Week 7 Article Critique

profilespluousp
ANovelIntelligent-BasedIntrusionDetectionSystemApproachUsingDeepMultilayerClassification.pdf

Research Article A Novel Intelligent-Based Intrusion Detection System Approach Using Deep Multilayer Classification

A. Ugendhar,1 Babu Illuri,2 Sridhar Reddy Vulapula,3 Marepalli Radha,4 Sukanya K,5

Fayadh Alenezi,6 Sara A. Althubiti,7 and Kemal Polat 8

1Department of Computer Science and Engineering, Guru Nanak Institutions Technical Campus, Ibrahimpatnam, Hyderabad, Telangana-501506, India 2Department Electronics and Communication Engineering, Vardhaman College of Engineering, Hyderabad, India 3Department of Information Technology, Vignana Bharathi Institute of Technology, Hyderabad, India 4Department of Computer Science and Engineering, CVR College of Engineering, Mangalpalli (V), Ibrahimpatnam (M), R R District, Hyderabad, Telangana 501510, India 5Department of E.C.E, TKR College of Engineering and Technology, Meerpet, Ranga Reddy, Hyderabad, Telangana-500097, India 6Department of Electrical Engineering, Jouf University, Sakaka 72388, Saudi Arabia 7Department of Computer Science, College of Computer and Information Sciences, Majmaah University, Al-Majmaah 11952, Saudi Arabia 8Department of Electrical and Electronics Engineering, Bolu Abant Izzet Baysal University, Bolu, Turkey

Correspondence should be addressed to Kemal Polat; [email protected]

Received 15 March 2022; Accepted 13 April 2022; Published 6 May 2022

Academic Editor: Musavarah Sarwar

Copyright © 2022 A. Ugendhar et al. �is is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Cybersecurity in information technology (IT) infrastructures is one of the most signi�cant and complex issues of the digital era. Increases in network size and associated data have directly a�ected technological breakthroughs in the Internet and commu- nication areas. Malware attacks are becoming increasingly sophisticated and hazardous as technology advances, making it di�cult to detect an incursion. Detecting and mitigating these threats is a signi�cant issue for standard analytic methods. Furthermore, the attackers use complex processes to remain undetected for an extended period. �e changing nature and many cyberattacks require a quick, adaptable, and scalable defense system. For the most part, traditional machine learning-based intrusion detection relies on only one algorithm to identify intrusions, which has a low detection rate and cannot handle large amounts of data. To enhance the performance of intrusion detection systems, a new deep multilayer classi�cation approach is developed. �is approach comprises �ve modules: preprocessing, autoencoding, database, classi�cation, and feedback. �e classi�cation module uses an autoencoder to decrease the number of dimensions in a reconstruction feature. Our method was tested against a benchmark dataset, NSL- KDD. Compared to other state-of-the-art intrusion detection systems, our methodology has a 96.7% accuracy.

1. Introduction

Internet-enabled services have grown exponentially in re- cent years. According to current estimates, more than 60 billion Internet-connected gadgets will be available by 2023 [1]. Despite this, computer networks are continually at risk of attack from threat hackers via the Internet. �e concept of intrusion detection system (IDS) was �rst proposed by [2]. Since then, a number of IDS products have been developed and re�ned to meet the needs of network security. However,

because of the rapid advancement of technology over the previous decade, the size of networks and the number of applications handled by network nodes have been increased signi�cantly. As a result, a massive amount of critical data is being generated and shared across various network nodes. �ese data and network nodes’ security have grown in- creasingly di�cult due to many threats generated either through the mutation of an existing assault or through the development of a special attack. Security concerns can a�ect almost every node in a network [3]. For example, the data

Hindawi Mathematical Problems in Engineering Volume 2022, Article ID 8030510, 10 pages https://doi.org/10.1155/2022/8030510

node may be highly crucial for a company. )e company’s reputation and financial losses could be severely impacted if the node’s information is compromised. Ineffectiveness in detecting various attacks, including zero-day attacks, and minimizing false alarm rates has been demonstrated by existing IDSs (FAR). As a result, there is a growing demand for a network intrusion detection system that is efficient, accurate, and cost-effective to ensure robust network se- curity [4]. Figure 1 shows the cyberattacks on the MacAfee network in 2021.

With the help of firewalls and IDSs, various security threats can be effectively countered in a single system. Misuse and anomaly detection schemes are the two basic types of IDS schemes that can be implemented using various machine learning approaches. Detection systems rely pri- marily on the signatures of security threats and malicious activity to allow multiclass classification and multilevel detection. )e IDS, on the other hand, is unable to identify new assaults in which its signature does not exist. )ere- fore, these systems benefit from being better able to detect known harmful behavior and its variations. As an alter- native, anomaly detection-based IDS techniques rely on the usual behavior of users to detect new threats and only support binary classifications [5]. It is important to keep user profiles up-to-date in dynamic companies where roles occasionally shift [6]. As a result, some anomaly detection techniques may have an issue with false positives. Machine learning techniques are being used in various scenarios, including anomaly detection and misuse detection [7]. Because of the absence of labelled training datasets and the heavy reliance on retrieved features extracted by humans, conventional machine learning approaches cannot be deployed on big platforms [8]. In machine learning, deep learning is a new paradigm that uses artificial neural networks (ANNs) and has a better performance than existing methods.

Researchers have developed several ML and DL-based methods to improve NIDSs’ ability to detect malicious as- saults over the past decade. Although network traffic has risen, NIDSs’ ability to identify malicious intrusions has been restricted by the increased number of security threats that have resulted. To better detect network intrusions, researchers are just beginning to look into the potential of applying deep learning (DL) algorithms in NIDSs. Tradi- tional security methods cannot be directly applied to IoT devices because of their limited computational and basic resources. Rule-based detection approaches, on the other hand, were found to be effective [9] As a result, anomaly- based detection procedures are essential as IoTsurroundings and technology keep growing.

Deep neural networks (DNNs), including convolutional neural networks (CNN) [10], deep reinforcement learning (DRL) [11], and hybrid DNN structures (HDNN) [12–19], are being studied for their intrusion detection capabilities. Shallow neural networks (SNNs) are a subset of ANNs and the primary focus of deep learning research. Distinct from the more traditional SNNs with a hierarchy of networks, DNN can simulate more complex models because of its better modeling and abstract representation capabilities.

As a result, DNNs have a great deal of potential for creating helpful techniques by making use of excellent data representation.

1.1. Problem Statement. A single algorithm is commonly used in traditional ML-based intrusion detection, with low detection rates, rigid techniques, and high-dimensional data. When designing an intrusion detection framework for the modern Internet, it is important to keep in mind that it must react quickly and easily to the constantly changing envi- ronment. A wide-ranging intrusion detection framework is presented in this article, which can enhance the effectiveness of IDSs in many different ways. Traditional supervised machine learning techniques can benefit from DNN’s ability to produce more accurate data representations. However, the time complexity of some approaches, which rely on deep learning techniques, limits their effectiveness.

)e autoencoder (AE) model has inspired us to perform experiments using the AE model in real-world IDS appli- cations. First, high-dimensional redundant features are converted into a hyperspace representation linked to input data to lessen the training complexity and impact of high- dimensional redundant features. We used AE and a deep multilayer classifier to improve the classifications task.

)e following is a list of the important contributions of this work:

(i) Innovation in IDSs based on data analytics and deep multilayer classification techniques is being developed;

(ii) Designing and development of an IDS capable of efficiently distinguishing between distinct cyber- attack classes in the NLS-KDD dataset with high accuracy;

(iii) Development of an IDS with significant industrial application potential.

)e rest of the article is structured as follows: Section 2 briefly discusses some of the essential related works. A detailed presentation of the preliminaries is discussed in Section 3. Section 4 presents the proposed deep multilayer- based approach and autoencoders. Section 5 describes the features of the NSL-KDD dataset and algorithm. Results and discussion are presented in Section 5. Finally, Section 6 provides the conclusion and future scope.

Worms 13%

Malware 10%

Web 4%

Scan 4%

Others 14%

Brute Force 20%

DDoS Attacks 15%

Browser 20%

Figure 1: Cyberattacks on the MacAfee network in 2021.

2 Mathematical Problems in Engineering

2. Literature Survey

)e KDD99 and NSL-KDD datasets have been used in the literature to assess various IDSs. Assault classes in the NSL- KDD dataset were discovered using a three-layer MLP created by Yong et al. [20]. )e system’s accuracy was 79.9% for multilayer classification and 81.2% for binary classifi- cation on the test set. Chawla et al. [21] found a binary classification accuracy of 75.49% utilizing self-organizing maps while testing their method on the NSL-KDD dataset (SOMs). Sadiq et al. [22] used MLP and other classical learning methods to get a binary classification accuracy of 95.7%. )ere was k � 10 folds in the dataset, but this was done by the authors. Ishaque et al.’s [23] semisupervised learning approach is based on fuzzy and ensemble learning theories. An accuracy rating of 84% was achieved on the KDD test set using the NSL-KDD dataset. Deep belief networks (DBNs) for multilayer classification were created by Mighan et al. [24] using a restricted Boltzmann machine (RBM) architecture with a Softmax output layer. It was determined that the proposed approach was quite accurate, with only a false alarm rate of 2.47%, even though just 10% of the KDD99 test samples were employed. SDN was used to create a DNN for the purpose of anomaly detection in [25]. Training a neural network with three hidden layers was made possible thanks to the NSL-KDD dataset. Only six criteria and a two-way discriminating procedure have been utilized, as opposed to the usual (normal vs. abnormal). )e results of the experiments were correct 75% of the time. Deep neural networks trained on the KDD99 dataset have been proposed by Liu et al. [26]. A gradient-enhanced machine makes it simpler to detect intrusions (GBM). )e GBM parameters were fine-tuned using a grid search. For this investigation, the data from UNSW-NB15, NSL-KDD, and GPRS were all used. When it comes to accuracy and specificity testing, GAR forest, tree-based ensembles, and fuzzy classifiers are all outperformed by this approach. A random forest-based IDS’s false alarm rate and accuracy were also assessed in [27]. Also considered were data from GPRS, NSL-KDD, and UNSW-NB15. )is classifier is put up against others like Multilayer Perceptrons [28], NBTrees [29], a Random Tree ensemble [30], and Nave Bayes [31]. Study indicated that random forest-based IDSs beat other classifiers in terms of performance. Scan attacks, DoS at- tacks, and MITM subsets of ordinary traffic were analyzed by Farahnakian et al. [31]. )e combined DoS, scans, Mirai, and MITM assaults that were included in our analysis were not investigated for intrusion activities. A different study used a multistage classification technique based on clustering and oversampling [13–20] to forecast whether or not the in- trusion would occur.

2.1. Deep Learning-Based Intrusion Detection System. Commercial NIDS uses statistical measures or calculated thresholds to represent packet length, interarrival time, flow size, and other network traffic metrics [32]. False positive and false negative alarms are frequent occurrences. False negative notifications suggest that the NIDS is less likely to

detect attacks. In contrast, many false positive alerts show that the NIDS is more likely to warn even when no attack has occurred. Commercial solutions are ineffective because of today’s threats [33–38].

A self-learning is a powerful tool for confronting today’s threats. Unsupervised and semisupervised machine learning techniques are used to analyze different normal and mali- cious processes utilizing a vast corpus of regular and attack network and host-level events. Commercial viability for machine learning-based solutions is still in its infancy, but the literature on the topic is beginning to emerge. Current machine learning approaches have a high percentage of false positives and a high computational cost [39]. Machine learning classifiers can learn about basic TCP/IP features because of the localization of these features. TCP/IP in- formation is sent through numerous hidden layers to create hierarchical feature representations and hidden sequential links in deep learning. Deep learning has dramatically im- proved AI operations such as image processing, audio identification, and natural language processing [40]. As a result of its capability to learn new, previously unknown patterns from raw data, deep learning is often used in cybersecurity. To discover more complex traits, it employs a sequence of adjustments. Classification, picture identifica- tion, self-driving cars, and speech recognition are just some of the problems that deep learning and large datasets are being utilized to solve. Unknown layers are used to auto- matically choose features or mining properties and then execute training and testing on the given dataset to acquire classification results. In contrast to conventional machine learning, deep learning does not initially require the ex- traction of features, as is the case with regular machine learning. Various methods for deep learning are available, for example autoencoder. A support vector machine is used to learn features based on stack autoencoders rather than a Softmax in the STL-IDS architecture introduced in [41,42]. SVM outperformed Naive Bayes, random forest, and J48 on the NSL-KDD dataset with respect to classification accuracy and training and testing durations. Recurrent neural net- works were employed by H. Luo et al. [43] in order to detect intrusions (RNN). 83.28% of the time, they got it right. )e active deep learning system proposed by O Ludtke et al. [44] is a self-taught (STL) technique for learning features and dimensions. )e sparse autoencoder device can be used to reshape a unique feature illustration in an unsupervised manner. SVM is being used to increase the study’s classi- fication accuracy and speed. )e two- and five-category classifications are likewise shown to have upright compu- tations. J48, Naive Bayesian RF, and SVM have a lower precision rate in five-category classification than the SVM technique. M. Ahmed et al. [45] created a deep learning conjecture using feature extraction to build an IDS deep learning model. GRUs, MLPs, and Softmax modules were all part of the neural system he demonstrated for detecting intrusions, among other things. )e investigation used both KDD and NSL-KDD datasets. According to this study, the KDD 99 and NSL-KDD datasets were better served by utilizing BGRU and MLP together. For example, convolu- tional neural systems and autoencoders have been

Mathematical Problems in Engineering 3

extensively investigated by Bansod et al. [46]. Keras and )eano backends were used to train the model on a GPU- based test platform. Several organizational measures were used in this study, including the recipient working attribute, the area under the arc, the precision-recall curve, the mean average precision, and the classification accuracy.

3. Preliminaries

3.1. Autoencoder. Multilayer neural networks known as “autoencoders” provide the same output as their inputs with minimal reconstruction error since the output is similar to the input and has a small number of minimized variances. Unsupervised learning is used by the autoencoder to decode or reassemble the encoded output. Data may be reduced in dimension, features can be extracted, images can be com- pressed, and noise can be reduced by using an autoencoder. To keep things simple, we describe the general construction of an autoencoder without diving into specifics. Figure 2 gives the block scheme of the autoencoder.

)e four major components of a general autoencoder are the encoder, bottleneck, decoder, and reconstruction loss. Data from the input are further compressed using an en- coder, which helps to reduce the number of features the model must deal with. )e bottleneck is the layer of input data that has the most compressed data with the lowest features. Using a decoder, a model is able to decode the encoded representation and verify that output and input are exactly alike. Finally, the term “reconstruction loss” refers to the difference between the output of a decoder and the original input while evaluating its performance. In addition, backpropagation is used for training and to further mini- mize reconstruction losses. )e purpose of AE is to achieve this minimum loss. Compression of the input x into z � E(x) is achieved via the encoder function E. )e decoder D will attempt to recreate the input as x′ � D(E(x)). )e difference between the encoded and decoded vectors is the reconstruction loss in this case. Reconstruction loss can be measured using the mean squared error (MSE) technique:

Loss(E, D) � 1 n

􏽘

n

i�1 x

i − D E x

i 􏼐 􏼑􏼐 􏼑􏼐 􏼑

2 . (1)

Using Kullback–Leibler (KL) divergence, variational autoencoders (VAEs) may calculate reconstruction loss. Data in the latent space and data projected into the latent space have different probability distributions, which the KL divergence measures. )is nonnegative number indicates the degree to which the two distributions differ.

)ere are a variety of autoencoders, such as denoising, variational, convolution, and sparse autoencoders.

3.2. Deep Neural Network. We proposed an MLP model technique since biological neural network features influence it. An MLP known as a feedback neural network is repre- sented as inputs that can be passed from one node to another using a loop in the system. In mathematical terminology,

each layer of the MLP model contains a significant number of neurons or units. )ree or more layers, each with one or more hidden layers, make up this model, including an output layer. )e number of hidden layers may be deter- mined using a hyper-parameter selection strategy. Neural connections between layers allow information to move from one layer to the next. In mathematics, the MLP is defined as O: Rm × Rn, where m is the size of the input vector x � x1, x2, . . . , xm−1, xm, and N is the size of the output O(x) vector, which is a function of x. Each of the hi layers can be computed as follows:

hi(x) � f w T i x + bi􏼐 􏼑, (2)

where hi: R di− 1 ⟶Rdi, f: R⟶R, wi ∈R

ddi−1 , b ∈Rdi the size of the input is denoted by the variable di, and the nonlinear activation function is denoted by the variable f, which can be either a sigmoid (with values in the range [0, 1]) or a tangent function (values in the range [1, -1]). Figure 3 shows the deep neural network architecture.

4. Proposed Framework

)is research proposes a multilayer classification strategy for detecting both the presence of an intrusion and the type of intrusion in the Internet of )ings networks under the assumption of an unbalanced type of data. Training and testing datasets are separated, and the proposed method is implemented. )e core of the proposed intrusion detection framework consists of preprocessing, autoencoding, da- tabases, classification, and feedback modules. )ese di- verse functional modules are maintained to construct a practical intrusion detection framework with high accu- racy and low training complexity. )e colored lines in Figure 4 show these functions: the black line is for de- tection, orange is for retraining, and green is for resto- ration. Blue two-way lines depict processes that cross with other functions. Figure 4 presents the architecture of proposed framework.

)e Softmax function is the nonlinear activation func- tion in our MLP model for the classification problem of multiclass. Each class’s probabilities are output of the Softmax function, which selects the biggest value among the probabilities to provide a more accurate result for each class. All three activation functions’ mathematical formulas are given below:

X Encoder Z Decoder

Bottleneck

X

Figure 2: Autoencoder.

4 Mathematical Problems in Engineering

Sigmoid � 1

1 + e−x , (3)

Softmax xi( 􏼁 � e

xi

􏽐 n j�1 e

xj , (4)

where input is defined as x. Multiclass logistic regression is the same as a three-layer

MLP with a Softmax function in the output layer. In broad terms, MLP for a large number of hidden layers is formu- lated as follows:

H(x) � H1 Hl−1 Hl−2 . . . H1(x)( 􏼁( 􏼁( 􏼁( 􏼁. (5)

In order to enhance deep learning efficiency, our method is distinguished by its modeling of loss functions and ReLU, which are discussed in detail below.

4.1. Preprocessing. Due to the fact that the training and testing datasets contain both numerical and nominal values, they are normalized. Every feature should be scaled the same while normalizing values. Our method takes into account all of the dataset’s characteristics. As a result, each feature is essential.

4.2. Loss Functions. In order to get the most performance out of an MLP model, it is critical to choose an ideal pa- rameter. As a first stage, this incorporates the loss function. )e difference between the expected and actual values is calculated using a loss function, which is expressed as follows:

d(t, p) � ‖t − p‖ 2 2, (6)

where t stands for the desired value and p stands for the predicted value. Using p(pd) as the distribution of proba- bilities, multiclass classification uses the negative log probability with t as the target class:

d(t, p(pd) � −log p(pd)t. (7)

To speed up the learning process, researchers have found that a technique known as the “rectified linear unit” (or “ReLU”) has a high level of proficiency. As a result of ReLU, the vanishing and exploding gradient problem is signifi- cantly reduced in the history of neural networks. Compared

to the standard nonlinear activation functions like sigmoid and tangent [47], it is proven to be the most efficient way to train large datasets in terms of time and cost. As a result of this nonlinearity, neurons are referred to as [34]. ReLU is expressed as follows:

f(x) � max(0, x), (8)

where input is defined as x.

4.3. Autoencoder Training. )e autoencoder is trained only on standard data packets (Figure 5). )is method has various advantages. NSL-class KDD’s imbalance can be overcome by training the AE exclusively on typical traffic. It enables the model to distinguish between legitimate and malicious data transmission as a secondary benefit. )us, real-time appli- cations like fog devices can be better served because we can immediately decide whether or not data transmission is normal or under attack. Figure 5 shows the normal data are used for training the autoencoder.

Dataset for developing an autoencoder; based on the label or class of each data packet sample, D was separated into normal and attack datasets, respectively.

D0, D1←split(D),

where, D0← xi, y0( 􏼁,

i � 1, 2, . . . , k,

D1← xi, yi( 􏼁,

i � 1, 2, . . . , N − k,

(9)

where D0 is the “normal” dataset and D1 is the “attack” dataset. On D0, we train the AE. )e number of outputs generated by the AE is the same as the number of inputs; however, there is a loss in reconstruction for each xi. Attack data have a substantially larger reconstruction loss because the AE is only trained on “normal” data. An experiment led us to a point at which the value of reconstruction loss exceeded a certain threshold. An “attack” data point is defined as the one that has a reconstruction loss greater than the threshold value; otherwise, the data point is considered “normal.”

5. Results and Discussion

Experiments were carried out on NSL-KDD incursion data, a condensed form of KDDCup 99 data. It is possible to delete redundant connection records from the test data in KDDCup 99 by applying filters. )e outcomes were obtained after implementing the multilayer technique. )e studies were carried out on a personal computer with an Intel core i7-1065G7 processor and 1.30 GHz/16 GB of RAM, imbal- anced-learn, Scikit Learn [48], and Keras [49]. To test the suggested concept, Python libraries were employed. )e NSL-KDD dataset consists of 41 distinct features. Nominal, binary, and numeric features are subclasses. Nominal data cannot be used directly by an autoencoder.

All the input data must be in the form of a number. We used the deep multilayer classification approach to

Input layer Hidden layers Output layer

Figure 3: Deep neural network architecture.

Mathematical Problems in Engineering 5

preprocess the nominal or category information. Using the MinMax Scaler functions, the remaining characteristics are preprocessed. As a result of this operation, the 41 charac- teristics were multiplied by 2. )e autoencoder is then fed these features. )e parameters of the autoencoder were kept to a minimum. For the first detection step, we use an autoencoder. A “dropout layer” was added to the autoen- coder’s input to prevent overfitting. )is layer serves as a restriction on regularization. Autoencoding is prevented from replicating the input to create output using this input vali- dation method. )e dropout layer removes a random number of neurons from the input when training. Autoencoders have a single unnoticed hidden level. We found that the number of neurons in this hidden layer had a significant impact. Low precision is caused by a reduction in reconstruction error due to more neurons. )e model’s accuracy is also affected by the number of neurons in the system. According to our findings, neurons in the range of 4 to 10 in the hidden layer produce the best results. An “attack” is defined using a threshold value. )ere is a difference between an attack and a typical instance based on reconstruction error. We used model loss across training data instead of validation data to arrive at this result. Figure 6 shows that reconstruction error and neuron count are correlated. Figure 7 denotes the loss vs epoch during training and testing process using AE. Figure 8 presents the overall performance accuracy evaluation of the system using AE. Figure 9 gives the graphical representation of loss vs epoch during training and testing process using Deep MLP. Figure 10 shows the overall performance accuracy evaluation of the system using deep multilayer network.

5.1. Comparison with Recent State-of-the-Art Techniques. An extensive amount of study has been done on intrusion detection due to its importance in today’s cyber environment.

Detecting incursions using machine learning has been done in several methods. Over NSL-KDD, our method scores among the top in terms of accuracy when identifying in- trusions using standard machine learning and deep learning techniques. Table 1 reveals that autoencoder-based

Raw data

Feature library

Preprocessing module

EvaluationClassifier

Autoencoder module

Retrain Status

Label and storePredict

Autoencoder Sparse

Feedback module

Log

Results

Results

Recovery

Classification module

Data base module

Figure 4: Architecture of proposed framework.

Normalization

Split

Normal Data Attack Data

Autoencoder

NSL- KDD

Train+

Figure 5: Train the autoencoder by normal data.

3 0.005

0.01

0.015

R ec

on st

ru ct

io n

Lo ss

(m od

el )

4 5 6 7 8 9 10 No. of neurons in hidden layer

11 12 13 14 15

Figure 6: Correlation of reconstruction error and neuron count.

6 Mathematical Problems in Engineering

0.2

0 20

train test

40 60 epoch

80 100

0.4

0.6

0.8lo ss

1.0

1.2

1.4

Plot of loss vs epoch for train and test dataset

Figure 7: Loss vs epoch during training and testing process using AE.

0.2

0.3

0 20 40 60 epoch

80 100

0.4

0.5

0.6

ac cu

ra cy

0.7

0.8

0.9

1.0 Plot of accuracy vs epoch for train and test dataset

train test

Figure 8: Overall performance accuracy evaluation of the system using AE.

0.3 0 20 40 60

epoch 80 100

0.4

0.5

0.6ac cu

ra cy 0.7

0.8

0.9

1.0 Plot of accuracy vs epoch for train and test dataset

train test

Figure 10: Overall performance accuracy evaluation of the system using deep multilayer network.

0.104 0 20 40 60

epoch 80 100

0.106

0.108

lo ss 0.110

0.112

0.114

Plot of loss vs epoch for train and test dataset

train test

Figure 9: Graphical representation of loss vs epoch during training and testing process using deep MLP.

Inputs: X - input dataset, Subsampling size Output: Reconstruction loss for anomaly test data Step 1: Initialize data � { }; Step 2:# Initializing a MinMax Scaler scaler � MinMaxScaler() Step 3:# Instantiating the Autoencoder model � Autoencoder() # creating an early_stopping early_stopping � EarlyStopping(monitor � ’val_loss’, patience � 2, mode � ’min’)

# Compiling the model model.compile(optimizer � ’Adam’, loss � ’mae’)

Step 4: # mlp � Sequential() # initializing model # input layer and first layer with 50 neurons mlp.add(Dense(units � 50, input_dim � X_train.shape [1], activation � ’relu’)) # output layer with softmax activation mlp.add(Dense(units � 5,activation � ’softmax’))

ALGORITHM 1: Deep multilayer classification.

Table 1: Performance of the proposed IDS with the recent state-of- the-art techniques.

S.No Method Accuracy 1 RNN [2] 78.32 2 AE [39] 89.34 3 DNN + KNN [4] 92.14 4 ND-tree [33] 82.90 5 Isolation forest [46] 92.50 6 Proposed method 96.70

Mathematical Problems in Engineering 7

approaches outperformed the competition. NSL-KDDTrainC and NSL-KDDTestC datasets were used to test the procedures in Table 1.

6. Conclusions

Deep multilayer classification autoencoder-driven intelli- gent intrusion detection was proposed in this article. )e NSL-KDD dataset was used as a baseline for the proposed IDS. )e AE architecture was fed with the most important properties discovered by data-driven deep learning, which comprises a single hidden layer with 50 units (AE50). According to Table 1 and recent state-of-the-art, the sug- gested AE50 classifier was compared with deep and classical methods (Table 2). According to comparative results, the deep multilayer classifier outperformed all other approaches, with an accuracy of 96.70%.

A more accurate deep architecture, similar to NSL-KDD instances, will be built in the future to detect malicious assaults as they occur. For real-time analysis of big data, we want to look at how methodologies from [15,16] can be combined with the work we did here. )is way, long-term learning, faster decision criteria, and less computational complexity can be used [50].

Data Availability

)e datasets used to support the findings of this study are available from the authors upon reasonable request.

Ethical Approval

)is article does not contain any studies with human participants. No animal studies were involved in this review.

Conflicts of Interest

)e authors declare that they have no conflicts of interest.

Authors’ Contributions

All authors contributed equally to this work. In addition, all authors have read and approved the final manuscript and gave their consent to publish the article.

References

[1] D. L. Aguilar, M. A. M. Perez, O. Loyola-Gonzalez, K.-K. R. Choo, and E. Bucheli-Susarrey, “Towards an inter- pretable autoencoder: a decision tree-based autoencoder and its application in anomaly detection,” IEEE Transactions on Dependable and Secure Computing, p. 1, 2022.

[2] M. Catillo, A. Pecchia, and U. Villano, “AutoLog: anomaly detection by deep autoencoding of system logs,” Expert Systems with Applications, vol. 191, Article ID 116263, 2022.

[3] E. Cruz-Esquivel and Z. J. Guzman-Zavaleta, “An examina- tion on autoencoder designs for anomaly detection in video surveillance,” IEEE Access, vol. 10, pp. 6208–6217, 2022.

[4] H. Zhang, W. Guo, S. Zhang, H Lu, and X Zhao, “Unsu- pervised deep anomaly detection for medical images using an improved adversarial autoencoder,” Journal of Digital Im- aging, vol. 35, no. 2, pp. 153–161, 2022.

[5] G. Baig Mohammad, S. Shitharth, and P. Revanth Kumar, “Integrated machine learning model for an URL phishing detection,” International Journal of Grid and Distributed Computing, vol. 14, no. 1, pp. 513–529, 2021.

[6] C. Savaglio, M. Ganzha, M. Paprzycki, C. Bădică, M. Ivanović, and G. Fortino, “Agent-based internet of things: state-of-the- art and research challenges,” Future Generation Computer Systems, vol. 102, pp. 1038–1053, 2020.

[7] N. Angelova, G. Kiryakova, and L. Yordanova, “)e great impact of internet of things on business,” Trakia Journal of Science, vol. 15, no. 1, pp. 406–412, 2017.

[8] G. )amilarasu and S. Chawla, “Towards deep-learning- driven intrusion detection for the internet of things,” Sensors, vol. 19, no. 9, p. 1977, 2019.

[9] R. Williams, E. McMahon, S. Samtani, M. Patton, and H. Chen, “Identifying vulnerabilities of consumer Internet of )ings (IoT) devices: a scalable approach,” in Proceedings of the 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 179–181, Beijing, China, July 2017.

[10] R. Damasevicius, A. Venckauskas, S. Grigaliunas et al., “LITNET-2020: an annotated real-world network flow dataset for network intrusion detection,” Electronics, vol. 9, no. 5, p. 800, 2020.

[11] A. Nauman, Y. A. Qadri, M. Amjad, Y. B. Zikria, M. K. Afzal, and S. W. Kim, “Multimedia internet of things: a compre- hensive survey,” IEEE Access, vol. 8, pp. 8202–8250, 2020.

[12] I. Ullah and Q. H. Mahmoud, “A scheme for generating a dataset for anomalous activity detection in IoT networks,” in Proceedings of the Canadian Conference on Artificial Intelli- gence, pp. 508–520, Springer, Cham, Switzerland, May 2020.

Table 2: Comparison with other similar research work.

Reference Systematic study Focused on NIDS AI-based techniques Future scope

ML DL Yong et al. [20] × × ✓ × ✓ Sadiq et al. [22] × × ✓ ✓ ✓ Marta et al. [2] × ✓ ✓ ✓ ✓ Zhang et al. [4] × × ✓ × ✓ )amilarasu et al. [8] × ✓ ✓ ✓ ✓ Farahnakian et al. [31] × × ✓ × ✓ Proposed approach ✓ ✓ ✓ ✓ ✓

8 Mathematical Problems in Engineering

[13] F. Alenezi, “Image dehazing based on pixel guided CNN with PAM via graph cut,” Computers, Materials & Continua, vol. 71, no. 2, pp. 3425–3443, 2022.

[14] F. Alenezi, A. Armghan, S. N. Mohanty, R. H. Jhaveri, and P. Tiwari, “Block-greedy and CNN based underwater image dehazing for novel depth estimation and optimal ambient light,” Water, vol. 13, no. 23, p. 3470, 2021.

[15] G. P. Joshi, F. Alenezi, G. )irumoorthy, A. K. Dutta, and J. You, “Ensemble of deep learning-based multimodal remote sensing image classification model on unmanned aerial ve- hicle networks,” Mathematics, vol. 9, no. 22, p. 2984, 2021.

[16] F. Alenezi and K. C. Santosh, “Geometric regularized Hopfield neural network for medical image enhancement,” Interna- tional Journal of Biomedical Imaging, vol. 2021, Article ID 6664569, 12 pages, 2021.

[17] F. Alenezi and E. Salari, “A fuzzy-based medical image fusion using a combination of maximum selection and Gabor filters,” International Journal of Engineering Sciences, vol. 9, pp. 118–129, 2018.

[18] F. S. Alenezi and S. Ganesan, “Geometric-pixel guided single- pass convolution neural network with graph cut for image dehazing,” IEEE Access, vol. 9, Article ID 29391, 2021.

[19] S. Majid, F. Alenezi, S. Masood, M. Ahmad, E. S. Gündüz, and K. Polat, “Attention based CNN model for fire detection and localization in real-world images,” Expert Systems with Ap- plications, vol. 189, Article ID 116114, 2022.

[20] B. Yong, W. Wei, K. C. Li et al., “Ensemble machine learning approaches for webshell detection in Internet of things en- vironments,” Trans. Emerg. Telecommun. Technol., p. e4085, 2020.

[21] N. V. Chawla, K. W. Bowyer, L. O. Hall, and W. P. Kegelmeyer, “SMOTE: synthetic minority over-sam- pling technique,” Journal of Artificial Intelligence Research, vol. 16, pp. 321–357, 2002.

[22] A. S. Sadiq, H. Faris, A. M. Al-Zoubi, S. Mirjalili, and K. Z. Ghafoor, “Fraud detection model based on multi-verse features extraction approach for smart city applications,” in Smart Cities Cybersecurity and Privacy, pp. 241–251, Elsevier, Amsterdam, )e Netherlands, 2019.

[23] M. Ishaque and L. Hudec, “Feature extraction using deep learning for intrusion detection system,” in Proceedings of the 2nd Int. Conf. Comput. Appl. Inf. Secur. (ICCAIS), pp. 1–5, Riyadh, Saudi Arabia, May 2019.

[24] S. N. Mighan and M. Kahani, “A novel scalable intrusion detection system based on deep learning,” International Journal of Information Security, vol. 20, pp. 1–17, 2020.

[25] C. Zhang, F. Ruan, L. Yin, X. Chen, L. Zhai, and F. Liu, “A deep learning approach for network intrusion detection based on NSL-KDD dataset,” in Proceedings of the IEEE 13th Int. Conf. Anti-Counterfeiting, Secur., Identification. (ASID), pp. 41–45, Xiamen, China, October 2019.

[26] Y. Liu, Q. Liao, J. Zhao, and Z. Han, “Deep learning-based encryption policy intrusion detection using commodityWiFi,” in Proceedings of the IEEE 5th Int. Conf. Comput. Commun. (ICCC), pp. 2129–2135, Chengdu, China, December 2019.

[27] R. Zhao, J. Yin, Z. Xue et al., “An efficient intrusion detection method based on dynamic autoencoder,” IEEE Wireless Communications Letters, vol. 10, no. 8, pp. 1707–1711, 2021.

[28] A. Basati and M. M. Faghih, “APAE: an IoT intrusion de- tection system using asymmetric parallel auto-encoder,” Neural Computing & Applications, pp. 1–21, 2021.

[29] W. Xu, Y. Fan, and C. Li, “I2DS: interpretable intrusion detection system using autoencoder and additive tree,”

Security and Communication Networks, vol. 2021, Article ID 5564354, 9 pages, 2021.

[30] M. Al-Qatf, Y. Lasheng, M. Al-Habib, and K. Al-Sabahi, “Deep learning approach combining sparse autoencoder with SVM for network intrusion detection,” IEEE Access, vol. 6, Article ID 52856, 2018.

[31] F. Farahnakian and J. Heikkonen, “A deep auto-encoder based approach for intrusion detection system,” in Proceed- ings of the 20th Int. Conf. Adv. Commun. Technol. (ICACT), pp. 178–183, Chuncheon, Korea (South), February. 2018.

[32] Y. Yu, J. Long, and Z. Cai, “Session-based network intrusion detection using a deep learning architecture,” in Modeling Decisions for Artificial Intelligence, pp. 144–155, Springer, Cham, Switzerland, 2017.

[33] D. Ratasich, F. Khalid, F. Geissler, R. Grosu, M. Shafique, and E. Bartocci, “A roadmap toward the resilient internet of things for cyber-physical systems,” IEEE Access, vol. 7, Article ID 13283, 2019.

[34] N. Daldal, M. Nour, and K. Polat, “A novel demodulation structure for quadrate modulation signals using the seg- mentary neural network modelling,” Applied Acoustics, vol. 164, Article ID 107251, 2020.

[35] N. Daldal, A. Sengur, K. Polat, and Z. Cömert, “A novel demodulation system for base band digital modulation signals based on the deep long short-term memory model,” Applied Acoustics, vol. 166, Article ID 107346, 2020.

[36] N. Daldal, Z. Cömert, and K. Polat, “Automatic determination of digital modulation types with different noises using Convolutional Neural Network based on time-frequency information,” Applied Soft Computing, vol. 86, 2020 ISSN 1568-4946, Article ID 105834.

[37] M. Nour, N. Daldal, M. F. Kahraman, H. Sindi, A. Alhudhaif, and K. Polat, “A novel tilt and acceleration measurement system based on Hall-effect sensors using neural networks,” Mathematical Problems in Engineering, vol. 2022, Article ID 7000486, 13 pages, 2022.

[38] M. F. Kahraman and S. Öztürk, “Experimental study of newly structural design grinding wheel considering response surface optimization and Monte Carlo simulation,” Measurement, vol. 147, Article ID 106825, 2019.

[39] C. Liu, J. Liu, J. Wang, S. Xu, H. Han, and Y. Chen, “An attention-based spatiotemporal gated recurrent unit network for point-of-interest recommendation,” ISPRS International Journal of Geo-Information, vol. 8, no. 8, p. 355, 2019.

[40] A. Boukerche, L. Zheng, and O. Alfandi, “Outlier detection: methods, models, and classification,” ACM Computing Sur- veys, vol. 53, no. 3, pp. 1–37, 2020.

[41] V. Cerqueira, L. Torgo, and C. Soares, “Layered learning for early anomaly detection: predicting critical health episodes,” in International Conference on Discovery Science, pp. 445–459, Springer, 2019.

[42] V. Garcia-Font, C. Garrigues, and H. Rifà-Pous, “A com- parative study of anomaly detection techniques for smart city wireless sensor networks,” Sensors, vol. 16, no. 6, p. 868, 2016.

[43] H. Luo and S. Zhong, “Gas turbine engine gas path anomaly detection using deep learning with Gaussian distribution,” in Proceedings of the 2017 Prognostics and System Health Management Conference (PHM-Harbin), pp. 1–6, IEEE, Harbin, China, July 2017.

[44] O. Lüdtke, A. Robitzsch, and S. G. West, “Regression models involving nonlinear effects with missing data: a sequential modeling approach using Bayesian estimation,” Psychological Methods, vol. 25, no. 2, pp. 157–181, 2019.

Mathematical Problems in Engineering 9

[45] M. Ahmed, A. N. Mahmood, and J. Hu, “A survey of network anomaly detection techniques,” Journal of Network and Computer Applications, vol. 60, pp. 19–31, 2016.

[46] S. D. Bansod and A. V. Nandedkar, “Crowd anomaly de- tection and localization using histogram of magnitude and momentum,” Be Visual Computer, vol. 36, no. 3, pp. 609–620, 2020.

[47] J. V. S. d. Chagas, R. F. Ivo, M. T. Guimarães, D. A. Rodrigues, E. D. S. Rebouças, and P. P. F. Rebouças, “Fast fully automatic skin lesions segmentation probabilistic with Parzen window,” Computerized Medical Imaging and Graphics, vol. 85, no. 12, Article ID 101774, 2020.

[48] A. Gharaibeh, M. A. Salahuddin, S. J. Hussini et al., “Smart cities: a survey on data management, security, and enabling technologies,” IEEE Communications Surveys & Tutorials, vol. 19, no. 4, pp. 2456–2501, 2017.

[49] D. Abadi, “Consistency tradeoffs in modern distributed da- tabase system design: CAP is only part of the story,” Com- puter, vol. 45, no. 2, pp. 37–42, 2012.

[50] S. )akur, A. Chakraborty, R. De, N. Kumar, and R. Sarkar, “Intrusion detection in cyber-physical systems using a generic and domain specific deep autoencoder model,” Computers & Electrical Engineering, vol. 91, Article ID 107044, 2021.

10 Mathematical Problems in Engineering

Copyright of Mathematical Problems in Engineering is the property of Hindawi Limited and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.