Temporal Based Network Intrusion Detection With Recurrent Neural Network And Random Forest
An intrusion is any set of actions intended to compromise the confidentiality, integrity, or availability of a resource. Network intrusions are prevalent, increasingly sophisticated, and are adept at hiding from detection. To counteract this ever-evolving threat, Network-based Intrusion Detection Sy...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Published: |
2019
|
Subjects: | |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | An intrusion is any set of actions intended to compromise the confidentiality, integrity, or availability of a resource. Network intrusions are prevalent, increasingly sophisticated, and are adept at hiding from detection. To counteract this ever-evolving threat, Network-based Intrusion Detection System (NIDS) has since become a significant topic of research. Most network attacks are not caused by a single event, but a sequence of events. In order to mine the data from a sequence of events, conventional data mining approach is often inapplicable. In the case of conventional data mining, the relationship between the conditional attributes and the decision attribute is observed and investigated within the same record. In contrast, temporal classification considers the value of a class attribute based on the values of other attributes by taking advantage of the inherent sequences in the records. Thus, in this study, we present an approach in detecting network intrusions through the use of machine learning techniques. In addition to the human-engineered features that are extracted and aggregated to the latest time steps, our approach also factors in the previous events to classify an observation. Through a trained sequence model such as Long Short-Term Memory (LSTM) or Temporal Convolutional Network (TCN), high-level features can be retrieved from the outputs as the representation of past observations; and thereby allowing the Random Forest classifier to improve its predictive quality by incorporating both the original inputs and the learned representation into its training procedure. |
---|