The following was a project made for one of my graduate studies courses in the fall of 2020 in collaboration with Nhat Hieu Le.
Abstract
It has been shown that the traditional Network Intrusion Detection System (NIDS) has imposed limitations: Zero-day exploitation, high False Alarm Rate (FAR) and inability to process encrypted packets. Recently, machine learning (ML) and deep learning (DL) techniques have become promising alternative approaches to overcome these aforementioned disadvantages. This paper investigates the findings of research papers working on NIDS using DL algorithms and compares the accuracies of the proposed DL solutions with popular ML alternatives such as: Naive Bayes, Random Forest, Bayes Network, etc. The prediction time it takes to classify a record of network traffic will also be compared, since efficiency in time is an important metric for the NIDS as malicious activities need to be predicted and dealt with as soon as possible. The UNSW-NB15 dataset used in this paper is one that is widely studied for the purposes of anomaly detection. The dataset includes 9 different attack types for anomalous records, and so a few multi-label classification methods are also examined. Additionally, it will be shown that given a large enough dataset, deep learning methods result in a higher accuracy and competitive prediction time.
Report and Supplementary Resource
The rest of the report (including figures) can be found here. The supplementary document containing more figures and results can be found here.