Skip to main content
SpringerLink
Log in

COREM2 project: a beginning to end approach for cyber intrusion detection

  • S.I.: Deep learning modelling in real life: (Anomaly Detection, Biomedical, Concept Analysis, Finance, Image analysis, Recommendation
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

The growing need to use online services has made it necessary to ensure protection against all kinds of cyber-threats. This research effort aims to tackle network security problems as follows: It introduces the hybrid intrusion detection system COREM2 that successfully detects nine cyber-attacks. Its architecture comprises of a two-dimensional convolutional neural network (2-D CNN), a recurrent neural network with long short-term memory layers and a multilayer perceptron. The COREM2 was successfully tested against the timely Kitsune Network Attack Dataset, achieving an overall accuracy of 98.64% and 98.92% in the training and testing phases, respectively. Since this is a multiclass classification effort, the “one-versus-all strategy” was employed to validate the introduced model, which has proved its ability to generalize. COREM2 outperforms other state-of-the-art approaches achieving overall accuracy above 98%, rare for field cyber-security intrusion. We strongly suggest that it can be safely used as a prototype for further research on network security enhancement. Furthermore, this research introduces a holistic approach for cyber intrusion detection, using the COREM2 in order to classify network traffic as benign or malicious. It captures network flow packets in the form of PCAP files (packet capture), and it stores them in.csv files and it evaluates them in order to perform classification in ten classes as provided by the Kitsune Dataset. If the malicious traffic exceeds a certain limit, the model notifies the user to take all necessary actions. The proposed method has an average processing power of 10,000 packets per 8 s. It potentially can be used in any device that has Internet access.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Kuypers MA, Maillart T, Paté-Cornell E (2016) An empirical analysis of cyber security incidents at a large organization. Department of Management Science and Engineering, Stanford University, School of Information, UC Berkeley, 30

  2. Yadav S, Shukla S (2016) Analysis of k-fold cross-validation over hold-out validation on colossal datasets for quality classification. In 2016 IEEE 6th International conference on advanced computing (IACC). IEEE. pp 78–83

  3. Ahmim A, Derdour M, Ferrag MA (2018) An intrusion detection system based on combining probability predictions of a tree of classifiers. Int J Commun Syst 31(9):e3547

    Article  Google Scholar 

  4. Ahmim A, Maglaras L, Ferrag MA, Derdour M, Janicke H (2019) A novel hierarchical intrusion detection system based on decision tree and rules-based models. In 2019 15th international conference on distributed computing in sensor systems (DCOSS). IEEE. pp 228–233

  5. Statista, https://www.statista.com/statistics/273575/average-organizational-cost-incurred-by-a-data-breach/. Accessed 28 Nov 2021

  6. Holzinger K, Mak K, Kieseberg P, Holzinger A (2018) Can we trust machine learning results? artificial intelligence in safety-critical decision support. Ercim News 112:42–43

    Google Scholar 

  7. IBM, https://www.ibm.com/topics/cybersecurity. Accessed 30 Nov 2021

  8. Psathas AP, Iliadis L, Papaleonidas A, Bountas D (2021) A hybrid deep learning ensemble for cyber intrusion detection. In international conference on engineering applications of neural networks. Springer, Cham. pp 27–41

  9. Stone M (1974) Cross-validatory choice and assessment of statistical predictions. J Roy Stat Soc Ser B (Methodol) 36(2):111–133

    MathSciNet  MATH  Google Scholar 

  10. Böhme R, Christin N, Edelman B, Moore T (2015) Bitcoin: economics, technology, and governance. J Econ Perspect 29(2):213–238

    Article  Google Scholar 

  11. Sherman AT, Javani F, Zhang H, Golaszewski E (2019) On the origins and variations of blockchain technologies. IEEE Secur Priv 17(1):72–77

    Article  Google Scholar 

  12. Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke N, Gritzalis S (2012) Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers. Secur Commun Netw 5(1):3–14

    Article  Google Scholar 

  13. Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39(1):424–430

    Article  Google Scholar 

  14. Elekar KS (2015) Combination of data mining techniques for intrusion detection system. In 2015 international conference on computer, communication and control (IC4). IEEE. pp 1–5

  15. Ganeshkumar P, Pandeeswari N (2016) Adaptive neuro-fuzzy-based anomaly detection system in cloud. Int J Fuzzy Syst 18(3):367–378

    Article  Google Scholar 

  16. Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-baiot—network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22

    Article  Google Scholar 

  17. Soe YN, Feng Y, Santosa PI, Hartanto R, Sakurai K (2020) Machine learning-based IoT-botnet attack detection with sequential architecture. Sensors 20(16):4372

    Article  Google Scholar 

  18. Zhang C, Jiang J, Kamel M (2005) Intrusion detection using hierarchical neural networks. Pattern Recogn Lett 26(6):779–791

    Article  Google Scholar 

  19. Dash T (2017) A study on intrusion detection using neural networks trained with evolutionary algorithms. Soft Comput 21:2687–2700

    Article  Google Scholar 

  20. Demertzis K, Iliadis L, Bougoudis I (2020) Gryphon: a semi-supervised anomaly detection system based on one-class evolving spiking neural network. Neural Comput Appl 32(9):4303–4314

    Article  Google Scholar 

  21. Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821

    Article  Google Scholar 

  22. Buczak AL, Guven E (2015) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutor 18(2):1153–1176

    Article  Google Scholar 

  23. Xie M, Hu J, Han S, Chen HH (2012) Scalable hypergrid k-NN-based online anomaly detection in wireless sensor networks. IEEE Trans Parallel Distrib Syst 24(8):1661–1670

    Article  Google Scholar 

  24. Kolosnjaji B, Zarras A, Webster G, Eckert C (2016) Deep learning for classification of malware system call sequences. In Australasian joint conference on artificial intelligence. Springer, Cham. pp 137–149

  25. Pascanu R, Stokes JW, Sanossian H, Marinescu M, Thomas A (2015) Malware classification with recurrent networks. In 2015 IEEE international conference on acoustics, speech and signal processing (ICASSP). IEEE. pp 1916–1920

  26. Mizuno S, Hatada M, Mori T, Goto S (2017) Botdetector: a robust and scalable approach toward detecting malware-infected devices. In 2017 IEEE international conference on communications (ICC). IEEE. pp 1–7

  27. Demertzis K, Tziritas N, Kikiras P, Sanchez SL, Iliadis L (2019) The next generation cognitive security operations center: adaptive analytic lambda architecture for efficient defense against adversarial attacks. Big Data Cognit Comput 3(1):6

    Article  Google Scholar 

  28. Cordonsky I, Rosenberg I, Sicard G, David EO (2018) DeepOrigin: end-to-end deep learning for detection of new malware families. In 2018 international joint conference on neural networks (IJCNN). IEEE. pp 1–7

  29. Gibert Llauradó D (2016). Convolutional neural networks for malware classification (Master's thesis, Universitat Politècnica de Catalunya)

  30. Loukas G, Vuong T, Heartfield R, Sakellari G, Yoon Y, Gan D (2017) Cloud-based cyber-physical intrusion detection for vehicles using deep learning. IEEE Access 6:3491–3508

    Article  Google Scholar 

  31. Thamilarasu G, Chawla S (2019) Towards deep-learning-driven intrusion detection for the internet of things. Sensors 19(9):1977

    Article  Google Scholar 

  32. Shone N, Ngoc TN, Phai VD, Shi Q (2018) A deep learning approach to network intrusion detection. IEEE Trans Emerg Topics Comput Intell 2(1):41–50

    Article  Google Scholar 

  33. Kdd Cup 1999. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 8 Mar 2021

  34. Nsl kdd. https://www.unb.ca/cic/datasets/nsl.html. Accessed 8 Mar 2021

  35. Nisa M, Shah JH, Kanwal S, Raza M, Khan MA, Damaševičius R, Blažauskas T (2020) Hybrid malware classification method using segmentation-based fractal texture analysis and deep convolution neural network features. Appl Sci 10(14):4966

    Article  Google Scholar 

  36. He Y, Mendis GJ, Wei J (2017) Real-time detection of false data injection attacks in smart grid: a deep learning-based intelligent mechanism. IEEE Trans Smart Grid 8(5):2505–2516

    Article  Google Scholar 

  37. Miller ST, Busby-Earle C (2017) Multi-perspective machine learning a classifier ensemble method for intrusion detection. In proceedings of the 2017 international conference on machine learning and soft computing, pp 7–12

  38. Nakamoto S (2008) Bitcoin: a peer-to-peer electronic cash system. Decentralized Business Review, 21260

  39. Serrano W (2019) The blockchain random neural network in cybersecurity and the Internet of Things. In IFIP international conference on artificial intelligence applications and innovations. Springer, Cham. pp 50–63

  40. Giannoutakis KM, Spathoulas G, Filelis-Papadopoulos CK, Collen A, Anagnostopoulos M, Votis K, Nijdam NA (2020) A blockchain solution for enhancing cybersecurity defence of IoT. In 2020 IEEE international conference on blockchain (Blockchain). IEEE. pp 490–495

  41. Demertzis K, Iliadis L, Tziritas N, Kikiras P (2020) Anomaly detection via blockchained deep learning smart contracts in industry 4.0. Neural Comput Appl 32(23):17361–17378

    Article  Google Scholar 

  42. Mora OB, Rivera R, Larios VM, Beltrán-Ramírez JR, Maciel R, Ochoa A (2018) A Use Case in Cybersecurity based in Blockchain to deal with the security and privacy of citizens and Smart Cities Cyberinfrastructures. In 2018 IEEE international smart cities conference (ISC2). IEEE. pp 1–4

  43. Mylrea M, Gourisetti SNG (2018) Blockchain for supply chain cybersecurity, optimization and compliance. In 2018 Resilience Week (RWS). IEEE. pp 70–76

  44. Wang B, Dabbaghjamanesh M, Kavousi-Fard A, Mehraeen S (2019) Cybersecurity enhancement of power trading within the networked microgrids based on blockchain and directed acyclic graph approach. IEEE Trans Ind Appl 55(6):7300–7309

    Article  Google Scholar 

  45. Berman DS, Buczak AL, Chavis JS, Corbett CL (2019) A survey of deep learning methods for cyber security. Information 10(4):122

    Article  Google Scholar 

  46. Ctu-13 Dataset. https://mcfp.weebly.com/the-ctu-13-dataset-a-labeleddataset-with-botnet-normal-and-background-traffic.html. Accessed 8 Mar 2021

  47. Unsw-nb15 Dataset. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/. Accessed 30 Nov 2021

  48. Bot-IoT Dataset. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/bot_iot.php. Accessed 8 Mar 2021

  49. CSE-CIC-IDS2018 Dataset. https://www.unb.ca/cic/datasets/ids-2018.html. Accessed 30 May 2019

  50. Tor-Nontor Dataset. https://www.unb.ca/cic/datasets/tor.html. Accessed 8 Mar 2021

  51. Android Malware Dataset. https://www.unb.ca/cic/datasets/andmal2017.html. Accessed 30 Nov 2021

  52. Mirsky Y, Doitshman T, Elovici Y, Shabtai A (2018) Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089

  53. Kitsune Network Attack Dataset. https://archive.ics.uci.edu/ml/datasets/Kitsune+Network+Attack+Dataset. Accessed 8 Mar 2021

  54. Valueva MV, Nagornov NN, Lyakhov PA, Valuev GV, Chervyakov NI (2020) Application of the residue number system to reduce hardware costs of the convolutional neural network implementation. Math Comput Simul 177:232–243

    Article  MathSciNet  Google Scholar 

  55. O'Shea K, Ryan N (2015) "An introduction to convolutional neural networks." arXiv preprint arXiv:1511.08458

  56. Ciresan DC, Meier U, Masci J, Gambardella LM, Schmidhuber J (2011) Flexible, high performance convolutional neural networks for image classification. In Twenty-second international joint conference on artificial intelligence

  57. Ciregan D, Meier U, Schmidhuber J (2012) Multi-column deep neural networks for image classification. In 2012 IEEE conference on computer vision and pattern recognition. IEEE. pp 3642–3649

  58. Martin E, Cundy C (2017) Parallelizing linear recurrent neural nets over sequence length. arXiv preprint arXiv:1709.04057

  59. Aydın S (2019) Deep learning classification of neuro-emotional phase domain complexity levels induced by affective video film clips. IEEE J Biomed Health Inform 24(6):1695–1702

    Article  Google Scholar 

  60. Mahdavifar S, Ghorbani AA (2019) Application of deep learning to cybersecurity: a survey. Neurocomputing 347:149–176

    Article  Google Scholar 

  61. Le XH, Ho HV, Lee G, Jung S (2019) Application of long short-term memory (LSTM) neural network for flood forecasting. Water 11(7):1387

    Article  Google Scholar 

  62. Saleh AI, Talaat FM, Labib LM (2019) A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers. Artif Intell Rev 51(3):403–443

    Article  Google Scholar 

  63. Yeung DS, Li JC, Ng WW, Chan PP (2015) MLPNN training via a multiobjective optimization of training error and stochastic sensitivity. IEEE Trans Neural Netw Learn Syst 27(5):978–992

    Article  MathSciNet  Google Scholar 

  64. Malik A, Kumar A, Rai P, Kuriqi A (2021) Prediction of multi-scalar standardized precipitation index by using artificial intelligence and regression models. Climate 2021(9):28

    Article  Google Scholar 

  65. Dawson CW, Wilby RL (2001) Hydrological modelling using artificial neural networks. Prog Phys Geogr 25(1):80–108

    Article  Google Scholar 

  66. Chambon S, Galtier MN, Arnal PJ, Wainrib G, Gramfort A (2018) A deep learning architecture for temporal sleep stage classification using multivariate and multimodal time series. IEEE Trans Neural Syst Rehabil Eng 26(4):758–769

    Article  Google Scholar 

  67. Srivastava N, Hinton G, Krizhevsky A, Sutskever I, Salakhutdinov R (2014) Dropout: a simple way to prevent neural networks from overfitting. J Mach Learn Res 15(1):1929–1958

    MathSciNet  MATH  Google Scholar 

  68. Ketkar N (2017) Introduction to keras. In Deep learning with Python. Apress, Berkeley, CA. pp 97–111

  69. Dillon JV, Langmore I, Tran D, Brevdo E, Vasudevan S, Moore D, Saurous, RA (2017) Tensorflow distributions. arXiv preprint arXiv:1711.10604

  70. Tensorflow. https://www.tensorflow.org/. Accessed 8 Mar 2021

  71. Mirchev A, Ahmadi SA (2018) Classification of sparsely labeled spatio-temporal data through semi-supervised adversarial learning. arXiv preprint arXiv:1801.08712

  72. Zhang Z (2018) Improved adam optimizer for deep neural networks. In 2018 IEEE/ACM 26th international symposium on quality of service (IWQoS). IEEE. pp 1–2

  73. Agarap AF (2018) Deep learning using rectified linear units (relu). arXiv preprint arXiv:1803.08375

  74. Psathas AP, Papaleonidas A, Iliadis L (2021) A Machine Learning Approach for Recognition of Elders’ Activities Using Passive Sensors. In IFIP International Conference on Artificial Intelligence Applications and Innovations. Springer, Cham. pp 157–170

  75. Psathas AP, Papaleonidas A, Papathanassiou G, Iliadis L, Valkaniotis S (2021) Hybrid computational intelligence modeling of coseismic landslides’ severity. in international conference on computational collective intelligence. Springer, Cham. pp 427–442

  76. Psathas AP, Papaleonidas A, Iliadis L (2020) Machine learning modeling of human activity using PPG signals. In: international conference on computational collective intelligence. Springer, Cham. pp 543–557

  77. Psathas AP, Papaleonidas A, Papathanassiou G, Valkaniotis S, Iliadis L (2020) Classification of coseismic landslides using fuzzy and machine learning techniques. In: international conference on engineering applications of neural networks. Springer, Cham. pp 15–31

  78. Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP (2002) SMOTE: synthetic minority over-sampling technique. J Artif Intell Res 16:321–357

    Article  Google Scholar 

  79. Pyshark. https://pypi.org/project/pyshark/. Accessed 30 Nov 2021

  80. Wireshark. https://www.wireshark.org/. Accessed 30 Nov 2021

Download references

Author information

Authors and Affiliations

  1. Department of Civil Engineering-Lab of Mathematics and Informatics (ISCE), Democritus University of Thrace, 67100, Xanthi, Greece

    Anastasios Panagiotis Psathas, Lazaros Iliadis, Antonios Papaleonidas & Dimitris Bountas

Authors
  1. Anastasios Panagiotis Psathas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lazaros Iliadis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Antonios Papaleonidas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dimitris Bountas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anastasios Panagiotis Psathas.

Ethics declarations

Conflict of interest

The authors declare no conflict of interest. There is no financial and personal relationships with other people or organizations that can inappropriately influence their work. There is no professional or other personal interest of any nature or kind in any product, service or company that could be constructed as influencing the position presented in, or the review of, the manuscript.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix

Appendix

See Fig. 

Fig. 8
figure 8

A holistic approach for cyber intrusion detection, using the hybrid NN COREM2

Full size image

8.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Psathas, A.P., Iliadis, L., Papaleonidas, A. et al. COREM2 project: a beginning to end approach for cyber intrusion detection. Neural Comput & Applic 34, 19565–19584 (2022). https://doi.org/10.1007/s00521-022-07084-w

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-022-07084-w

Keywords

Search

Navigation