Network Intrusion Detection based on LSTM and Feature Embedding

TL;DR

This paper introduces a network intrusion detection approach combining LSTM for sequential data and feature embedding for categorical data, achieving high accuracy on the UNSW-NB15 dataset.

Contribution

It presents a novel neural network model that integrates time-series analysis and categorical feature embedding for improved intrusion detection.

Findings

Achieved 99.72% accuracy in binary classification

Enhanced detection performance by incorporating sequential and categorical data

Validated effectiveness on the UNSW-NB15 dataset

Abstract

Growing number of network devices and services have led to increasing demand for protective measures as hackers launch attacks to paralyze or steal information from victim systems. Intrusion Detection System (IDS) is one of the essential elements of network perimeter security which detects the attacks by inspecting network traffic packets or operating system logs. While existing works demonstrated effectiveness of various machine learning techniques, only few of them utilized the time-series information of network traffic data. Also, categorical information has not been included in neural network based approaches. In this paper, we propose network intrusion detection models based on sequential information using long short-term memory (LSTM) network and categorical information using the embedding technique. We have experimented the models with UNSW-NB15, which is a comprehensive network traffic dataset. The experiment results confirm that the proposed method improve the performance, observing binary classification accuracy of 99.72\%.