Abstract. Networks are always under the threat of malicious intrusions. Deep learning models are used to help identify and mitigate intrusions before damage can occur. Various types of deep learning models have been researched, built, and tested with the goal of improving intrusion detection and efficiencies. In this paper, a two-phase deep learning approach called a Hybrid Intrusion Detection System (HIDS) is proposed that uses Bi-Directional Long Short-Term Memory Neural Network (BLSTM) to assess both flow-based network data and packet-based data. This approach is unique because BLSTM is employed rather than a traditional Deep Neural Network (DNN) and two models are used to assess both flow-based and packet-based data, whereas typically only one type of data is assessed. The two models were tested using the UNSW-NB15 dataset and performance was evaluated using accuracy, precision, recall, and F1-measure. Accuracy of the models was compared to results generated using DNN models. The BLSTM flow-based model achieved an accuracy of 96% compared to 93% using DNN. However, the BLSTM packet-based model achieved 76% accuracy, which is slightly lower than 81% using DNN. The results suggest that BLSTM is more effective in predicting flow-based data, but DNN is more effective in predicting packet-based data. Future work will be to improve the BLSTM packet-based model so that it is better than or comparable to DNN. Once this is achieved, analyzing both flow-based and packet-based data in a hybrid fashion using BLSTM could provide an extra layer of reliable protection if built in a cascaded scenario.
Andreas, Brook; Dilruksha, Jayaweera; and McCandless, Eric
"Flow-Based and Packet-Based Intrusion Detection Using BLSTM,"
SMU Data Science Review: Vol. 3:
3, Article 8.
Available at: https://scholar.smu.edu/datasciencereview/vol3/iss3/8