Skip to main content
SpringerLink
Log in

Using Deep Reinforcement Learning for Selecting Network Traffic Features in Intrusion Detection Systems

  • Published:
Programming and Computer Software Aims and scope Submit manuscript

Abstract

A network traffic feature selection technique based on deep reinforcement learning is proposed. This technique is a sequential procedure at each step of which a decision is made on whether or not the available features are sufficient for network traffic classification. The proposed technique makes it possible to vary the number of features from one classified instance to another. Experiments demonstrated that the proposed technique increases the generalization ability of classification models and reduces overfitting in network intrusion detection systems (IDSs) even if only unbalanced training datasets are available.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

Similar content being viewed by others

Notes

  1. https://openargus.org/

  2. https://github.com/ahlashkari/CICFlowMeter

  3. https://www.nfstream.org

  4. https://www.cl.cam.ac.uk/research/srg/netos/projects/brasil/

  5. https://www.snort.org/

REFERENCES

  1. Shalev-Shwartz, S. and Ben-David, S., Understanding Machine Learning: From Theory to Algorithms, Cambridge Univ. Press, 2014).

    Book  MATH  Google Scholar 

  2. Hardt, M., Recht, B., and Singer, Y., Train faster, generalize better: Stability of stochastic gradient descent, Int. Conference on Machine Learning, 2016, pp. 1225–1234.

  3. Vapnik, V., Levin, E., and Cun, Y.L., Measuring the VC-Dimension of a learning machine, Neural Comput., 1994, vol. 6, no. 5, pp. 851–876.

    Article  Google Scholar 

  4. Ling, C.X. and Sheng, V.S., Cost-sensitive learning and the class imbalance problem, Encyclopedia of Machine Learning, 2011, pp. 231–235.

  5. Lipmaa, H., Yung, M., and Lin, D., Survey and taxonomy of feature selection algorithms in intrusion detection systems, Int. Conference on Information Security and Cryptology, 2006, pp. 153–167.

  6. Moore, K.L., Bihl, T.J., and Bauer, K.W., Feature extraction and feature selection for classifying cyber traffic threats, J. Defense Model. Simul., 2017, vol. 14, no. 3, pp. 217–231.

    Article  Google Scholar 

  7. Hamed, T., Dara, R., and Kremer, S.C., Network intrusion detection system based on recursive feature addition and bigram technique, Comput. & Security, 2018, vol. 73, pp. 137–155.

    Article  Google Scholar 

  8. Zhou, Y., Cheng, G., Jiang, S., and Dai, M., Building an efficient intrusion detection system based on feature selection and ensemble classifier, Comput. Networks, 2020, vol. 174, pp. 107–123.

    Article  Google Scholar 

  9. Goryunov, M.N., Matskevich, A.G., and Rybolovlev, D.A., Synthesis of a machine learning model for detecting computer attacks based on the CICIDS2017 dataset, Eкю Proc. of the Institute for Syst. Programm. Ross. Akad., 2020, vol. 32, no. 5, pp. 81–94.

    Google Scholar 

  10. Dulac-Arnold, G., Denoyer, L., Preux, P., and Gallinari, P., Datum-wise classification: A sequential approach to sparsity, Joint European Conference on Machine Learning and Knowledge Discovery in Databases, 2011, pp. 375–390.

  11. Janisch, J., Pevny, T., and Lisy, V., Classification with costly features using deep reinforcement learning, Proc. of the AAAI Conference on Artificial Intelligence, 2019, Vol. 33, pp. 3959–3966.

  12. Hernandez-Garcia, J.F. and Sutton, R.S., Understanding multi-step deep reinforcement learning: A systematic study of the DQN target. arXiv preprint. arXiv:1901.07510. 2019.

  13. Schulman, J., Wolski, F., Dhariwal, P., Radford, A., and Klimov, O., Proximal policy optimization algorithms. arXiv preprint arXiv:1707.06347. 2017.

  14. Intrusion Detection Evaluation Dataset (CICIDS2017). https://www.unb.ca/cic/datasets/ids- 2017.htm. 2017.

  15. Les’ko, S.A., Models and Scenario of Threat Implementation for Internet Resources, Russ. Technol. J., 2020, vol. 8, no. 6, pp. 9–33.

    Article  Google Scholar 

  16. Bergstra, J., Bardenet, R., Bengio, Y., and Kegl, B., Algorithms for hyper-parameter optimization, Adv. Neural Inf. Process. Syst., 2011, vol. 24, pp. 123–145.

    Google Scholar 

  17. Prechelt, L., Early stopping-but when? Neural Networks: Tricks of the Trade, 1998, pp. 55–69.

  18. Krogh, A. and Hertz, J., A simple weight decay can improve generalization, Adv. Neural Inf. Process. Syst., 1991, vol. 4, pp. 230–245.

    Google Scholar 

  19. Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I., and Salakhutdinov, R., Dropout: a simple way to prevent neural networks from overfitting, J. Mach. Learning Res., 2014, vol. 15, no. 1, pp. 29–58.

    MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. MIREA – Russian Technological University, 119333, Moscow, Russia

    V. V. Belikov

Authors
  1. V. V. Belikov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to V. V. Belikov.

Ethics declarations

The author declares that he has no conflicts of interest.

Additional information

Translated by A. Klimontovich

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Belikov, V.V. Using Deep Reinforcement Learning for Selecting Network Traffic Features in Intrusion Detection Systems. Program Comput Soft 48, 359–368 (2022). https://doi.org/10.1134/S0361768822060020

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1134/S0361768822060020

Search

Navigation