A Novel Multimodal-Sequential Approach Based on Multi-View Features for Network Intrusion Detection

Haitao He; Xiaobing Sun; Hongdou He; Guyu Zhao; Ligang He; Jiadong Ren

doi:10.1109/ACCESS.2019.2959131

IEEE Access (Jan 2019)

A Novel Multimodal-Sequential Approach Based on Multi-View Features for Network Intrusion Detection

Haitao He,
Xiaobing Sun,
Hongdou He,
Guyu Zhao,
Ligang He,
Jiadong Ren

Affiliations

Haitao He: ORCiD; College of Information Science and Engineering, Yanshan University, Qinhuangdao, China
Xiaobing Sun: ORCiD; College of Information Science and Engineering, Yanshan University, Qinhuangdao, China
Hongdou He: ORCiD; College of Information Science and Engineering, Yanshan University, Qinhuangdao, China
Guyu Zhao: ORCiD; College of Information Science and Engineering, Yanshan University, Qinhuangdao, China
Ligang He: ORCiD; Department of Computer Science, University of Warwick, Coventry, U.K.
Jiadong Ren: ORCiD; College of Information Science and Engineering, Yanshan University, Qinhuangdao, China

DOI: https://doi.org/10.1109/ACCESS.2019.2959131
Journal volume & issue: Vol. 7
pp. 183207 – 183221

Abstract

Read online

Network intrusion detection systems (NIDS) are essential tools in ensuring network information security, and neural networks have become an increasingly popular solution for NIDS. However, with the gradual complexity of the network environment, the existing solutions using the conventional neural network cannot make full use of the rich information in the network traffic data due to its single structure. More importantly, this will lead to the existing NIDS have incomplete knowledge of the intrusion detection domain, and making it unable to achieve a high detection rate and good stability in the new environment. In this paper, we take a step forward and extract the different level features from the network connection, rather than a long feature vector used in the traditional approach, which can process feature information separately more efficiently. And further, we propose multimodal-sequential intrusion detection approach with special structure of hierarchical progressive network, which is supported by multimodal deep auto encoder (MDAE) and LSTM technologies. By design the special structure of hierarchical progressive network, our approach can efficiently integrate the different level features information within a network connection and automatically learn temporal information between adjacent network connections at the same time. Based on the three benchmark datasets from 1999 to 2017, including NSL-KDD, UNSW-NB15, and CICIDS 2017, we investigated the performance of our proposed approach on the task of detecting attacks within modern network. The experimental results show that the average accuracy of this method is 94% in binary classification and 88% in multi-class classification, which is at least 2% and 4% super than other methods respectively, and demonstrated that our model has excellent stability. Moreover, we further explore the multimodality and complementarity in traffic data, the experimental results show that the performance of detection model can be further improved in the range 2% to 5% when using our MDAE model to process the features of traffic data.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords