Skip to main content
SpringerLink
Log in

An intrusion detection approach based on improved deep belief network

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

In today’s interconnected society, cyberattacks have become more frequent and sophisticated, and existing intrusion detection systems may not be adequate in the complex cyberthreat landscape. For instance, existing intrusion detection systems may have overfitting, low classification accuracy, and high false positive rate (FPR) when faced with significantly large volume and variety of network data. An intrusion detection approach based on improved deep belief network (DBN) is proposed in this paper to mitigate the above problems, where the dataset is processed by probabilistic mass function (PMF) encoding and Min-Max normalization method to simplify the data preprocessing. Furthermore, a combined sparsity penalty term based on Kullback-Leibler (KL) divergence and non-mean Gaussian distribution is introduced in the likelihood function of the unsupervised training phase of DBN, and sparse constraints retrieve the sparse distribution of the dataset, thus avoiding the problem of feature homogeneity and overfitting. Finally, simulation experiments are performed on the NSL-KDD and UNSW-NB15 public datasets. The proposed method achieves 96.17% and 86.49% accuracy, respectively. Experimental results show that compared with the state-of-the-art methods, the proposed method achieves significant improvement in classification accuracy and FPR.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Cyber-Attack Against Ukrainian Critical Infrastructure. [Online]. Available: https://www.us-cert.gov/ics/alerts/IR-ALERT-H-16-056-01 (Accessed Aug 6, 2019)

  2. No municipality paid ransoms in 'coordinated ransomware attack' that hit Texas. [Online]. Available: https://www.zdnet.com/article/no-municipality-paid-ransoms-in-coordinated-ransomware-attack-that-hit-texas/ (Accessed Aug 6, 2019)

  3. Dai Y, Wang G, Li KC (2018) Conceptual alignment deep neural networks[J]. Journal of Intelligent & Fuzzy Systems 34(3):1631–1642

    Google Scholar 

  4. Song H, Jiang Z, Men A, et al. A hybrid semi-supervised anomaly detection model for high-dimensional data[J]. Computational intelligence and neuroscience, 2017, 2017

  5. Zhao Z, Jiao L, Zhao J et al (2017) Discriminant deep belief network for high-resolution SAR image classification[J]. Pattern Recogn 61:686–701

    Google Scholar 

  6. Basu S, Karki M, Ganguly S et al (2017) Learning sparse feature representations using probabilistic quadtrees and deep belief nets[J]. Neural Process Lett 45(3):855–867

    Google Scholar 

  7. Ding Y, Chen S, Xu J. Application of deep belief networks for opcode based malware detection[C]//2016 international joint conference on neural networks (IJCNN). IEEE, 2016: 3901–3908

  8. Zhao G, Zhang C, Zheng L. Intrusion detection using deep belief network and probabilistic neural network[C]//2017 IEEE international conference on computational science and engineering (CSE) and IEEE international conference on embedded and ubiquitous computing (EUC). IEEE, 2017, 1: 639–642

  9. Kaiser J, Zimmerer D, Tieck J C V, et al. Spiking convolutional deep belief networks[C]//international conference on artificial neural networks. Springer, Cham, 2017: 3–11

  10. Koo J, Klabjan D. Improved Classification Based on Deep Belief Networks[J]. arXiv preprint arXiv:1804.09812, 2018

  11. Robert W. Harrison. Continuous restricted Boltzmann machines[J]. Wireless Networks, https://doi.org/10.1007/s11276-018-01903-6. (online: 2018. 12)

  12. Liang W, Li K C, Long J, et al. An industrial network intrusion detection algorithm based on multi-feature data clustering optimization model[J], IEEE transactions on industrial informatics, IEEE. DOI: https://doi.org/10.1109/TII.2019.2946791

  13. Cui Z, Ge SS, Cao Z et al (2015) Analysis of different sparsity methods in constrained RBM for sparse representation in cognitive robotic perception[J]. Journal of Intelligent & Robotic Systems 80(1):121–132

    Google Scholar 

  14. Ji NN, Zhang JS, Zhang CX (2014) A sparse-response deep belief network based on rate distortion theory[J]. Pattern Recogn 47(9):3179–3191

    Google Scholar 

  15. Hu Z, Hu W, Zhang C (2014) Training deep belief network with sparse hidden units[C]//Chinese conference on pattern recognition. Springer, Berlin, Heidelberg, pp 11–20

    Google Scholar 

  16. Chen D, Lv J, Yi Z (2018) Graph regularized restricted Boltzmann machine [J]. IEEE Transactions on Neural Networks & Learning Systems 29(6):2651–2659

    MathSciNet  Google Scholar 

  17. Alom M Z, Bontupalli V R, Taha T M. Intrusion detection using deep belief networks[C]//2015 National Aerospace and electronics conference (NAECON). IEEE, 2015: 339–344

  18. Adil S H, Ali S S A, Raza K, et al. An improved intrusion detection approach using synthetic minority over-sampling technique and deep belief networks[C]//SoMeT, 2014: 94–102

  19. Yu L (2018) Research on intrusion detection based on deep confidence network[J]. Computer Science and Application 08(05):687–701

    Google Scholar 

  20. Selvakumar B, Muneeswaran K (2019) Firefly algorithm based feature selection for network intrusion detection[J]. Computers & Security 81:148–155

    Google Scholar 

  21. Chen CLP, Zhang CY, Chen L et al (2015) Fuzzy restricted Boltzmann machine for the enhancement of deep learning[J]. IEEE Trans Fuzzy Syst 23(6):2163–2173

    Google Scholar 

  22. Merino ER, Castrillejo FM, Pin JD (2017) Neighborhood-based stopping criterion for contrastive divergence[J]. IEEE transactions on neural networks and learning systems 29(7):2695–2704

    MathSciNet  Google Scholar 

  23. Fatemi M, Granström K, Svensson L et al (2017) Poisson multi-Bernoulli mapping using Gibbs sampling[J]. IEEE Trans Signal Process 65(11):2814–2827

    MathSciNet  MATH  Google Scholar 

  24. Wang L, Ye P, Xiang J. A modified algorithm based on smoothed L0 norm in compressive sensing signal reconstruction[C]//2018 25th IEEE international conference on image processing (ICIP). IEEE, 2018: 1812–1816

  25. Keyvanrad M A, Homayounpour M M. Normal sparse deep belief network[C]//2015 international joint conference on neural networks (IJCNN). IEEE, 2015: 1–7

  26. Alom M Z, Bontupalli V R, Taha T M. Intrusion detection using deep belief networks[C]//2015 National Aerospace and electronics conference (NAECON). IEEE, 2015: 339–344

  27. Niyaz Q, Sun W, Javaid A Y. A deep learning based DDoS detection system in software-defined networking (SDN) [J]. arXiv preprint arXiv:1611.07400, 2016

  28. Chen P, Han D, Tan F, et al. Reinforcement-based robust variable pitch control of wind turbines[J]. IEEE access, IEEE. DOI: https://doi.org/10.1109/ACCESS.2020.2968853

  29. Rathore S, Saxena A, Manoria M. Intrusion detection system on KDDCup99 dataset: a survey[J]. Int J Comput Sci Inf Tech, 2015

  30. Parsaei MR, Rostami SM, Javidan R (2016) A hybrid data mining approach for intrusion detection on imbalanced NSL-KDD dataset[J]. Int J Adv Comput Sci Appl 7(6):20–25

    Google Scholar 

  31. Khan FA, Gumaei A, Derhab A et al (2019) A novel two-stage deep learning model for efficient network intrusion detection[J]. IEEE Access 7:30373–30385

    Google Scholar 

  32. Moustafa N, Slay J. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]//2015 military communications and information systems conference (MilCIS). IEEE, 2015: 1–6

  33. Moustafa N, Slay J (2016) The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J]. Information Security Journal: A Global Perspective 25(1–3):18–31

    Google Scholar 

  34. Liang W, Fan Y, Li K C, et al. Secure data storage and recovery in industrial Blockchain network environments[J]. IEEE transactions on industrial informatics, IEEE. DOI:https://doi.org/10.1109/TII.2020.2966069

  35. Dewa Z, Maglaras LA (2016) Data mining and intrusion detection systems[J]. Int J Adv Comput Sci Appl 7(1):62–71

    Google Scholar 

  36. Liang W, Tang M, Long J et al (2019) A secure fabric blockchain-based data transmission technique for industrial internet-of-things[J]. IEEE Transactions on Industrial Informatics 15(6):3582–3592

    Google Scholar 

  37. Li L, Xie L, Li W et al (2018) Improved deep belief networks (IDBN) dynamic model-based detection and mitigation for targeted attacks on heavy-duty robots[J]. Appl Sci 8(5):2076–3417

    Google Scholar 

  38. Liu H, Han D, Li D (2020) Fabric-iot: a Blockchain-based access control system in IoT[J]. IEEE Access 8:18207–18218

    Google Scholar 

  39. Gajera V, Gupta R, Jana P K. An effective multi-objective task scheduling algorithm using min-max normalization in cloud computing[C]//2016 2nd international conference on applied and theoretical computing and communication technology (iCATccT). IEEE, 2016: 812–816

  40. Khemiri H, Petrovska-Delacretaz D. Cohort selection for text-dependent speaker verification score normalization[C]//2016 2nd international conference on advanced Technologies for Signal and Image Processing (ATSIP). IEEE, 2016: 689–692

  41. Li J, Zhao Z, Li R et al (2018) AI-based two-stage intrusion detection for software defined IoT networks[J]. IEEE Internet Things J 6(2):2093–2102

    Google Scholar 

  42. Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for internet of things[J]. Futur Gener Comput Syst 82:761–768

    Google Scholar 

  43. Yang Y, Zheng K, Wu C et al (2019) Building an effective intrusion detection system using the modified density peak clustering algorithm and deep belief networks[J]. Appl Sci 9(2):238

    Google Scholar 

  44. Djenouri Y, Belhadi A, Lin JCW et al (2019) Adapted k-nearest neighbors for detecting anomalies on spatio–temporal traffic flow[J]. IEEE Access 7:10015–10027

    Google Scholar 

  45. Zhang Y, Li P, Wang X (2019) Intrusion detection for IoT based on improved genetic algorithm and deep belief network[J]. IEEE Access 7:31711–31722

    Google Scholar 

Download references

Acknowledgments

This work is supported by the National Natural Science Foundation of China (No. 61672338 and No. 61873160).

Author information

Authors and Affiliations

  1. College of Information Engineering, Shanghai Maritime University, Shanghai, China

    Qiuting Tian, Dezhi Han, Xingao Liu & Letian Duan

  2. Department of Computer Science and Information Engineering (CSIE), Providence University, Taichung City, Taiwan

    Kuan-Ching Li

  3. Department of Computer Science, University of Salerno, Fisciano, SA, Italy

    Arcangelo Castiglione

Authors
  1. Qiuting Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dezhi Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kuan-Ching Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xingao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Letian Duan
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Arcangelo Castiglione
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kuan-Ching Li.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tian, Q., Han, D., Li, KC. et al. An intrusion detection approach based on improved deep belief network. Appl Intell 50, 3162–3178 (2020). https://doi.org/10.1007/s10489-020-01694-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10489-020-01694-4

Keywords

Search

Navigation