Title: High-Performance Intrusion Detection System using Deep Learning in Packet and Flow-Based Networks

Issue Number: Vol. 10, No. 2
Year of Publication: Jun - 2021
Page Numbers: 55-66
Authors: Kaniz Farhana, Maqsudur Rahman, Muhammad Anwarul Azim, Md. Tofael Ahmed
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong


The information revolution, extensive cloud computing, and enormous network traffic have made the security of systems from threats and attack more crucial. Continuous monitoring of the system and network from malicious incidents and vulnerabilities has a great role in the prevention of software and hardware resources. Intrusion Detection System has become a significant aspect of the security of the Internet and intranet where the pattern of data on networks constantly changes with time and new attacks. Many types of researches are concentrating on Deep Learning (DL) methods that provide effective solutions with great accuracy and performance for applying to big data related to security and privacy of network and system automation. In this paper, we investigated the performance of various DL techniques, Deep Neural Network, Convolutional Neural Network, Recurrent Neural Network (RNN), Long Short-Term Memory (LSTM), and Gated Recurrent Unit that is trained, validated, and tested using the CICIDS2017 dataset with some additional metadata that contained various fields including packet and flow-based network traffic. Then we proposed a Hybrid Bidirectional-RNN-LSTM model for multi-class and binary classification in the Keras and TensorFlow DL environments. With the selected important features, the experimental result of our proposed method produced more than 99% accuracy for both binary and multi-class classification which is higher compared to existing researches. Evaluation metrics such as confusion matrix, precision, recall, f1-score, and Receiver Operating Characteristics showed good results. These outcomes adduce that DL techniques have higher effectiveness for detecting intrusion in the packet and flow-based networks.