A mean convolution layer for network intrusion detection systems / Leila Mohammadpour

Leila , Mohammadpour (2024) A mean convolution layer for network intrusion detection systems / Leila Mohammadpour. PhD thesis, Universiti Malaya.

	PDF (The Candidate's Agreement) Restricted to Repository staff only Download (177Kb)
	PDF (Thesis PhD) Restricted to Repository staff only until 31 December 2025. Download (4049Kb)

Abstract

Over the past two decades, the remarkable advancement of Internet applications has underscored the paramount importance of securing the information network. To safeguard this vital infrastructure, the deployment of a robust intrusion detection system (IDS) has become imperative. Such a system must continuously adapt to the ever-evolving threat landscape, accurately discerning novel attacks while minimizing false alarms. Researchers have delved into the realms of data mining and machine learning, devising several supervised and unsupervised methods for the reliable detection of anomalies. Within this domain, deep learning emerges as a potent subfield, leveraging a neuron-like structure to learn and execute complex tasks. Notably, the convolution neural network (CNN) stands as one of the most successful deep learning techniques. However, its suitability for detecting anomalies remains limited. The essence of the issue lies in the CNN's innate propensity to excel in identifying anticipated input flow content, rendering it less effective in pinpointing the subtle deviations characteristic of anomalies. To address this challenge, a specific methodology is needed to discern these slight deviations accurately. Thus, this study proposes a new approach – the mean convolution layer CNN (MCL-CNN) architecture. Designed specifically to grasp the unique content features of anomalies, MCL-CNN enables effective detection of abnormal patterns. By introducing an innovative form of the convolutional layer, MCL-CNN excels in capturing low-level abnormal characteristics, bolstering the design of a robust network intrusion detection system. Empirical evaluations on the CICIDS2017 and NSL-KDD datasets validate the superior performance of the recommended MCL-CNN model. Notably, it exhibits outstanding real-world application potential, boasting highly accurate anomaly detection capabilities and significantly reducing false-alarm rates when compared to existing state- of-the-art models. The evaluation results reveal that the MCL-CNN model achieved an impressive accuracy rate of 99.82% in identifying anomalies, demonstrating its exceptional precision and reliability. Moreover, the false alarm rate was remarkably low, standing at a mere 0.06%, showcasing the model's ability to discern genuine anomalies from normal network activities with great precision and efficiency. In conclusion, this study pioneers an innovative approach to anomaly detection, harnessing the power of deep learning while specifically addressing the challenges posed by abnormal data patterns. The MCL-CNN model represents a promising leap forward in fortifying information network security and proactively countering ever-evolving cybersecurity threats.

Actions (For repository staff only : Login required)