Abstract
As industrial and everyday devices become increasingly interconnected, the data volume within the Internet of Things (IoT) has experienced a substantial surge. This surge in data presents a heightened risk of IoT environments being vulnerable to cyber attacks, which poses a significant threat to the seamless functioning of both industrial and daily activities. Therefore, the implementation of Network Intrusion Detection System (IDS) is vital for safeguarding the security of IoT network environments. This paper introduces a network intrusion detection model based on deep learning (DL). The model aims to enhance detection accuracy by extracting features from both the spatial and temporal dimensions of network traffic data. To tackle the challenge of low detection accuracy arising from data imbalance, in this study, a Conditional Tabular Generative Adversarial Network (CTGAN) is utilized to generate synthetic data for the minority class. The objective is to enhance the volume of minority class samples, address data imbalance, and subsequently enhance the accuracy of network intrusion detection. The classification performance of the proposed model is validated on UNSW-NB15, CIC-IDS2018, and CIC-IOT2023 datasets. The experimental findings demonstrate that the suggested model attains elevated levels of classification accuracy across all three datasets. The model presented in this article is particularly well suited to handle multi-class intrusion detection tasks. The model demonstrates superior performance compared to other models used for comparison.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig3_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig4_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig5_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig6_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig7_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig8_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig9_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig10_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig11_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig12_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig13_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig14_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig15_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig16_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig17_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig18_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11227-024-06345-w/MediaObjects/11227_2024_6345_Fig19_HTML.png)
Data availability
UNSW-NB15 dataset: The dataset was created by the Network Range Laboratory at the University of New South Wales in Canberra and is available for download from https://research.unsw.edu.au/projects/unsw-nb15-dataset[72]. CSE-CIC-IDS2018 dataset: The dataset is generated by the cooperation between CSE and CIC for network intrusion detection tasks and is available for download from https://www.unb.ca/cic/datasets/ids-2018.html[73]. CIC-IOT2023: The dataset is data collected by CIC from the IoT laboratory it established and is available for download from https://www.unb.ca/cic/datasets/iotdataset-2023.html [74].
References
Zeeshan M, Riaz Q, Bilal MA et al (2022) Protocol-based deep intrusion detection for dos and DDOS attacks using UNSW-nb15 and bot-IoT data-sets. IEEE Access 10:2269–2283. https://doi.org/10.1109/ACCESS.2021.3137201
Lazzarini R, Tianfield H, Charissis V (2023) A stacking ensemble of deep learning models for IoT intrusion detection. Knowl Based Syst 279:110941. https://doi.org/10.1016/j.knosys.2023.110941
Liu Z, Su N, Qin Y et al (2020) A deep random forest model on spark for network intrusion detection. Mobile Inf Syst 1:6633252. https://doi.org/10.1155/2020/6633252
Mohammadpour L, Ling TC, Liew CS et al (2022) A survey of CNN-based network intrusion detection. Appl Sci. https://doi.org/10.3390/app12168162
Mu Q, Chen Y, Zhang Y (2012) Incremental svm algorithm to intrusion detection base on boundary areas. In: 2012 International Conference on Systems and Informatics (ICSAI2012), pp 198–201, https://doi.org/10.1109/ICSAI.2012.6223447
Aburomman AA, Ibne Reaz MB (2017) A novel weighted support vector machines multiclass classifier based on differential evolution for intrusion detection systems. Inf Sci 414:225–246. https://doi.org/10.1016/j.ins.2017.06.007
Song G, Guo J, Nie Y (2011) An intrusion detection method based on multiple kernel support vector machine. In: 2011 International Conference on Network Computing and Information Security, pp 119–123, https://doi.org/10.1109/NCIS.2011.123
Kuang F, Xu W, Zhang S (2014) A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl Soft Comput 18:178–184. https://doi.org/10.1016/j.asoc.2014.01.028
Saleh AI, Talaat FM, Labib LM (2019) A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers. Artif Intell Rev 51:403–443. https://doi.org/10.1007/s10462-017-9567-1
Sahu S, Mehtre BM (2015) Network intrusion detection system using j48 decision tree. In: 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp 2023–2026, https://doi.org/10.1109/ICACCI.2015.7275914
Ferrag MA, Maglaras L, Ahmim A et al (2020) RDTIDS: rules and decision tree-based intrusion detection system for internet-of-things networks. Future Internet. https://doi.org/10.3390/fi12030044
Louk MHL, Tama BA (2023) Dual-ids: a bagging-based gradient boosting decision tree model for network anomaly intrusion detection system. Expert Syst Appl 213:119030. https://doi.org/10.1016/j.eswa.2022.119030
Douiba M, Benkirane S, Guezzaz A et al (2023) An improved anomaly detection model for IoT security using decision tree and gradient boosting. J Supercomput 79(3):3392–3411. https://doi.org/10.1007/s11227-022-04783-y
Farnaaz N, Jabbar M (2016) Random forest modeling for network intrusion detection system. Procedia Computer Science 89:213–217. https://doi.org/10.1016/j.procs.2016.06.047, twelfth International Conference on Communication Networks, ICCN 2016, August 19- 21, 2016, Bangalore, India Twelfth International Conference on Data Mining and Warehousing, ICDMW 2016, August 19-21, 2016, Bangalore, India Twelfth International Conference on Image and Signal Processing, ICISP 2016, August 19-21, 2016, Bangalore, India
Zhang J, Zulkernine M, Haque A (2008) Random-forests-based network intrusion detection systems. IEEE Trans Syst Man Cybern Part C (Appl Rev) 38(5):649–659. https://doi.org/10.1109/TSMCC.2008.923876
Yin Y, Jang-Jaccard J, Xu W et al (2023) IGRF-RFE: a hybrid feature selection method for MLP-based network intrusion detection on UNSW-nb15 dataset. J Big Data 10(1):1–26. https://doi.org/10.1186/s40537-023-00694-8
Panda M, Patra MR (2007) Network intrusion detection using Naive Bayes. Int J Comput Sci Netw Secur 7(12):258–263
Alhakami W, Al-harbi A, Bourouis S et al (2019) Network anomaly intrusion detection using a nonparametric Bayesian approach and feature selection. IEEE Access 7:52181–52190. https://doi.org/10.1109/ACCESS.2019.2912115
Mukherjee S, Sharma N (2012) Intrusion detection using Naive Bayes classifier with feature reduction. Proc Technol 4:119–128. https://doi.org/10.1016/j.protcy.2012.05.017
Wisanwanichthan T, Thammawichai M (2021) A double-layered hybrid approach for network intrusion detection system using combined Naive Bayes and SVM. IEEE Access 9:138432–138450. https://doi.org/10.1109/ACCESS.2021.3118573
Liang W, Li KC, Long J et al (2020) An industrial network intrusion detection algorithm based on multifeature data clustering optimization model. IEEE Trans Ind Inf 16(3):2063–2071. https://doi.org/10.1109/TII.2019.2946791
Verma P, Anwar S, Khan S, et al (2018) Network intrusion detection using clustering and gradient boosting. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp 1–7, https://doi.org/10.1109/ICCCNT.2018.8494186
Yang Y, Zheng K, Wu C et al (2019) Building an effective intrusion detection system using the modified density peak clustering algorithm and deep belief networks. Appl Sci. https://doi.org/10.3390/app9020238
Tan L, Li C, **a J, Cao J (2019) Application of self-organizing feature map neural network based on k-means clustering in network intrusion detection. Comput Mater Contin. https://doi.org/10.32604/cmc.2019.03735
Esmaily J, Moradinezhad R, Ghasemi J (2015) Intrusion detection system based on multi-layer perceptron neural networks and decision tree. In: 2015 7th Conference on Information and Knowledge Technology (IKT), pp 1–5, https://doi.org/10.1109/IKT.2015.7288736
Hodo E, Bellekens X, Hamilton A, et al (2016) Threat analysis of IoT networks using artificial neural network intrusion detection system. In: 2016 International Symposium on Networks, Computers and Communications (ISNCC), pp 1–6, https://doi.org/10.1109/ISNCC.2016.7746067
Sheikhan M, Jadidi Z, Farrokhi A (2012) Intrusion detection using reduced-size RNN based on feature grou**. Neural Comput Appl 21:1185–1190. https://doi.org/10.1007/s00521-010-0487-0
Yin C, Zhu Y, Fei J et al (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961. https://doi.org/10.1109/ACCESS.2017.2762418
Almiani M, AbuGhazleh A, Al-Rahayfeh A et al (2020) Deep recurrent neural network for IoT intrusion detection system. Simul Modell Pract Theory 101:102031. https://doi.org/10.1016/j.simpat.2019.102031
Kim J, Kim J, Thi Thu HL, et al (2016) Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 International Conference on Platform Technology and Service (PlatCon), pp 1–5, https://doi.org/10.1109/PlatCon.2016.7456805
Althubiti SA, Jones EM, Roy K (2018) LSTM for anomaly-based network intrusion detection. In: 2018 28th International Telecommunication Networks and Applications Conference (ITNAC), pp 1–3, https://doi.org/10.1109/ATNAC.2018.8615300
Laghrissi F, Douzi S, Douzi K et al (2021) Intrusion detection systems using long short-term memory (LSTM). J Big Data 8(1):65. https://doi.org/10.1007/s00521-010-0487-0
Sivamohan S, Sridhar S, Krishnaveni S (2021) An effective recurrent neural network (RNN) based intrusion detection via bi-directional long short-term memory. In: 2021 International Conference on Intelligent Technologies (CONIT), pp 1–5, https://doi.org/10.1109/CONIT51480.2021.9498552
Imrana Y, **ang Y, Ali L et al (2021) A bidirectional LSTM deep learning approach for intrusion detection. Expert Syst Appl 185:115524. https://doi.org/10.1016/j.eswa.2021.115524
Putchala MK (2017) Deep learning approach for intrusion detection system (ids) in the internet of things (iot) network using gated recurrent neural networks (GRU) http://rave.ohiolink.edu/etdc/view?acc_num=wright1503680452498351
Agarap AFM (2018) A neural network architecture combining gated recurrent unit (gru) and support vector machine (svm) for intrusion detection in network traffic data. In: Proceedings of the 2018 10th International Conference on Machine Learning and Computing. Association for Computing Machinery, New York, NY, USA, ICMLC ’18, p 26-30, https://doi.org/10.1145/3195106.3195117,
Kurochkin II, Volkov SS (2020) Using GRU based deep neural network for intrusion detection in software-defined networks. IOP Conf Ser Mater Sci Eng 927(1):012035. https://doi.org/10.1088/1757-899X/927/1/012035
Ansari MS, Bartoš V, Lee B (2022) Gru-based deep learning approach for network intrusion alert prediction. Future Gener Comput Syst 128:235–247. https://doi.org/10.1016/j.future.2021.09.040
Mohammadpour L, Ling T, Liew C et al (2020) A mean convolutional layer for intrusion detection system. Secur Commun Netw 1:8891185. https://doi.org/10.1155/2020/8891185
Liu G, Zhang J (2020) CNID: research of network intrusion detection based on convolutional neural network. Discrete Dyn Nat Soc 1:4705982. https://doi.org/10.1155/2020/4705982
Kim J, Kim J, Kim H et al (2020) CNN-based network intrusion detection against denial-of-service attacks. Electronics. https://doi.org/10.3390/electronics9060916
Jo W, Kim S, Lee C et al (2020) Packet preprocessing in cnn-based network intrusion detection system. Electronics. https://doi.org/10.3390/electronics9071151
Al-Turaiki I, Altwaijry N (2021) A convolutional neural network for improved anomaly-based network intrusion detection. Big Data 9(3):233–252. https://doi.org/10.1089/big.2020.0263
Lam NT (2021) Detecting unauthorized network intrusion based on network traffic using behavior analysis techniques. Int J Adv Comput Sci Appl. https://doi.org/10.14569/IJACSA.2021.0120407
Yang H, Wang F (2019) Wireless network intrusion detection based on improved convolutional neural network. IEEE Access 7:64366–64374. https://doi.org/10.1109/ACCESS.2019.2917299
Khan RU, Zhang X, Alazab M, et al (2019) An improved convolutional neural network model for intrusion detection in networks. In: 2019 Cybersecurity and Cyberforensics Conference (CCC), pp 74–77, https://doi.org/10.1109/CCC.2019.000-6
Aljumah A (2021) IoT-based intrusion detection system using convolution neural networks. PeerJ Comput Sci 7:e721. https://doi.org/10.7717/peerj-cs.721
Akhtar MS, Feng T (2021) Deep learning-based framework for the detection of cyberattack using feature engineering. Secur Commun Netw 1:6129210. https://doi.org/10.1155/2021/6129210
Gamal M, Abbas H, Moustafa N et al (2021) Few-shot learning for discovering anomalous behaviors in edge networks. Comput Mater Contin 69:1823–1837. https://doi.org/10.32604/cmc.2021.012877
Yang L, Shami A (2022) A transfer learning and optimized cnn based intrusion detection system for internet of vehicles. In: ICC 2022 - IEEE International Conference on Communications, pp 2774–2779, https://doi.org/10.1109/ICC45855.2022.9838780
Zhang S, Du C (2020) Semi-supervised deep learning based network intrusion detection. In: 2020 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp 35–40, https://doi.org/10.1109/CyberC49757.2020.00016
Dey A (2020) Deep ids : A deep learning approach for intrusion detection based on ids 2018. In: 2020 2nd International Conference on Sustainable Technologies for Industry 4.0 (STI), pp 1–5, https://doi.org/10.1109/STI50764.2020.9350411
Kim A, Park M, Lee DH (2020) Ai-ids: Application of deep learning to real-time web intrusion detection. IEEE Access 8:70245–70261. https://doi.org/10.1109/ACCESS.2020.2986882
Cao B, Li C, Song Y et al (2022) Network intrusion detection model based on CNN and GRU. Appl Sci. https://doi.org/10.3390/app12094184
Zhao G, Ren C, Wang J, et al (2023) Iot intrusion detection model based on gated recurrent unit and residual network. Peer-to-Peer Networking and Applications, pp 1–13. https://doi.org/10.1007/s12083-023-01510-z
Gao J (2022) Network intrusion detection method combining CNN and BILSTM in cloud computing environment. Comput Intell Neurosci 2022(1):7272479. https://doi.org/10.1155/2022/7272479
Zhang H, Wu C, Zhang Z, et al (2022) Resnest: Split-attention networks. In: 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), pp 2735–2745, https://doi.org/10.1109/CVPRW56347.2022.00309
Oquab M, Bottou L, Laptev I, et al (2014) Learning and transferring mid-level image representations using convolutional neural networks. In: 2014 IEEE Conference on Computer Vision and Pattern Recognition, pp 1717–1724, https://doi.org/10.1109/CVPR.2014.222
Lin WC, Tsai CF, Hu YH et al (2017) Clustering-based undersampling in class-imbalanced data. Inf Sci 409–410:17–26. https://doi.org/10.1016/j.ins.2017.05.008
Chawla NV, Bowyer KW, Hall LO et al (2002) Smote: synthetic minority over-sampling technique. J Artif Intell Res 16:321–357. https://doi.org/10.1613/jair.953
Han H, Wang WY, Mao BH (2005) Borderline-smote: a new over-sampling method in imbalanced data sets learning. In: Huang DS, Zhang XP, Huang GB (eds) Advances in Intelligent Computing. Springer, Berlin Heidelberg, pp 878–887, https://doi.org/10.1007/11538059_91
He H, Bai Y, Garcia EA, et al (2008) Adasyn: Adaptive synthetic sampling approach for imbalanced learning. In: 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), pp 1322–1328,https://doi.org/10.1109/IJCNN.2008.4633969
Zong W, Huang GB, Chen Y (2013) Weighted extreme learning machine for imbalance learning. Neurocomputing 101:229–242. https://doi.org/10.1016/j.neucom.2012.08.010
Yinshan J, Yumei W (2006) A new dual \(\nu\)-support vector machine. In: King I, Wang J, Chan LW, et al (eds) Neural Information Processing. Springer, Berlin, Heidelberg, pp 819–826, https://doi.org/10.1007/11893028_91
Yu H, Mu C, Sun C et al (2015) Support vector machine-based optimized decision threshold adjustment strategy for classifying imbalanced data. Knowl-Based Syst 76:67–78. https://doi.org/10.1016/j.knosys.2014.12.007
Lee J, Park K (2021) Gan-based imbalanced data intrusion detection system. Pers Ubiquit Comput 25:121–128. https://doi.org/10.1007/s00779-019-01332-y
Douzas G, Bacao F (2018) Effective data generation for imbalanced learning using conditional generative adversarial networks. Expert Syst Appl 91:464–471. https://doi.org/10.1016/j.eswa.2017.09.030
Xu L, Veeramachaneni K (2018) Synthesizing tabular data using generative adversarial networks. CoRR ar**v:abs/1811.11264
Habibi O, Chemmakha M, Lazaar M (2023) Imbalanced tabular data modelization using CTGAN and machine learning to improve IoT botnet attacks detection. Eng Appl Artif Intell 118:105669. https://doi.org/10.1016/j.engappai.2022.105669
Chung J, Gülçehre Ç, Cho K, et al (2014) Empirical evaluation of gated recurrent neural networks on sequence modeling. CoRR ar**v:abs/1412.3555
Xu L, Skoularidou M, Cuesta-Infante A, et al (2019) Modeling tabular data using conditional gan. In: Wallach H, Larochelle H, Beygelzimer A, et al (eds) Advances in Neural Information Processing Systems, vol 32. Curran Associates, Inc., https://proceedings.neurips.cc/paper_files/paper/2019/file/254ed7d2de3b23ab10936522dd547b78-Paper.pdf
Moustafa N, Slay J (2015) Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp 1–6, https://doi.org/10.1109/MilCIS.2015.7348942
Sharafaldin. I, Habibi Lashkari. A, Ghorbani. AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP, INSTICC. SciTePress, pp 108–116, https://doi.org/10.5220/0006639801080116
Neto ECP, Dadkhah S, Ferreira R et al (2023) CICIOT 2023: a real-time dataset and benchmark for large-scale attacks in IoT environment. Sensors. https://doi.org/10.3390/s23135941
Funding
The research leading to these results received funding from [National Natural Science Foundation of China] under Grant Agreement No. [61601264] and [Shandong Province Statistical Research Project] under Grant Agreement No. [KT23079].
Author information
Authors and Affiliations
Contributions
**ao Wang helped in method, investigation, experiment, writing—original manuscript. LiE Dai contributed to data recording and sorting. Guang Yang was involved in project management, technical guidance, funding acquisition, writing review, and supervision
Corresponding author
Ethics declarations
Conflict of interest
The authors have no conflict of interest to declare that are relevant to the content of this article.
Ethics approval
Not applicable.
Consent to participate
Not applicable.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Wang, X., Dai, L. & Yang, G. A network intrusion detection system based on deep learning in the IoT. J Supercomput (2024). https://doi.org/10.1007/s11227-024-06345-w
Accepted:
Published:
DOI: https://doi.org/10.1007/s11227-024-06345-w