Network Intrusion Detection System with Time-Based Sequential Cluster Models using LSTM and GRU

Authors

  • Ravi Vendra Rishika Institut Teknologi Sepuluh Nopember
  • Baskoro Adi Pratomo Institut Teknologi Sepuluh Nopember
  • Shintami Chusnul Hidayati Institut Teknologi Sepuluh Nopember

DOI:

https://doi.org/10.12962/j24068535.v23i1.a1241

Abstract

Technological development and the growth of the internet today have a positive and revolutionary impact in various areas of human life, such as banking, health, science, and more. The presence of Open Data and Open API also facilitates the exchange of data and information between entities without the restrictions imposed by different regions and geographical areas. However, information openness not only has a positive impact but also makes data vulnerable to data theft, viruses, and various other types of cyber attacks. The large-scale data exchange that occurs across the network poses a challenge in detecting unusual activity and new cyber attacks. Therefore, the existence of an Intrusion Detection System (IDS) is urgently essential. The IDS helps system administrators detect cyber attacks and network anomalies, thus minimizing the risk of data leaks and intrusions. The research developed a new approach using time-based sequential clustered data sets in the Long Short Term Memory (LSTM) and Gated Recurrent Unit (GRU) models. This IDS model was implemented using the CIC-IDS 2018 data set, which has more than 4 million data lines. The capabilities and uniqueness of the LSTM and GRU models are used to classify and determine various attacks in IDS based on sequential data sets ordered by time and clustered according to the destination ports and protocols, such as TCP and UDP. The model was evaluated using the accuracy, precision, recall, and F-1 scores matrix, and the results showed that the time-based sequential clustered models in LSTM and GRU have an accurities of up to 97.21%. This suggests that this new approach is good enough to be applied to the future IDS models.

Author Biographies

  • Ravi Vendra Rishika, Institut Teknologi Sepuluh Nopember
    Department of Informatics, Faculty of Intelligent Electrical and Informatics Technology
  • Baskoro Adi Pratomo, Institut Teknologi Sepuluh Nopember
    Department of Informatics, Faculty of Intelligent Electrical and Informatics Technology
  • Shintami Chusnul Hidayati, Institut Teknologi Sepuluh Nopember
    Department of Informatics, Faculty of Intelligent Electrical and Informatics Technology

References

Chen, L. and Liu, W. (2022), ‘The effect of internet access on body weight: Evidence from china’, Journal of Health Economics 85, 102670. URL:https://www.sciencedirect.com/science/article/pii/S0167629622000856.

Czernich, N., Falck, O., Kretschmer, T. and Woessmann, L. (2011), ‘Broadband Infrastructure and Economic Growth’, The Economic Journal 121(552), 505–532. URL:https://doi.org/10.1111/j.14680297.2011.02420.x.

Bhati, N. S. and Khari, M. (2021), Comparative analysis of classification based intrusion detection techniques, in ‘2021 5th International Confer-ence on Information Systems and Computer Networks (ISCON)’,pp. 1–6.

Taylor, H. (2015), ‘Biggest cybersecurity threats in 2016’, URL: http://www.cnbc. com/2015/12/28/biggest-cybersecurity-threats-in-2016. html (access date 23/01/2016).

Bhati, N. S., Khari, M., Garc ́ıa-D ́ıaz, V. and Verd ́u, E. (2020), ‘A review on intrusion detection systems and techniques’, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 28(Supp02), 65–91.

Debar, H., Dacier, M. and Wespi, A. (1999), ‘Towards a taxonomy of intrusion detection systems’, Computer networks 31(8), 805-822.

Ektefa, M., Memar, S., Sidi, F. and Affendey, L. S. (2010), Intrusion detection using data mining techniques, in ‘2010 International Conference on Information Retrieval & Knowledge Management (CAMP)’, IEEE, pp. 200–203.

Holtz, M. D., David, B. and de Sousa J ́unior, R. T. (2011), ‘Building scalable distributed intrusion detection systems based on the mapreduce framework’, Revista Telecommun 13(2), 22.

Ghribi, S., Makhlouf, A. M. and Zarai, F. (2018), C-dids: A cooperative and distributed intrusion detection system in cloud environment, in ‘2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC)’, IEEE, pp. 267–272.

Verwoerd, T. and Hunt, R. (2002), ‘Intrusion detection techniques and approaches’, Computer communications 25(15), 1356–1365.

Hochreiter, S. and Schmidhuber, J. (1997), ‘Long short-term memory’, Neural Computation 9(8), 1735–1780.

Chung, J., C ̧ aglar G ̈ulc ̧ehre, Cho, K. and Bengio, Y. (2014), ‘Empirical evaluation of gated recurrent neural networks on sequence modeling’, ArXiv abs/1412.3555.

Kumar, V. B., Nookesh, V. M., Saketh, B. S., Syama, S. and Ramprabhakar, J. (2021), Wind speed prediction using deep learning-lstm and gru, in ‘2021 2nd International Conference on Smart Electronics and Communication (ICOSEC)’, pp. 602–607.

S. Squartini, A. Hussain and F. Piazza, "Preprocessing based solution for the vanishing gradient problem in recurrent neural networks," Proceedings of the 2003 International Symposium on Circuits and Systems, 2003. ISCAS '03., Bangkok, Thailand, 2003, pp. V-V, doi: 10.1109/ISCAS.2003.1206412.

Syu, Y.-D., Wang, J.-C., Chou, C.-Y., Lin, M.-J., Liang, W.-C., Wu, L.-C. and Jiang, J.-A. (2020), Ultra-short-term wind speed forecasting for wind power based on gated recurrent unit, in ‘2020 8th International Electrical Engineering Congress (iEECON)’, pp. 1–4.

Stolfo, S. et al. (1999), ‘Kdd cup 1999 dataset’, UCI KDD repository. http://kdd.ics.uci.edu.

Haines, J. W., Lippmann, R. P., Fried, D. J., Tran, E., Boswell, S. and Zissman, M. A. (2001), Darpa intrusion detection system evaluation: Design and procedures, Technical report, Technical Report 1062, MIT Lincoln Laboratory.

Tadesse, Y. E. and Choi, Y.-J. (2023), ‘Cse-cic-ids2018 and nslkdd image dataset’. URL: https://dx.doi.org/10.21227/acha-tc06.

Liu, L., Engelen, G., Lynar, T., Essam, D. and Joosen, W. (2022), Error prevalence in nids datasets: A case study on cic-ids-2017 and cse-cic-ids-2018, in ‘2022 IEEE Conference on Communications and Network Security (CNS)’, pp. 254–262.

Kim, J., Kim, S., Wimmer, H. and Liu, H. (2021), A cryptocurrency prediction model using lstm and gru algorithms, in ‘2021 IEEE/ACIS 6th Inter-national Conference on Big Data, Cloud Computing, and Data Science (BCD)’, pp. 37–44.

Pavithra, M., Saruladha, K. and Sathyabama, K. (2019), Gru based deep learning model for prognosis prediction of disease progression, in ‘2019 3rd International Conference on Computing Methodologies and Communication (ICCMC)’, pp. 840–844.

Zor, K. and Bulus ̧, K. (2021), A benchmark of gru and lstm networks for short-term electric load forecasting, in ‘2021 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT)’, pp. 598–602.

L.-E. Pommé, R. Bourqui, R. Giot and D. Auber (2023), “Relative Confusion Matrix: Efficient Comparison of Decision Models,” in 2022 26th In-ternational Conference Information Visualisation (IV), Austria, https://doi.org/10.1109/IV56949.2022.0002.

A. Jierula, S. Wang, Tae-Min dan P. Wang (2021), “Study on Accuracy Metrics for Evaluating the Predictions of Damage Locations in Deep Piles Using Artificial Neural Networks with Acoustic Emission Data,” Applied Science, http://dx.doi.org/10.3390/app11052314.

P. Fränti dan R. Mariescu-Istodor (2023), “Soft precision and recall,” Pattern Recognition Letters, vol. 167, pp. 115-121, https://doi.org/10.1016/j.patrec.2023.02.005.

S. A. Hicks, I. Strümke, V. Thambawita, M. Hammou, M. A. Riegler, P. Halvorsen dan S. Parasa (2022), “On evaluation metrics for medical appli-cations of artificial intelligence,” Scientific Reports, vol. 12, no. 1, https://doi.org/10.1038/s41598-022-09954-8

Downloads

Published

2025-02-25

Issue

Vol. 23, No. 1, January 2025

Section

Articles

License

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in JUTI unless they receive approval for doing so from the Editor-in-Chief.

JUTI open access articles are distributed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.