DETECTION OF NETWORK ANOMALIES WITH NEURAL NETWORKS ALGORITHMS

Abstract

The rapid digitalization of the world has led to various attacks on computer systems and networks, so network security is an extremely important and relevant component of information security today. Creating effective cybersecurity tools and mechanisms is becoming increasingly difficult as the number of different devices and services grows. Identification of malicious traffic using deep learning methods has become a key component of intrusion detection systems (IDS). This article compares two deep learning models (recurrent neural network and convolutional neural network) for detecting anomalies in networks. Both neural networks were found to be useful in a wide range of applications. It has been shown that convolutional neural networks are best at detecting network anomalies in synergy with layers of long short-term memory. The development of deep learning technologies, including the considered neural network algorithms, is a promising direction in promoting the development of cybersecurity of information systems. These technologies are unique because they are at the initial stage of creation. The aforementioned technologies are currently not widespread in intrusion detection and network anomaly detection systems due to their novelty, so they require more thorough research. Conventional machine learning algorithms will eventually become insufficient, as they do not have such a good learning capability as deep learning neural networks do. The article provides a detailed analysis of the capabilities of recurrent and convolutional neural networks along with long short-term memory layers, which may be useful for use in further research.

Keywords: neural network, convolutional neural network, recurrent neural network, deep learning, machine learning, anomaly detection in computer network, long short-term memory.

References
1. A Convolutional Neural Network for Network Intrusion Detection System / L. Mohammadpour et al. Barcelona, 24–26 October 2018. 2018. P. 50–55.
2. A hybrid approach for feature selection based on genetic algorithm and recursive feature elimination / P. Rani et al. International journal of information system modeling and design. 2021. Vol. 12, no. 2. P. 17–38. URL: https://doi.org/10.4018/ijismd.2021040102 (date of access: 15.03.2023).
3. A hybrid CNN-LSTM based approach for anomaly detection systems in sdns / M. Abdallah et al. 2021. URL: https://dl.acm.org/doi/fullHtml/10.1145/3465481.3469190.
4. Attention and localization based on a deep convolutional recurrent model for weakly supervised audio tagging / Y. Xu et al. Interspeech 2017. ISCA, 2017. URL: https://doi.org/10.21437/interspeech.2017-486 (date of access: 15.03.2023).
5. Elbasani E., Kim J.-D. LLAD: life-log anomaly detection based on recurrent neural network LSTM. Journal of healthcare engineering. 2021. Vol. 2021. P. 1–7. URL: https://doi.org/10.1155/2021/8829403 (date of access: 15.03.2023).
6. Gradient-based learning applied to document recognition / Y. Lecun et al. Proceedings of the IEEE. 1998. Vol. 86, no. 11. P. 2278–2324. URL: https://doi.org/10.1109/5.726791 (date of access: 15.03.2023).
I. Cvitić, D. Perakovic, B. B. Gupta and K. -K. R. Choo, "Boosting-Based DDoS Detection in Internet of Things Systems," in IEEE Internet of Things Journal, vol. 9, no. 3, pp. 2109-2123, 1 Feb.1, 2022, doi: 10.1109/JIOT.2021.3090909.
7. Kasongo S. M. A deep learning technique for intrusion detection system using a Recurrent Neural Networks based framework. Computer communications. 2022.
URL: https://doi.org/10.1016/j.comcom.2022.12.010 (date of access: 15.03.2023).
8. Long-Term recurrent convolutional networks for visual recognition and description / J. Donahue et al. IEEE transactions on pattern analysis and machine intelligence. 2017. Vol. 39, no. 4. P. 677–691. URL: https://doi.org/10.1109/tpami.2016.2599174 (date of access: 15.03.2023).
9. LSTM learning with bayesian and gaussian processing for anomaly detection in industrial iot / D. Wu et al. IEEE transactions on industrial informatics. 2020. Vol. 16, no. 8. P. 5244–5253. URL: https://doi.org/10.1109/tii.2019.2952917 (date of access: 15.03.2023).
10. Malhotra P., Vig L., Shroff G. Long short-term memory networks for anomaly detection in time series. proceedings of the european symposium on artificial neural networks;. Bruges. P. 22–24.
11. Oehmcke S., Zielinski O., Kramer O. Input quality aware convolutional LSTM networks for virtual marine sensors. Neurocomputing. 2018. Vol. 275. P. 2603–2615. URL: https://doi.org/10.1016/j.neucom.2017.11.027 (date of access: 15.03.2023).
12. Review of anomaly detection systems in industrial control systems using deep feature learning approach / R. Kabore et al. Engineering. 2021. Vol. 13, no. 01. P. 30–44. URL: https://doi.org/10.4236/eng.2021.131003 (date of access: 15.03.2023).
13. Sak H., Beaufays F., Senior A. Long short-term memory recurrent neural network architectures for large scale acoustic modeling. 2014. URL: https://www.researchgate.net/publication/279714069_Long_short-term_memory_recurrent_neural_network_architectures_for_large_scale_acoustic_modeling.
14. Staudemeyer R. C. Applying long short-term memory recurrent neural networks to intrusion detection. South african computer journal. 2015. Vol. 56. URL: https://doi.org/10.18489/sacj.v56i1.248 (date of access: 15.03.2023).
15. T.-H. Meen, I. of Electrical, E. Engineers, N. F. University, I. I. of Knowledge Innovation, and Invention, “Anomaly detection for univariate time series with statistics and deep learning,” 2019
16. Xue-Wen Chen, Xiaotong Lin. Big data deep learning: challenges and perspectives. IEEE access. 2014. Vol. 2. P. 514–525. URL: https://doi.org/10.1109/access.2014.2325029 (date of access: 15.03.2023).
17. Young T., Nammous M. K., Saeed K. Advanced Computing and Systems for Security. Berlin, Germany: Springer; 2019. Natural language processing: speaker, language, and gender identification with LSTM; pp. 143–156.
18. Z. Zhou, L. Yao, J. Li, B. Hu, C. Wang and Z. Wang, "Classification of botnet families based on features self-learning under Network Traffic Censorship," 2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC), Shanghai, China, 2018, pp. 1-7, doi: 10.1109/SSIC.2018.8556792.