Next Article in Journal
Information Gain in Event Space Reflects Chance and Necessity Components of an Event
Previous Article in Journal
A New Methodology for Automatic Cluster-Based Kriging Using K-Nearest Neighbor and Genetic Algorithms
Open AccessArticle

An Intrusion Detection System Based on a Simplified Residual Network

by Yuelei Xiao 1,2,* and Xing Xiao 1
1
Institute of IOT and IT-based Industrialization, Xi’an University of Post and Telecommunications, Xi’an 710061, China
2
Shaanxi Provincial Information Engineering Research Institute, Xi’an 710075, China
*
Author to whom correspondence should be addressed.
Information 2019, 10(11), 356; https://doi.org/10.3390/info10110356
Received: 21 October 2019 / Revised: 12 November 2019 / Accepted: 14 November 2019 / Published: 18 November 2019
(This article belongs to the Section Artificial Intelligence)
Residual networks (ResNets) are prone to over-fitting for low-dimensional and small-scale datasets. And the existing intrusion detection systems (IDSs) fail to provide better performance, especially for remote-to-local (R2L) and user-to-root (U2R) attacks. To overcome these problems, a simplified residual network (S-ResNet) is proposed in this paper, which consists of several cascaded, simplified residual blocks. Compared with the original residual block, the simplified residual block deletes a weight layer and two batch normalization (BN) layers, adds a pooling layer, and replaces the rectified linear unit (ReLU) function with the parametric rectified linear unit (PReLU) function. Based on the S-ResNet, a novel IDS was proposed in this paper, which includes a data preprocessing module, a random oversampling module, a S-Resnet layer, a full connection layer and a Softmax layer. The experimental results on the NSL-KDD dataset show that the IDS based on the S-ResNet has a higher accuracy, recall and F1-score than the equal scale ResNet-based IDS, especially for R2L and U2R attacks. And the former has faster convergence velocity than the latter. It proves that the S-ResNet reduces the complexity of the network and effectively prevents over-fitting; thus, it is more suitable for low-dimensional and small-scale datasets than ResNet. Furthermore, the experimental results on the NSL-KDD datasets also show that the IDS based on the S-ResNet achieves better performance in terms of accuracy and recall compared to the existing IDSs, especially for R2L and U2R attacks. View Full-Text
Keywords: intrusion detection system; simplified residual network; simplified residual block; random oversampling; full connection; over-fitting intrusion detection system; simplified residual network; simplified residual block; random oversampling; full connection; over-fitting
Show Figures

Figure 1

MDPI and ACS Style

Xiao, Y.; Xiao, X. An Intrusion Detection System Based on a Simplified Residual Network. Information 2019, 10, 356.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop