet capture), and it stores them in.csv files and it evaluates them in order to perform classification in ten classes as provided by the Kitsune Dataset. If the malicious traffic exceeds a certain limit, the model notifies the user to take all necessary actions. The proposed method has an average processing power of 10,000 packets per 8 s. It potentially can be used in any device that has Internet access.
Similar content being viewed by others
References
Kuypers MA, Maillart T, Paté-Cornell E (2016) An empirical analysis of cyber security incidents at a large organization. Department of Management Science and Engineering, Stanford University, School of Information, UC Berkeley, 30
Yadav S, Shukla S (2016) Analysis of k-fold cross-validation over hold-out validation on colossal datasets for quality classification. In 2016 IEEE 6th International conference on advanced computing (IACC). IEEE. pp 78–83
Ahmim A, Derdour M, Ferrag MA (2018) An intrusion detection system based on combining probability predictions of a tree of classifiers. Int J Commun Syst 31(9):e3547
Ahmim A, Maglaras L, Ferrag MA, Derdour M, Janicke H (2019) A novel hierarchical intrusion detection system based on decision tree and rules-based models. In 2019 15th international conference on distributed computing in sensor systems (DCOSS). IEEE. pp 228–233
Statista, https://www.statista.com/statistics/273575/average-organizational-cost-incurred-by-a-data-breach/. Accessed 28 Nov 2021
Holzinger K, Mak K, Kieseberg P, Holzinger A (2018) Can we trust machine learning results? artificial intelligence in safety-critical decision support. Ercim News 112:42–43
IBM, https://www.ibm.com/topics/cybersecurity. Accessed 30 Nov 2021
Psathas AP, Iliadis L, Papaleonidas A, Bountas D (2021) A hybrid deep learning ensemble for cyber intrusion detection. In international conference on engineering applications of neural networks. Springer, Cham. pp 27–41
Stone M (1974) Cross-validatory choice and assessment of statistical predictions. J Roy Stat Soc Ser B (Methodol) 36(2):111–133
Böhme R, Christin N, Edelman B, Moore T (2015) Bitcoin: economics, technology, and governance. J Econ Perspect 29(2):213–238
Sherman AT, Javani F, Zhang H, Golaszewski E (2019) On the origins and variations of blockchain technologies. IEEE Secur Priv 17(1):72–77
Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke N, Gritzalis S (2012) Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers. Secur Commun Netw 5(1):3–14
Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39(1):424–430
Elekar KS (2015) Combination of data mining techniques for intrusion detection system. In 2015 international conference on computer, communication and control (IC4). IEEE. pp 1–5
Ganeshkumar P, Pandeeswari N (2016) Adaptive neuro-fuzzy-based anomaly detection system in cloud. Int J Fuzzy Syst 18(3):367–378
Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-baiot—network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22
Soe YN, Feng Y, Santosa PI, Hartanto R, Sakurai K (2020) Machine learning-based IoT-botnet attack detection with sequential architecture. Sensors 20(16):4372
Zhang C, Jiang J, Kamel M (2005) Intrusion detection using hierarchical neural networks. Pattern Recogn Lett 26(6):779–791
Dash T (2017) A study on intrusion detection using neural networks trained with evolutionary algorithms. Soft Comput 21:2687–2700
Demertzis K, Iliadis L, Bougoudis I (2020) Gryphon: a semi-supervised anomaly detection system based on one-class evolving spiking neural network. Neural Comput Appl 32(9):4303–4314
Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821
Buczak AL, Guven E (2015) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutor 18(2):1153–1176
Xie M, Hu J, Han S, Chen HH (2012) Scalable hypergrid k-NN-based online anomaly detection in wireless sensor networks. IEEE Trans Parallel Distrib Syst 24(8):1661–1670
Kolosnjaji B, Zarras A, Webster G, Eckert C (2016) Deep learning for classification of malware system call sequences. In Australasian joint conference on artificial intelligence. Springer, Cham. pp 137–149
Pascanu R, Stokes JW, Sanossian H, Marinescu M, Thomas A (2015) Malware classification with recurrent networks. In 2015 IEEE international conference on acoustics, speech and signal processing (ICASSP). IEEE. pp 1916–1920
Mizuno S, Hatada M, Mori T, Goto S (2017) Botdetector: a robust and scalable approach toward detecting malware-infected devices. In 2017 IEEE international conference on communications (ICC). IEEE. pp 1–7
Demertzis K, Tziritas N, Kikiras P, Sanchez SL, Iliadis L (2019) The next generation cognitive security operations center: adaptive analytic lambda architecture for efficient defense against adversarial attacks. Big Data Cognit Comput 3(1):6
Cordonsky I, Rosenberg I, Sicard G, David EO (2018) DeepOrigin: end-to-end deep learning for detection of new malware families. In 2018 international joint conference on neural networks (IJCNN). IEEE. pp 1–7
Gibert Llauradó D (2016). Convolutional neural networks for malware classification (Master's thesis, Universitat Politècnica de Catalunya)
Loukas G, Vuong T, Heartfield R, Sakellari G, Yoon Y, Gan D (2017) Cloud-based cyber-physical intrusion detection for vehicles using deep learning. IEEE Access 6:3491–3508
Thamilarasu G, Chawla S (2019) Towards deep-learning-driven intrusion detection for the internet of things. Sensors 19(9):1977
Shone N, Ngoc TN, Phai VD, Shi Q (2018) A deep learning approach to network intrusion detection. IEEE Trans Emerg Topics Comput Intell 2(1):41–50
Kdd Cup 1999. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 8 Mar 2021
Nsl kdd. https://www.unb.ca/cic/datasets/nsl.html. Accessed 8 Mar 2021
Nisa M, Shah JH, Kanwal S, Raza M, Khan MA, Damaševičius R, Blažauskas T (2020) Hybrid malware classification method using segmentation-based fractal texture analysis and deep convolution neural network features. Appl Sci 10(14):4966
He Y, Mendis GJ, Wei J (2017) Real-time detection of false data injection attacks in smart grid: a deep learning-based intelligent mechanism. IEEE Trans Smart Grid 8(5):2505–2516
Miller ST, Busby-Earle C (2017) Multi-perspective machine learning a classifier ensemble method for intrusion detection. In proceedings of the 2017 international conference on machine learning and soft computing, pp 7–12
Nakamoto S (2008) Bitcoin: a peer-to-peer electronic cash system. Decentralized Business Review, 21260
Serrano W (2019) The blockchain random neural network in cybersecurity and the Internet of Things. In IFIP international conference on artificial intelligence applications and innovations. Springer, Cham. pp 50–63
Giannoutakis KM, Spathoulas G, Filelis-Papadopoulos CK, Collen A, Anagnostopoulos M, Votis K, Nijdam NA (2020) A blockchain solution for enhancing cybersecurity defence of IoT. In 2020 IEEE international conference on blockchain (Blockchain). IEEE. pp 490–495
Demertzis K, Iliadis L, Tziritas N, Kikiras P (2020) Anomaly detection via blockchained deep learning smart contracts in industry 4.0. Neural Comput Appl 32(23):17361–17378
Mora OB, Rivera R, Larios VM, Beltrán-Ramírez JR, Maciel R, Ochoa A (2018) A Use Case in Cybersecurity based in Blockchain to deal with the security and privacy of citizens and Smart Cities Cyberinfrastructures. In 2018 IEEE international smart cities conference (ISC2). IEEE. pp 1–4
Mylrea M, Gourisetti SNG (2018) Blockchain for supply chain cybersecurity, optimization and compliance. In 2018 Resilience Week (RWS). IEEE. pp 70–76
Wang B, Dabbaghjamanesh M, Kavousi-Fard A, Mehraeen S (2019) Cybersecurity enhancement of power trading within the networked microgrids based on blockchain and directed acyclic graph approach. IEEE Trans Ind Appl 55(6):7300–7309
Berman DS, Buczak AL, Chavis JS, Corbett CL (2019) A survey of deep learning methods for cyber security. Information 10(4):122
Ctu-13 Dataset. https://mcfp.weebly.com/the-ctu-13-dataset-a-labeleddataset-with-botnet-normal-and-background-traffic.html. Accessed 8 Mar 2021
Unsw-nb15 Dataset. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/. Accessed 30 Nov 2021
Bot-IoT Dataset. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/bot_iot.php. Accessed 8 Mar 2021
CSE-CIC-IDS2018 Dataset. https://www.unb.ca/cic/datasets/ids-2018.html. Accessed 30 May 2019
Tor-Nontor Dataset. https://www.unb.ca/cic/datasets/tor.html. Accessed 8 Mar 2021
Android Malware Dataset. https://www.unb.ca/cic/datasets/andmal2017.html. Accessed 30 Nov 2021
Mirsky Y, Doitshman T, Elovici Y, Shabtai A (2018) Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089
Kitsune Network Attack Dataset. https://archive.ics.uci.edu/ml/datasets/Kitsune+Network+Attack+Dataset. Accessed 8 Mar 2021
Valueva MV, Nagornov NN, Lyakhov PA, Valuev GV, Chervyakov NI (2020) Application of the residue number system to reduce hardware costs of the convolutional neural network implementation. Math Comput Simul 177:232–243
O'Shea K, Ryan N (2015) "An introduction to convolutional neural networks." arXiv preprint arXiv:1511.08458
Ciresan DC, Meier U, Masci J, Gambardella LM, Schmidhuber J (2011) Flexible, high performance convolutional neural networks for image classification. In Twenty-second international joint conference on artificial intelligence
Ciregan D, Meier U, Schmidhuber J (2012) Multi-column deep neural networks for image classification. In 2012 IEEE conference on computer vision and pattern recognition. IEEE. pp 3642–3649
Martin E, Cundy C (2017) Parallelizing linear recurrent neural nets over sequence length. arXiv preprint arXiv:1709.04057
Aydın S (2019) Deep learning classification of neuro-emotional phase domain complexity levels induced by affective video film clips. IEEE J Biomed Health Inform 24(6):1695–1702
Mahdavifar S, Ghorbani AA (2019) Application of deep learning to cybersecurity: a survey. Neurocomputing 347:149–176
Le XH, Ho HV, Lee G, Jung S (2019) Application of long short-term memory (LSTM) neural network for flood forecasting. Water 11(7):1387
Saleh AI, Talaat FM, Labib LM (2019) A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers. Artif Intell Rev 51(3):403–443
Yeung DS, Li JC, Ng WW, Chan PP (2015) MLPNN training via a multiobjective optimization of training error and stochastic sensitivity. IEEE Trans Neural Netw Learn Syst 27(5):978–992
Malik A, Kumar A, Rai P, Kuriqi A (2021) Prediction of multi-scalar standardized precipitation index by using artificial intelligence and regression models. Climate 2021(9):28
Dawson CW, Wilby RL (2001) Hydrological modelling using artificial neural networks. Prog Phys Geogr 25(1):80–108
Chambon S, Galtier MN, Arnal PJ, Wainrib G, Gramfort A (2018) A deep learning architecture for temporal sleep stage classification using multivariate and multimodal time series. IEEE Trans Neural Syst Rehabil Eng 26(4):758–769
Srivastava N, Hinton G, Krizhevsky A, Sutskever I, Salakhutdinov R (2014) Dropout: a simple way to prevent neural networks from overfitting. J Mach Learn Res 15(1):1929–1958
Ketkar N (2017) Introduction to keras. In Deep learning with Python. Apress, Berkeley, CA. pp 97–111
Dillon JV, Langmore I, Tran D, Brevdo E, Vasudevan S, Moore D, Saurous, RA (2017) Tensorflow distributions. arXiv preprint arXiv:1711.10604
Tensorflow. https://www.tensorflow.org/. Accessed 8 Mar 2021
Mirchev A, Ahmadi SA (2018) Classification of sparsely labeled spatio-temporal data through semi-supervised adversarial learning. arXiv preprint arXiv:1801.08712
Zhang Z (2018) Improved adam optimizer for deep neural networks. In 2018 IEEE/ACM 26th international symposium on quality of service (IWQoS). IEEE. pp 1–2
Agarap AF (2018) Deep learning using rectified linear units (relu). arXiv preprint arXiv:1803.08375
Psathas AP, Papaleonidas A, Iliadis L (2021) A Machine Learning Approach for Recognition of Elders’ Activities Using Passive Sensors. In IFIP International Conference on Artificial Intelligence Applications and Innovations. Springer, Cham. pp 157–170
Psathas AP, Papaleonidas A, Papathanassiou G, Iliadis L, Valkaniotis S (2021) Hybrid computational intelligence modeling of coseismic landslides’ severity. in international conference on computational collective intelligence. Springer, Cham. pp 427–442
Psathas AP, Papaleonidas A, Iliadis L (2020) Machine learning modeling of human activity using PPG signals. In: international conference on computational collective intelligence. Springer, Cham. pp 543–557
Psathas AP, Papaleonidas A, Papathanassiou G, Valkaniotis S, Iliadis L (2020) Classification of coseismic landslides using fuzzy and machine learning techniques. In: international conference on engineering applications of neural networks. Springer, Cham. pp 15–31
Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP (2002) SMOTE: synthetic minority over-sampling technique. J Artif Intell Res 16:321–357
Pyshark. https://pypi.org/project/pyshark/. Accessed 30 Nov 2021
Wireshark. https://www.wireshark.org/. Accessed 30 Nov 2021
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no conflict of interest. There is no financial and personal relationships with other people or organizations that can inappropriately influence their work. There is no professional or other personal interest of any nature or kind in any product, service or company that could be constructed as influencing the position presented in, or the review of, the manuscript.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix
Rights and permissions
About this article
Cite this article
Psathas, A.P., Iliadis, L., Papaleonidas, A. et al. COREM2 project: a beginning to end approach for cyber intrusion detection. Neural Comput & Applic 34, 19565–19584 (2022). https://doi.org/10.1007/s00521-022-07084-w
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-022-07084-w