Deep Learning-based Intrusion Detection For Class-Oriented Unbalanced Networks

Network Intrusion Detection System(NIDS)is an important network defense for detecting intrusion events and is able to detect and stop network attacks to a certain extent.However,in the face of unbalanced network traffic data,network intrusion detection systems still struggle to achieve good performance.Based on the abovementioned problems,this paper investigates how to effectively improve the network intrusion detection system’s ability to detect and identify network attacks and how to effectively mitigate network traffic imbalance,with the following two components:A network intrusion detection model based on Goog Le Net and Shuffle Net networks is proposed.The core idea of the model is to introduce the Inception V1 module of the Goog Le Net network to widen and deepen the scale of the network intrusion detection model in a small way,in order to improve the model’s ability to learn the features of network traffic data;at the same time,the channel mash module of the Shuffle Net network is introduced to reorganise the order of the feature maps of each channel,so that the channels can interact with each other for information At the same time,the Shuffle Net network’s channel mashup module is introduced to reorganise the order of each channel’s feature map,enabling information interaction between channels and allowing the model to learn richer feature information.Experiments on both the CICIDS-2017 and CICIDS-2018 datasets show that the model outperforms the other models.In particular,on the CICIDS-2017 and CICIDS-2018 datasets,the model outperformed the next best model by 1.54%,1.18% and 1.36% and 2.42%,1.74% and2.35% on the Precision,Recall and F1-score metrics.To further validate the performance of the model,the CICIDS-2017 and CICIDS-2018 data sets were combined into a new dataset named CICIDS-1718,which has a larger volume of data and a more uneven number of categories.In the CICIDS-1718 dataset,the model outperformed the next best model by 6.4%,7.15% and 9.17% in terms of Precision,Recall and F1-score.All these experimental results show that the network intrusion detection model proposed in this paper can perform well in extremely unbalanced network traffic.(2)A resampling method SPE-ACGAN is proposed based on ACGAN(Auxiliary Classifier GAN)and SPE(Self-Paced Ensemble).this method resamples the training set during the training process,including synthesizing the data from a few classes of samples using ACGAN and censoring the majority of samples using SPE for culling.The core idea is to synthesize false network traffic data to fit the real network traffic data by the generator G of ACGAN,and the discriminator D continuously optimizes the quality of the network traffic data generated by the generator G and completes the data synthesis;the number of specified majority class samples is reduced by SPE,and the samples are "put into" k boxes according to the hardness value of each sample."k bins",and update the hardness value of each sample after random undersampling in k bins,and finally reduce the number of majority class samples to the specified number after several iterations.Experiments show that resampling on the dataset CICIDS-1718 can moderate the data imbalance problem of this dataset,resulting in a performance improvement of multiple machine learning and deep learning network intrusion detection models.In particular,the network intrusion detection model proposed in this paper achieved 88.63%,87.57% and 88.09% in Precision,Recall and F1-score respectively on the re-sampled CICIDS-1718 dataset by SPE-ACGAN,which were2.77%,1.18% and 0.1% better than those before re-sampling.