SpringerLink
Log in

A network intrusion detection system based on deep learning in the IoT

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

As industrial and everyday devices become increasingly interconnected, the data volume within the Internet of Things (IoT) has experienced a substantial surge. This surge in data presents a heightened risk of IoT environments being vulnerable to cyber attacks, which poses a significant threat to the seamless functioning of both industrial and daily activities. Therefore, the implementation of Network Intrusion Detection System (IDS) is vital for safeguarding the security of IoT network environments. This paper introduces a network intrusion detection model based on deep learning (DL). The model aims to enhance detection accuracy by extracting features from both the spatial and temporal dimensions of network traffic data. To tackle the challenge of low detection accuracy arising from data imbalance, in this study, a Conditional Tabular Generative Adversarial Network (CTGAN) is utilized to generate synthetic data for the minority class. The objective is to enhance the volume of minority class samples, address data imbalance, and subsequently enhance the accuracy of network intrusion detection. The classification performance of the proposed model is validated on UNSW-NB15, CIC-IDS2018, and CIC-IOT2023 datasets. The experimental findings demonstrate that the suggested model attains elevated levels of classification accuracy across all three datasets. The model presented in this article is particularly well suited to handle multi-class intrusion detection tasks. The model demonstrates superior performance compared to other models used for comparison.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19

Data availability

UNSW-NB15 dataset: The dataset was created by the Network Range Laboratory at the University of New South Wales in Canberra and is available for download from https://research.unsw.edu.au/projects/unsw-nb15-dataset[72]. CSE-CIC-IDS2018 dataset: The dataset is generated by the cooperation between CSE and CIC for network intrusion detection tasks and is available for download from https://www.unb.ca/cic/datasets/ids-2018.html[73]. CIC-IOT2023: The dataset is data collected by CIC from the IoT laboratory it established and is available for download from https://www.unb.ca/cic/datasets/iotdataset-2023.html [74].

References

  1. Zeeshan M, Riaz Q, Bilal MA et al (2022) Protocol-based deep intrusion detection for dos and DDOS attacks using UNSW-nb15 and bot-IoT data-sets. IEEE Access 10:2269–2283. https://doi.org/10.1109/ACCESS.2021.3137201

    Article  Google Scholar 

  2. Lazzarini R, Tianfield H, Charissis V (2023) A stacking ensemble of deep learning models for IoT intrusion detection. Knowl Based Syst 279:110941. https://doi.org/10.1016/j.knosys.2023.110941

    Article  Google Scholar 

  3. Liu Z, Su N, Qin Y et al (2020) A deep random forest model on spark for network intrusion detection. Mobile Inf Syst 1:6633252. https://doi.org/10.1155/2020/6633252

    Article  Google Scholar 

  4. Mohammadpour L, Ling TC, Liew CS et al (2022) A survey of CNN-based network intrusion detection. Appl Sci. https://doi.org/10.3390/app12168162

    Article  Google Scholar 

  5. Mu Q, Chen Y, Zhang Y (2012) Incremental svm algorithm to intrusion detection base on boundary areas. In: 2012 International Conference on Systems and Informatics (ICSAI2012), pp 198–201, https://doi.org/10.1109/ICSAI.2012.6223447

  6. Aburomman AA, Ibne Reaz MB (2017) A novel weighted support vector machines multiclass classifier based on differential evolution for intrusion detection systems. Inf Sci 414:225–246. https://doi.org/10.1016/j.ins.2017.06.007

    Article  Google Scholar 

  7. Song G, Guo J, Nie Y (2011) An intrusion detection method based on multiple kernel support vector machine. In: 2011 International Conference on Network Computing and Information Security, pp 119–123, https://doi.org/10.1109/NCIS.2011.123

  8. Kuang F, Xu W, Zhang S (2014) A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl Soft Comput 18:178–184. https://doi.org/10.1016/j.asoc.2014.01.028

    Article  Google Scholar 

  9. Saleh AI, Talaat FM, Labib LM (2019) A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers. Artif Intell Rev 51:403–443. https://doi.org/10.1007/s10462-017-9567-1

    Article  Google Scholar 

  10. Sahu S, Mehtre BM (2015) Network intrusion detection system using j48 decision tree. In: 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp 2023–2026, https://doi.org/10.1109/ICACCI.2015.7275914

  11. Ferrag MA, Maglaras L, Ahmim A et al (2020) RDTIDS: rules and decision tree-based intrusion detection system for internet-of-things networks. Future Internet. https://doi.org/10.3390/fi12030044

    Article  Google Scholar 

  12. Louk MHL, Tama BA (2023) Dual-ids: a bagging-based gradient boosting decision tree model for network anomaly intrusion detection system. Expert Syst Appl 213:119030. https://doi.org/10.1016/j.eswa.2022.119030

    Article  Google Scholar 

  13. Douiba M, Benkirane S, Guezzaz A et al (2023) An improved anomaly detection model for IoT security using decision tree and gradient boosting. J Supercomput 79(3):3392–3411. https://doi.org/10.1007/s11227-022-04783-y

    Article  Google Scholar 

  14. Farnaaz N, Jabbar M (2016) Random forest modeling for network intrusion detection system. Procedia Computer Science 89:213–217. https://doi.org/10.1016/j.procs.2016.06.047, twelfth International Conference on Communication Networks, ICCN 2016, August 19- 21, 2016, Bangalore, India Twelfth International Conference on Data Mining and Warehousing, ICDMW 2016, August 19-21, 2016, Bangalore, India Twelfth International Conference on Image and Signal Processing, ICISP 2016, August 19-21, 2016, Bangalore, India

  15. Zhang J, Zulkernine M, Haque A (2008) Random-forests-based network intrusion detection systems. IEEE Trans Syst Man Cybern Part C (Appl Rev) 38(5):649–659. https://doi.org/10.1109/TSMCC.2008.923876

    Article  Google Scholar 

  16. Yin Y, Jang-Jaccard J, Xu W et al (2023) IGRF-RFE: a hybrid feature selection method for MLP-based network intrusion detection on UNSW-nb15 dataset. J Big Data 10(1):1–26. https://doi.org/10.1186/s40537-023-00694-8

    Article  Google Scholar 

  17. Panda M, Patra MR (2007) Network intrusion detection using Naive Bayes. Int J Comput Sci Netw Secur 7(12):258–263

    Google Scholar 

  18. Alhakami W, Al-harbi A, Bourouis S et al (2019) Network anomaly intrusion detection using a nonparametric Bayesian approach and feature selection. IEEE Access 7:52181–52190. https://doi.org/10.1109/ACCESS.2019.2912115

    Article  Google Scholar 

  19. Mukherjee S, Sharma N (2012) Intrusion detection using Naive Bayes classifier with feature reduction. Proc Technol 4:119–128. https://doi.org/10.1016/j.protcy.2012.05.017

    Article  Google Scholar 

  20. Wisanwanichthan T, Thammawichai M (2021) A double-layered hybrid approach for network intrusion detection system using combined Naive Bayes and SVM. IEEE Access 9:138432–138450. https://doi.org/10.1109/ACCESS.2021.3118573

    Article  Google Scholar 

  21. Liang W, Li KC, Long J et al (2020) An industrial network intrusion detection algorithm based on multifeature data clustering optimization model. IEEE Trans Ind Inf 16(3):2063–2071. https://doi.org/10.1109/TII.2019.2946791

    Article  Google Scholar 

  22. Verma P, Anwar S, Khan S, et al (2018) Network intrusion detection using clustering and gradient boosting. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp 1–7, https://doi.org/10.1109/ICCCNT.2018.8494186

  23. Yang Y, Zheng K, Wu C et al (2019) Building an effective intrusion detection system using the modified density peak clustering algorithm and deep belief networks. Appl Sci. https://doi.org/10.3390/app9020238

    Article  Google Scholar 

  24. Tan L, Li C, **a J, Cao J (2019) Application of self-organizing feature map neural network based on k-means clustering in network intrusion detection. Comput Mater Contin. https://doi.org/10.32604/cmc.2019.03735

    Article  Google Scholar 

  25. Esmaily J, Moradinezhad R, Ghasemi J (2015) Intrusion detection system based on multi-layer perceptron neural networks and decision tree. In: 2015 7th Conference on Information and Knowledge Technology (IKT), pp 1–5, https://doi.org/10.1109/IKT.2015.7288736

  26. Hodo E, Bellekens X, Hamilton A, et al (2016) Threat analysis of IoT networks using artificial neural network intrusion detection system. In: 2016 International Symposium on Networks, Computers and Communications (ISNCC), pp 1–6, https://doi.org/10.1109/ISNCC.2016.7746067

  27. Sheikhan M, Jadidi Z, Farrokhi A (2012) Intrusion detection using reduced-size RNN based on feature grou**. Neural Comput Appl 21:1185–1190. https://doi.org/10.1007/s00521-010-0487-0

    Article  Google Scholar 

  28. Yin C, Zhu Y, Fei J et al (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961. https://doi.org/10.1109/ACCESS.2017.2762418

    Article  Google Scholar 

  29. Almiani M, AbuGhazleh A, Al-Rahayfeh A et al (2020) Deep recurrent neural network for IoT intrusion detection system. Simul Modell Pract Theory 101:102031. https://doi.org/10.1016/j.simpat.2019.102031

    Article  Google Scholar 

  30. Kim J, Kim J, Thi Thu HL, et al (2016) Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 International Conference on Platform Technology and Service (PlatCon), pp 1–5, https://doi.org/10.1109/PlatCon.2016.7456805

  31. Althubiti SA, Jones EM, Roy K (2018) LSTM for anomaly-based network intrusion detection. In: 2018 28th International Telecommunication Networks and Applications Conference (ITNAC), pp 1–3, https://doi.org/10.1109/ATNAC.2018.8615300

  32. Laghrissi F, Douzi S, Douzi K et al (2021) Intrusion detection systems using long short-term memory (LSTM). J Big Data 8(1):65. https://doi.org/10.1007/s00521-010-0487-0

    Article  Google Scholar 

  33. Sivamohan S, Sridhar S, Krishnaveni S (2021) An effective recurrent neural network (RNN) based intrusion detection via bi-directional long short-term memory. In: 2021 International Conference on Intelligent Technologies (CONIT), pp 1–5, https://doi.org/10.1109/CONIT51480.2021.9498552

  34. Imrana Y, **ang Y, Ali L et al (2021) A bidirectional LSTM deep learning approach for intrusion detection. Expert Syst Appl 185:115524. https://doi.org/10.1016/j.eswa.2021.115524

    Article  Google Scholar 

  35. Putchala MK (2017) Deep learning approach for intrusion detection system (ids) in the internet of things (iot) network using gated recurrent neural networks (GRU) http://rave.ohiolink.edu/etdc/view?acc_num=wright1503680452498351

  36. Agarap AFM (2018) A neural network architecture combining gated recurrent unit (gru) and support vector machine (svm) for intrusion detection in network traffic data. In: Proceedings of the 2018 10th International Conference on Machine Learning and Computing. Association for Computing Machinery, New York, NY, USA, ICMLC ’18, p 26-30, https://doi.org/10.1145/3195106.3195117,

  37. Kurochkin II, Volkov SS (2020) Using GRU based deep neural network for intrusion detection in software-defined networks. IOP Conf Ser Mater Sci Eng 927(1):012035. https://doi.org/10.1088/1757-899X/927/1/012035

    Article  Google Scholar 

  38. Ansari MS, Bartoš V, Lee B (2022) Gru-based deep learning approach for network intrusion alert prediction. Future Gener Comput Syst 128:235–247. https://doi.org/10.1016/j.future.2021.09.040

    Article  Google Scholar 

  39. Mohammadpour L, Ling T, Liew C et al (2020) A mean convolutional layer for intrusion detection system. Secur Commun Netw 1:8891185. https://doi.org/10.1155/2020/8891185

    Article  Google Scholar 

  40. Liu G, Zhang J (2020) CNID: research of network intrusion detection based on convolutional neural network. Discrete Dyn Nat Soc 1:4705982. https://doi.org/10.1155/2020/4705982

    Article  Google Scholar 

  41. Kim J, Kim J, Kim H et al (2020) CNN-based network intrusion detection against denial-of-service attacks. Electronics. https://doi.org/10.3390/electronics9060916

    Article  Google Scholar 

  42. Jo W, Kim S, Lee C et al (2020) Packet preprocessing in cnn-based network intrusion detection system. Electronics. https://doi.org/10.3390/electronics9071151

    Article  Google Scholar 

  43. Al-Turaiki I, Altwaijry N (2021) A convolutional neural network for improved anomaly-based network intrusion detection. Big Data 9(3):233–252. https://doi.org/10.1089/big.2020.0263

    Article  Google Scholar 

  44. Lam NT (2021) Detecting unauthorized network intrusion based on network traffic using behavior analysis techniques. Int J Adv Comput Sci Appl. https://doi.org/10.14569/IJACSA.2021.0120407

    Article  Google Scholar 

  45. Yang H, Wang F (2019) Wireless network intrusion detection based on improved convolutional neural network. IEEE Access 7:64366–64374. https://doi.org/10.1109/ACCESS.2019.2917299

    Article  Google Scholar 

  46. Khan RU, Zhang X, Alazab M, et al (2019) An improved convolutional neural network model for intrusion detection in networks. In: 2019 Cybersecurity and Cyberforensics Conference (CCC), pp 74–77, https://doi.org/10.1109/CCC.2019.000-6

  47. Aljumah A (2021) IoT-based intrusion detection system using convolution neural networks. PeerJ Comput Sci 7:e721. https://doi.org/10.7717/peerj-cs.721

    Article  Google Scholar 

  48. Akhtar MS, Feng T (2021) Deep learning-based framework for the detection of cyberattack using feature engineering. Secur Commun Netw 1:6129210. https://doi.org/10.1155/2021/6129210

    Article  Google Scholar 

  49. Gamal M, Abbas H, Moustafa N et al (2021) Few-shot learning for discovering anomalous behaviors in edge networks. Comput Mater Contin 69:1823–1837. https://doi.org/10.32604/cmc.2021.012877

    Article  Google Scholar 

  50. Yang L, Shami A (2022) A transfer learning and optimized cnn based intrusion detection system for internet of vehicles. In: ICC 2022 - IEEE International Conference on Communications, pp 2774–2779, https://doi.org/10.1109/ICC45855.2022.9838780

  51. Zhang S, Du C (2020) Semi-supervised deep learning based network intrusion detection. In: 2020 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp 35–40, https://doi.org/10.1109/CyberC49757.2020.00016

  52. Dey A (2020) Deep ids : A deep learning approach for intrusion detection based on ids 2018. In: 2020 2nd International Conference on Sustainable Technologies for Industry 4.0 (STI), pp 1–5, https://doi.org/10.1109/STI50764.2020.9350411

  53. Kim A, Park M, Lee DH (2020) Ai-ids: Application of deep learning to real-time web intrusion detection. IEEE Access 8:70245–70261. https://doi.org/10.1109/ACCESS.2020.2986882

    Article  Google Scholar 

  54. Cao B, Li C, Song Y et al (2022) Network intrusion detection model based on CNN and GRU. Appl Sci. https://doi.org/10.3390/app12094184

    Article  Google Scholar 

  55. Zhao G, Ren C, Wang J, et al (2023) Iot intrusion detection model based on gated recurrent unit and residual network. Peer-to-Peer Networking and Applications, pp 1–13. https://doi.org/10.1007/s12083-023-01510-z

  56. Gao J (2022) Network intrusion detection method combining CNN and BILSTM in cloud computing environment. Comput Intell Neurosci 2022(1):7272479. https://doi.org/10.1155/2022/7272479

    Article  Google Scholar 

  57. Zhang H, Wu C, Zhang Z, et al (2022) Resnest: Split-attention networks. In: 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), pp 2735–2745, https://doi.org/10.1109/CVPRW56347.2022.00309

  58. Oquab M, Bottou L, Laptev I, et al (2014) Learning and transferring mid-level image representations using convolutional neural networks. In: 2014 IEEE Conference on Computer Vision and Pattern Recognition, pp 1717–1724, https://doi.org/10.1109/CVPR.2014.222

  59. Lin WC, Tsai CF, Hu YH et al (2017) Clustering-based undersampling in class-imbalanced data. Inf Sci 409–410:17–26. https://doi.org/10.1016/j.ins.2017.05.008

    Article  Google Scholar 

  60. Chawla NV, Bowyer KW, Hall LO et al (2002) Smote: synthetic minority over-sampling technique. J Artif Intell Res 16:321–357. https://doi.org/10.1613/jair.953

    Article  Google Scholar 

  61. Han H, Wang WY, Mao BH (2005) Borderline-smote: a new over-sampling method in imbalanced data sets learning. In: Huang DS, Zhang XP, Huang GB (eds) Advances in Intelligent Computing. Springer, Berlin Heidelberg, pp 878–887, https://doi.org/10.1007/11538059_91

  62. He H, Bai Y, Garcia EA, et al (2008) Adasyn: Adaptive synthetic sampling approach for imbalanced learning. In: 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), pp 1322–1328,https://doi.org/10.1109/IJCNN.2008.4633969

  63. Zong W, Huang GB, Chen Y (2013) Weighted extreme learning machine for imbalance learning. Neurocomputing 101:229–242. https://doi.org/10.1016/j.neucom.2012.08.010

    Article  Google Scholar 

  64. Yinshan J, Yumei W (2006) A new dual \(\nu\)-support vector machine. In: King I, Wang J, Chan LW, et al (eds) Neural Information Processing. Springer, Berlin, Heidelberg, pp 819–826, https://doi.org/10.1007/11893028_91

  65. Yu H, Mu C, Sun C et al (2015) Support vector machine-based optimized decision threshold adjustment strategy for classifying imbalanced data. Knowl-Based Syst 76:67–78. https://doi.org/10.1016/j.knosys.2014.12.007

    Article  Google Scholar 

  66. Lee J, Park K (2021) Gan-based imbalanced data intrusion detection system. Pers Ubiquit Comput 25:121–128. https://doi.org/10.1007/s00779-019-01332-y

    Article  Google Scholar 

  67. Douzas G, Bacao F (2018) Effective data generation for imbalanced learning using conditional generative adversarial networks. Expert Syst Appl 91:464–471. https://doi.org/10.1016/j.eswa.2017.09.030

    Article  Google Scholar 

  68. Xu L, Veeramachaneni K (2018) Synthesizing tabular data using generative adversarial networks. CoRR ar**v:abs/1811.11264

  69. Habibi O, Chemmakha M, Lazaar M (2023) Imbalanced tabular data modelization using CTGAN and machine learning to improve IoT botnet attacks detection. Eng Appl Artif Intell 118:105669. https://doi.org/10.1016/j.engappai.2022.105669

    Article  Google Scholar 

  70. Chung J, Gülçehre Ç, Cho K, et al (2014) Empirical evaluation of gated recurrent neural networks on sequence modeling. CoRR ar**v:abs/1412.3555

  71. Xu L, Skoularidou M, Cuesta-Infante A, et al (2019) Modeling tabular data using conditional gan. In: Wallach H, Larochelle H, Beygelzimer A, et al (eds) Advances in Neural Information Processing Systems, vol 32. Curran Associates, Inc., https://proceedings.neurips.cc/paper_files/paper/2019/file/254ed7d2de3b23ab10936522dd547b78-Paper.pdf

  72. Moustafa N, Slay J (2015) Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp 1–6, https://doi.org/10.1109/MilCIS.2015.7348942

  73. Sharafaldin. I, Habibi Lashkari. A, Ghorbani. AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP, INSTICC. SciTePress, pp 108–116, https://doi.org/10.5220/0006639801080116

  74. Neto ECP, Dadkhah S, Ferreira R et al (2023) CICIOT 2023: a real-time dataset and benchmark for large-scale attacks in IoT environment. Sensors. https://doi.org/10.3390/s23135941

    Article  Google Scholar 

Download references

Funding

The research leading to these results received funding from [National Natural Science Foundation of China] under Grant Agreement No. [61601264] and [Shandong Province Statistical Research Project] under Grant Agreement No. [KT23079].

Author information

Authors and Affiliations

  1. School of Information Science and Electrical Engineering, Shandong Jiaotong University, **an, 250357, China

    **ao Wang, Lie Dai & Guang Yang

Authors
  1. **ao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lie Dai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guang Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

**ao Wang helped in method, investigation, experiment, writing—original manuscript. LiE Dai contributed to data recording and sorting. Guang Yang was involved in project management, technical guidance, funding acquisition, writing review, and supervision

Corresponding author

Correspondence to Guang Yang.

Ethics declarations

Conflict of interest

The authors have no conflict of interest to declare that are relevant to the content of this article.

Ethics approval

Not applicable.

Consent to participate

Not applicable.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, X., Dai, L. & Yang, G. A network intrusion detection system based on deep learning in the IoT. J Supercomput (2024). https://doi.org/10.1007/s11227-024-06345-w

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11227-024-06345-w

Keywords

Search

Navigation