Next Article in Journal
Edge Even Graceful Labeling of Cylinder Grid Graph
Next Article in Special Issue
Battlefield Target Aggregation Behavior Recognition Model Based on Multi-Scale Feature Fusion
Previous Article in Journal
Analysis of Periodic Structures Made of Pins Inside a Parallel Plate Waveguide
Previous Article in Special Issue
Design of a Symmetry Protocol for the Efficient Operation of IP Cameras in the IoT Environment
Article Menu
Issue 4 (April) cover image

Export Article

Open AccessArticle

A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network

1
Department of Information and Communication Engineering, Dongguk University, 30-Pildong-ro 1-gil, Jung-gu, Seoul 100-715, Korea
2
Fraunhofer Institute for Applied Information Technology FIT, 53754 Sankt Augustin, Germany
3
Chair of Computer Science 5, RWTH Aachen University, 52074 Aachen, Germany
*
Author to whom correspondence should be addressed.
Symmetry 2019, 11(4), 583; https://doi.org/10.3390/sym11040583
Received: 29 March 2019 / Revised: 15 April 2019 / Accepted: 17 April 2019 / Published: 22 April 2019
(This article belongs to the Special Issue Symmetry-Adapted Machine Learning for Information Security)
  |  
PDF [659 KB, uploaded 24 April 2019]
  |  

Abstract

With the rapid advancements of ubiquitous information and communication technologies, a large number of trustworthy online systems and services have been deployed. However, cybersecurity threats are still mounting. An intrusion detection (ID) system can play a significant role in detecting such security threats. Thus, developing an intelligent and accurate ID system is a non-trivial research problem. Existing ID systems that are typically used in traditional network intrusion detection system often fail and cannot detect many known and new security threats, largely because those approaches are based on classical machine learning methods that provide less focus on accurate feature selection and classification. Consequently, many known signatures from the attack traffic remain unidentifiable and become latent. Furthermore, since a massive network infrastructure can produce large-scale data, these approaches often fail to handle them flexibly, hence are not scalable. To address these issues and improve the accuracy and scalability, we propose a scalable and hybrid IDS, which is based on Spark ML and the convolutional-LSTM (Conv-LSTM) network. This IDS is a two-stage ID system: the first stage employs the anomaly detection module, which is based on Spark ML. The second stage acts as a misuse detection module, which is based on the Conv-LSTM network, such that both global and local latent threat signatures can be addressed. Evaluations of several baseline models in the ISCX-UNB dataset show that our hybrid IDS can identify network misuses accurately in 97.29% of cases and outperforms state-of-the-art approaches during 10-fold cross-validation tests. View Full-Text
Keywords: intrusion detection system; deep learning; Spark ML; CNN; LSTM; Conv-LSTM intrusion detection system; deep learning; Spark ML; CNN; LSTM; Conv-LSTM
Figures

Graphical abstract

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Khan, M.A.; Karim, M.R.; Kim, Y. A Scalable and Hybrid Intrusion Detection System Based on the Convolutional-LSTM Network. Symmetry 2019, 11, 583.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Symmetry EISSN 2073-8994 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top