Multi-class Network Intrusion Detection with Class Imbalance via LSTM & SMOTE
| Autor: | Nawaz, Muhammad Wasim, Munawar, Rashid, Mehmood, Ahsan, Rahman, Muhammad Mahboob Ur, Abbasi, Qammer H. |
|---|---|
| Rok vydání: | 2023 |
| Předmět: | |
| Druh dokumentu: | Working Paper |
| Popis: | Monitoring network traffic to maintain the quality of service (QoS) and to detect network intrusions in a timely and efficient manner is essential. As network traffic is sequential, recurrent neural networks (RNNs) such as long short-term memory (LSTM) are suitable for building network intrusion detection systems. However, in the case of a few dataset examples of the rare attack types, even these networks perform poorly. This paper proposes to use oversampling techniques along with appropriate loss functions to handle class imbalance for the detection of various types of network intrusions. Our deep learning model employs LSTM with fully connected layers to perform multi-class classification of network attacks. We enhance the representation of minority classes: i) through the application of the Synthetic Minority Over-sampling Technique (SMOTE), and ii) by employing categorical focal cross-entropy loss to apply a focal factor to down-weight examples of the majority classes and focus more on hard examples of the minority classes. Extensive experiments on KDD99 and CICIDS2017 datasets show promising results in detecting network intrusions (with many rare attack types, e.g., Probe, R2L, DDoS, PortScan, etc.). Comment: 8 pages, 7 figures, 5 tables |
| Databáze: | arXiv |
| Externí odkaz: |
|