Next Article in Journal
Edge Even Graceful Labeling of Cylinder Grid Graph
Next Article in Special Issue
Battlefield Target Aggregation Behavior Recognition Model Based on Multi-Scale Feature Fusion
Previous Article in Journal
Analysis of Periodic Structures Made of Pins Inside a Parallel Plate Waveguide
Previous Article in Special Issue
Design of a Symmetry Protocol for the Efficient Operation of IP Cameras in the IoT Environment
Open AccessArticle

A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network

Department of Information and Communication Engineering, Dongguk University, 30-Pildong-ro 1-gil, Jung-gu, Seoul 100-715, Korea
Fraunhofer Institute for Applied Information Technology FIT, 53754 Sankt Augustin, Germany
Chair of Computer Science 5, RWTH Aachen University, 52074 Aachen, Germany
Author to whom correspondence should be addressed.
Symmetry 2019, 11(4), 583;
Received: 29 March 2019 / Revised: 15 April 2019 / Accepted: 17 April 2019 / Published: 22 April 2019
(This article belongs to the Special Issue Symmetry-Adapted Machine Learning for Information Security)
With the rapid advancements of ubiquitous information and communication technologies, a large number of trustworthy online systems and services have been deployed. However, cybersecurity threats are still mounting. An intrusion detection (ID) system can play a significant role in detecting such security threats. Thus, developing an intelligent and accurate ID system is a non-trivial research problem. Existing ID systems that are typically used in traditional network intrusion detection system often fail and cannot detect many known and new security threats, largely because those approaches are based on classical machine learning methods that provide less focus on accurate feature selection and classification. Consequently, many known signatures from the attack traffic remain unidentifiable and become latent. Furthermore, since a massive network infrastructure can produce large-scale data, these approaches often fail to handle them flexibly, hence are not scalable. To address these issues and improve the accuracy and scalability, we propose a scalable and hybrid IDS, which is based on Spark ML and the convolutional-LSTM (Conv-LSTM) network. This IDS is a two-stage ID system: the first stage employs the anomaly detection module, which is based on Spark ML. The second stage acts as a misuse detection module, which is based on the Conv-LSTM network, such that both global and local latent threat signatures can be addressed. Evaluations of several baseline models in the ISCX-UNB dataset show that our hybrid IDS can identify network misuses accurately in 97.29% of cases and outperforms state-of-the-art approaches during 10-fold cross-validation tests. View Full-Text
Keywords: intrusion detection system; deep learning; Spark ML; CNN; LSTM; Conv-LSTM intrusion detection system; deep learning; Spark ML; CNN; LSTM; Conv-LSTM
Show Figures

Graphical abstract

MDPI and ACS Style

Khan, M.A.; Karim, M.R.; Kim, Y. A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network. Symmetry 2019, 11, 583.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

Search more from Scilit
Back to TopTop