Intrusion Detection System Using Hybrid model

preprint OA: closed
Full text JSON View at publisher

Abstract

Abstract Technology and network industries have advanced quickly in recent decades.The expansion of piracy and the compromise of many existing systems has made it essential to develop information security solutions that can identify new threats. In order to address these issues, this work proposes a system called IDS-AI that is based on artificial intelligence techniques. It is capable of detecting recent and dispersed invasions. We employed an auto-encoder for features reduction and two models to assess CNN and SVM in order to evaluate our strategy. The experimental analysis of the dataset demonstrates the suggested model’s capability to produce reliable results. On the UNSW-NB15 dataset, our model actually achieves 99.58% and 99.66% accuracy for SVM and CNN, respectively.
Full text 43,476 characters · extracted from preprint-html · click to expand
Intrusion Detection System Using Hybrid model | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Intrusion Detection System Using Hybrid model Imen Chebbi, Ahlem Ben Younes, Leila Ben Ayed This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-4393621/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Technology and network industries have advanced quickly in recent decades.The expansion of piracy and the compromise of many existing systems has made it essential to develop information security solutions that can identify new threats. In order to address these issues, this work proposes a system called IDS-AI that is based on artificial intelligence techniques. It is capable of detecting recent and dispersed invasions. We employed an auto-encoder for features reduction and two models to assess CNN and SVM in order to evaluate our strategy. The experimental analysis of the dataset demonstrates the suggested model’s capability to produce reliable results. On the UNSW-NB15 dataset, our model actually achieves 99.58% and 99.66% accuracy for SVM and CNN, respectively. Artificial Intelligence and Machine Learning Intrusion Detection System SVM CNN UNSW-NB15 Figures Figure 1 I. INTRODUCTION As more people get access to the internet, protecting online identity against threats to secrecy, integrity and accessibility becomes a problem that needs to be solved on a constant basis. In order to identify and classify suspicious activity, a network intrusion detection system (IDS) is a tool that locates and recognizes irregular network traffic.It is an important part of network security and acts as the first line of defense against possible attacks by alerting an administrator or the appropriate individuals to potentially dangerous network behavior. In multiple scholarly works, several artificial intelligence (AI) strategies are put forth for an effective network intrusion detection system (IDS). Finding network traffic abnormalities is growing more challenging as more people gain access to the internet. According to [ 1 ], around 29.3 billion networked devices, or about two-thirds of the world’s population, will be online by the beginning of 2023. Online user privacy and se- curity must be protected, and unsafe network conduct must be rapidly discovered and reported. In a word, network intrusion refers to unauthorized, perhaps harmful action on a digital network. An incursion might damage a computer network confidentiality, integrity, and accessibility, which could lead to issues including system compromise and privacy violations. Worms, traffic flooding, buffer overflow attacks, spoofing, and denial-of-service (DoS) attacks are a few examples of network assaults. The two fundamental subcategories of in- trusion detection systems are anomaly-based and signature- based systems. Signature-based systems often employ known Identify applicable funding agency here. If none, delete this. attack signatures to spot illegal activity. On the other hand, anomaly-based systems are mostly employed in situations when attack signatures are unknown to detect unexpected network behavior. These detection systems make use of several methods, ranging from deep learning models to statistics, to automatically detect suspicious network activities. This work makes the following noteworthy contributions: Data quality: Before applying machine learning algorithms, data must be processed. We used the UNSW-NB15 dataset in this paper. Based on Artificial Intelligence approaches, we propose a system for detecting modern and distributed intrusions: IDS- AI . We utilized an auto-encoder to reduce the number of features. A comparative of the UNSW-NB15 dataset processing with two models Convolutional Neural Network (CNN), Support Vector Machine (SVM). A collection of publicly available Python programs for analyzing the dataset and reproducing the studies. Comparing our Model with other works in the literature. The findings of the research serve as the basis for evaluating this learning approach with other publicly available datasets. The remainder of the paper is organized as follow: In Section 2 present a literature review. In Section 3 we describe our proposed approach. The Section 4 present experimental results of our approach. Finally, Section 5 draws our conclusions and plan for future work. II. RELATED WORK The expanding adversary capabilities, which influence the dependability of data communication and networks, make computer security concerns especially challenging to manage. An incursion is used to attempt to breach a security goal while also infecting systems. To protect networks and systems from intrusions, a number of tools and techniques, such as intrusion detection systems (IDS), are created [ 2 – 4 ]. By classifying data activity as either normal or intrusive, a collection of techniques known as intrusion detection can be used to spot undesirable behaviors. Techniques for detecting intrusions that take place inside or outside of a monitored network are known as intrusion detection techniques. As a result, there are two basic detection strategies that can be used. The first method is called misuse detection, and it uses a recognized attack pattern to find intrusion. Anomaly detection or behavioral recognition is the second [ 3 – 5 ], and it is based on a break from a normal paradigm. The hybrid detection strategies goal to boost IDS detection efficiency and precision by combining the benefits of both abuse and anomaly detection. As a result, intrusion detection research remains active and relevant. Nowadays, ML approaches are being used to improve computer security and intrusion detection. Numerous research contributions investigate how machine learning techniques are used in intrusion detection to improve training and data quality and provide dependable, accurate IDS. On the other hand, data are not always collected in an ordered manner. Before being examined, unstructured data needs to be processed. This operation is critical for improving data quality and drawing precise conclusions. Data quality controls are implemented prior to initiating the training and classification operations [ 6 ]. Furthermore, feature selection is a desired strategy that seeks to pick the relevant features in order to reduce modeling com- putational costs and improve predictive model performance [6, 7]. III. OUR SUGGESTED METHOD In this part, we will demonstrate our IDS-AI technique. Figure 1 depicts the proposed method, which is divided into three main phases: data quality, unsupervised feature learning, and supervised classification. The first is used to remove discrepancies. (Infinity, NaN, and null values). The second employs a deep autoencoder to accomplish unsupervised learn- ing. The auto-encoder is used to reduce the dimensionality of unlabeled data and create a new feature representation. The output of the first phase is then used in the third part to perform supervised learning classification with a Support Vector Machine (SVM) or Convolutional Neural Network. (CNN). More information is given in the subsections that follow. Phase1 Data quality process. The gathering and prepara- tion of data is the phase’s main objective. The system then starts a process to gather and assemble the required data from networks. Following data collection, network traffic is subjected to a particular data preparation. Incompatible data types are disregarded during the data preprocessing step after the data have been reviewed. The data has also been cleaned, and the cleaned data has been stored. For this research, we made use of the UNSW-NB15 dataset. Phase2 Unsupervised feature learning. When there are sev- eral characteristics present, the complexity of the constructed model may increase due to redundancy and noise, which can decrease learner performance. Dimensionality reduction can help to tackle these issues. A feature extraction technique is used to make the necessary adjustments in order to extract the most important features from unlabeled data input. The low- dimensional data generated will then be categorized, allowing the classifier to perform better overall. We utilized an auto- encoder in this phase because it is an unsupervised neural network approach. Its primary purpose is to compress its original input and recreate it as an equivalent reconstructed output. Phase3 : Supervised classification. The class vector from the initial dataset will be mixed with the newly derived feature space at this stage. As a result, we have a smaller, labeled training set that can be fed into the classifier of our choosing. Several supervised learning algorithms exist, including classi- fication rule neural networks, decision trees, Random Forest, Convolutional Neural Network, and Deep Neural Network. In our work, we chose two supervised classifiers for this task: SVM and CNN. IV. EXPERIMENTAL RESULTS TensorFlow was employed as the backend in experiments on Windows 10, while Python and Keras were used for encoding. On the training platform, we train our model, then change the decision criteria and compute the effectiveness measures on the validation set. The production set, a dataset empty of labels, is then used to detect any abnormalities. The final phase is critical because when utilized in practice, the model will create predictions on real-time data without labels against which to compare them. It is always a good practice to hold out a production set to confirm that the model is not performing erratically on this unknown, labelless production set. Table 1 displays the testing results of our model for the UNSW-NB15 dataset [8]. TABLE I Overall performance (UNSW-NB15 dataset ) Model Accuracy F1 score Recall Precision SVM 0.9958 0.9956 0.9962 0.9979 CNN 0.9966 0.9982 0.9978 0.9986 Several studies have evaluated network intruder detection techniques, particularly those based on machine learning and deep learning techniques, using the UNSW-NB15 dataset. We will compare our method to those of four other researchers in this section: Breiman [9], Singh et al. [10], Kabir et al. [11], and Du et al. [12]. Table 2 compares our top UNSW-NB15 dataset results to those of other writers. TABLE II Comparison with other works available in the literature. Type ACC(%) OUR MODEL ( SVM) 99.58 OUR MODEL ( CNN) 99.66 RF [9] 74.35 FGRNN [10] 99.50 Kabir [11] 96.24 UMAP-RF [12] 92.60 It can be shown that the accuracy of IDS-AI is higher than that of other models. In some instances, the results are global and do not specify which assaults were detected, and some of the models being compared do not include cross validation. Although some additional trials are required to compare our results to those given in the literature, the general results obtained demonstrate the suitability of using IDS-AI to detect intrusions in the dataset. The usage of these methods, while somewhat lowering the produced performance, keeps the findings benchmarked with other related study results. V. CONCLUSION AND FUTURE WORKS Cyberattacks have become more frequent and sophisticated as a result of the expansion of Internet access. In order to improve the security of systems and data, a collection of contemporary techniques known as intrusion detection are used to monitor them. In this study, we show a dependable network intrusion detection method based on artificial intelli- gence. Preprocessing is being used to improve the discovery rate and precision of IDS based on data heterogeneity. For good data quality, a feature selection procedure based on the entropy choice method is handled before building the model. A revolutionary method is validated by the offered solutions, which guarantee accurate efficiency. The following datasets are used to compare the results: UNSW-NB15. As a consequence, when compared to current models, the new recommended network intrusion detection approach offers various benefits and high accuracy. Future studies will employ additional successful methods to raise our system’s detection rate and precision. References Cisco Annual Internet Report (2018–2023). URL https://www.cisco.com/c/en/us/solutions/ collateral/executive- perspectives/annual-internetreport/white-paper-c11-741490.html (2018). G. Fernandes, J. J. P. C. Rodrigues, and L. F. Carvalho, “A com- prehensive survey on network anomaly detection,” Telecommunication Systems, vol. 70, pp. 447–489, (2019). A. Guezzaz, A. Asimi, Z. Tbatou, Y. Asimi, and Y. Sadqi, “A global intrusion detection system using pcapsocks sniffer and multilayer per- ceptron classifier,” International Journal on Network Security, vol. 21, no. 3, pp. 438–450, (2019). A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and challenges,” Cybersecurity, vol. 2, (2019). A. Guezzaz, Y. Asimi, M. Azrour, and A. Asimi, “Mathematical vali- dation of proposed machine learning classifier for heterogeneous traffic and anomaly detection,” Big Data Mining and Analytics, vol. 4, no. 1, pp. 18–24, (2021). M. Rostami, K. Berahmand, E. Nasiri, and S. Forouzandeh, “Review of swarm intelli-gence-based feature selection methods,” Engineering Applications of Artificial Intelli-gence, vol. 100, Article ID 104210, (2021). H. Alazzam, A. Sharieh, and K. E. Sabri, “A feature selection algorithm for intrusion detection system based on Pigeon Inspired Optimizer,” Expert Systems with Applications, vol. 148, Article ID 113249, (2020). Moustafa N. and Slay J., “The evaluation of network anomaly detection systems: statistical analysis of the unsw-nb15 data set and the compar- ison with the kdd99 data set,” Information Security Journal: A Global Perspective, vol. 25, no. 1-3, pp. 18–31, (2016). Breiman L., Random forests Machine learning 45(1):5–32. https://doi.org/10.1023/A:1010933404324, (2020). Singh P., Jaykumar P. J., Pankaj A., Mitra R., Edge-Detect: Edge- centric Network Intru-sionDetection using Deep Neural Network, 2021 IEEE 18th Annual Consumer Communications Networking Conference (CCNC), DOI: 10.1109/CCNC49032.2021.9369469, (2021). Kabir M.H., Rajib M.S., Rahman A.S.M.T., Rahman M.M., Dey S.K., Network Intrusion Detection Using UNSW-NB15 Dataset: Stacking Machine Learning Based Approach, 2022 International Conference on Advancement in Electrical and Electronic Engineering (ICAEEE), (2022). Du, X.; Cheng, C.; Wang, Y.; Han, Z. Research on Network Attack Traffic Detection HybridAlgorithm Based on UMAP-RF. Algorithms 2022, 15, 238. https://doi.org/10.3390/ a15070238, (2022). Additional Declarations The authors declare no competing interests. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-4393621","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":300518460,"identity":"6d34901f-681f-4003-bdc2-e35567d47277","order_by":0,"name":"Imen Chebbi","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA1UlEQVRIiWNgGAWjYDACCQY2ZgYDCSCL+QADYwOEJlYLWwJEC5AmQgsY8BgQp4V/dvOzxwUFFtH80j3fJH7usJFjYON9gN+SO8fMjWcYSOTOnHN2m2TvmTRjBjZ2A7xaDCQSzKR5gFo23MjdJsHbdjixQb4Nv8MMJNK/gbXsv5HzTPIvSAsbGyEtOVBbJHLYpHmJ0SJxI6cc7JcZN9KMrWXb0ozZCGnhn5G+7XHBn7rc/hnJD2++bbOR4yekBRmwgCKUgQQNwJTygRTVo2AUjIJRMHIAALSdPpjY7gOaAAAAAElFTkSuQmCC","orcid":"https://orcid.org/0000-0003-4290-8415","institution":"FSEG","correspondingAuthor":true,"prefix":"","firstName":"Imen","middleName":"","lastName":"Chebbi","suffix":""},{"id":300519198,"identity":"7d996530-cf60-4789-87b9-931538dbcf67","order_by":1,"name":"Ahlem Ben Younes","email":"","orcid":"","institution":"ENSIT","correspondingAuthor":false,"prefix":"","firstName":"Ahlem","middleName":"Ben","lastName":"Younes","suffix":""},{"id":300519200,"identity":"f729de0f-d79e-44e4-b3e0-06f7a1cbfce3","order_by":2,"name":"Leila Ben Ayed","email":"","orcid":"","institution":"ENSI, University of la Manouba","correspondingAuthor":false,"prefix":"","firstName":"Leila","middleName":"Ben","lastName":"Ayed","suffix":""}],"badges":[],"createdAt":"2024-05-09 08:11:46","currentVersionCode":1,"declarations":{"humanSubjects":false,"vertebrateSubjects":true,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":false,"humanSubjectConsent":false,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":true},"doi":"10.21203/rs.3.rs-4393621/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-4393621/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":56224334,"identity":"3f6edacc-b6fd-4496-8d2c-e6072e3389b7","added_by":"auto","created_at":"2024-05-10 05:34:12","extension":"png","order_by":1,"title":"Figure 1","display":"","copyAsset":false,"role":"figure","size":156877,"visible":true,"origin":"","legend":"\u003cp\u003eOur Proposed approach IDS-AI.\u003c/p\u003e","description":"","filename":"1.png","url":"https://assets-eu.researchsquare.com/files/rs-4393621/v1/e149b8d02e6810a302150b2e.png"},{"id":56224335,"identity":"1e604522-d738-4c92-b194-062a4343476b","added_by":"auto","created_at":"2024-05-10 05:34:17","extension":"pdf","order_by":0,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":341416,"visible":true,"origin":"","legend":"","description":"","filename":"manuscript.pdf","url":"https://assets-eu.researchsquare.com/files/rs-4393621/v1/40537006-e791-4e9a-b870-2252232e9621.pdf"}],"financialInterests":"The authors declare no competing interests.","formattedTitle":"\u003cp\u003eIntrusion Detection System Using Hybrid model\u003c/p\u003e","fulltext":[{"header":"I. INTRODUCTION","content":"\u003cp\u003eAs more people get access to the internet, protecting online identity against threats to secrecy, integrity and accessibility becomes a problem that needs to be solved on a constant basis. In order to identify and classify suspicious activity, a network intrusion detection system (IDS) is a tool that locates and recognizes irregular network traffic.It is an important part of network security and acts as the first line of defense against possible attacks by alerting an administrator or the appropriate individuals to potentially dangerous network behavior. In multiple scholarly works, several artificial intelligence (AI) strategies are put forth for an effective network intrusion detection system (IDS). Finding network traffic abnormalities is growing more challenging as more people gain access to the internet. According to [\u003cspan citationid=\"CR1\" class=\"CitationRef\"\u003e1\u003c/span\u003e], around 29.3\u0026nbsp;billion networked devices, or about two-thirds of the world\u0026rsquo;s population, will be online by the beginning of 2023. Online user privacy and se- curity must be protected, and unsafe network conduct must be rapidly discovered and reported. In a word, network intrusion refers to unauthorized, perhaps harmful action on a digital network. An incursion might damage a computer network confidentiality, integrity, and accessibility, which could lead to issues including system compromise and privacy violations. Worms, traffic flooding, buffer overflow attacks, spoofing, and denial-of-service (DoS) attacks are a few examples of network assaults. The two fundamental subcategories of in- trusion detection systems are anomaly-based and signature- based systems. Signature-based systems often employ known\u003c/p\u003e \u003cp\u003eIdentify applicable funding agency here. If none, delete this.\u003c/p\u003e \u003cp\u003eattack signatures to spot illegal activity. On the other hand, anomaly-based systems are mostly employed in situations when attack signatures are unknown to detect unexpected network behavior. These detection systems make use of several methods, ranging from deep learning models to statistics, to automatically detect suspicious network activities.\u003c/p\u003e \u003cp\u003eThis work makes the following noteworthy contributions:\u003c/p\u003e \u003cp\u003e \u003cul\u003e \u003cli\u003e \u003cp\u003eData quality: Before applying machine learning algorithms, data must be processed. We used the UNSW-NB15 dataset in this paper.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eBased on Artificial Intelligence approaches, we propose a system for detecting modern and distributed intrusions: IDS- AI .\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eWe utilized an auto-encoder to reduce the number of features.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eA comparative of the UNSW-NB15 dataset processing with two models Convolutional Neural Network (CNN), Support Vector Machine (SVM).\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eA collection of publicly available Python programs for analyzing the dataset and reproducing the studies.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003eComparing our Model with other works in the literature. The findings of the research serve as the basis for evaluating this learning approach with other publicly available datasets. The remainder of the paper is organized as follow: In Section 2 present a literature review. In Section 3 we describe our proposed approach. The Section 4 present experimental results of our approach. Finally, Section 5 draws our conclusions and plan for future work.\u003c/p\u003e \u003c/li\u003e \u003c/ul\u003e \u003c/p\u003e"},{"header":"II. RELATED WORK","content":"\u003cp\u003eThe expanding adversary capabilities, which influence the dependability of data communication and networks, make computer security concerns especially challenging to manage. An incursion is used to attempt to breach a security goal while also infecting systems. To protect networks and systems from intrusions, a number of tools and techniques, such as intrusion detection systems (IDS), are created [\u003cspan additionalcitationids=\"CR3\" citationid=\"CR2\" class=\"CitationRef\"\u003e2\u003c/span\u003e\u0026ndash;\u003cspan citationid=\"CR4\" class=\"CitationRef\"\u003e4\u003c/span\u003e]. By classifying data activity as either normal or intrusive, a collection of techniques known as intrusion detection can be used to spot undesirable behaviors. Techniques for detecting intrusions that take place inside or outside of a monitored network are known as intrusion detection techniques. As a result, there are two basic detection strategies that can be used. The first method is called misuse detection, and it\u003c/p\u003e \u003cp\u003euses a recognized attack pattern to find intrusion. Anomaly detection or behavioral recognition is the second [\u003cspan additionalcitationids=\"CR4\" citationid=\"CR3\" class=\"CitationRef\"\u003e3\u003c/span\u003e\u0026ndash;\u003cspan citationid=\"CR5\" class=\"CitationRef\"\u003e5\u003c/span\u003e], and it is based on a break from a normal paradigm. The hybrid detection strategies goal to boost IDS detection efficiency and precision by combining the benefits of both abuse and anomaly detection.\u003c/p\u003e \u003cp\u003eAs a result, intrusion detection research remains active and relevant. Nowadays, ML approaches are being used to improve computer security and intrusion detection. Numerous research contributions investigate how machine learning techniques are used in intrusion detection to improve training and data quality and provide dependable, accurate IDS. On the other hand, data are not always collected in an ordered manner. Before being examined, unstructured data needs to be processed. This operation is critical for improving data quality and drawing precise conclusions. Data quality controls are implemented prior to initiating the training and classification operations [\u003cspan citationid=\"CR6\" class=\"CitationRef\"\u003e6\u003c/span\u003e]. Furthermore, feature selection is a desired strategy that seeks to pick the relevant features in order to reduce modeling com- putational costs and improve predictive model performance [6, 7].\u003c/p\u003e"},{"header":"III. OUR SUGGESTED METHOD","content":"\u003cp\u003eIn this part, we will demonstrate our IDS-AI technique. Figure\u0026nbsp;\u003cspan refid=\"Fig1\" class=\"InternalRef\"\u003e1\u003c/span\u003e depicts the proposed method, which is divided into three main phases: data quality, unsupervised feature learning, and supervised classification. The first is used to remove discrepancies. (Infinity, NaN, and null values). The second employs a deep autoencoder to accomplish unsupervised learn- ing. The auto-encoder is used to reduce the dimensionality of unlabeled data and create a new feature representation. The output of the first phase is then used in the third part to perform supervised learning classification with a Support Vector Machine (SVM) or Convolutional Neural Network. (CNN). More information is given in the subsections that follow.\u003c/p\u003e\u003cp\u003e \u003cstrong\u003ePhase1\u003c/strong\u003e \u003c/p\u003e \u003cp\u003eData quality process. The gathering and prepara- tion of data is the phase\u0026rsquo;s main objective. The system then starts a process to gather and assemble the required data from networks. Following data collection, network traffic is\u003c/p\u003e \u003cp\u003esubjected to a particular data preparation. Incompatible data types are disregarded during the data preprocessing step after the data have been reviewed. The data has also been cleaned, and the cleaned data has been stored. For this research, we made use of the UNSW-NB15 dataset.\u003c/p\u003e \u003cp\u003e \u003cstrong\u003ePhase2\u003c/strong\u003e \u003c/p\u003e \u003cp\u003eUnsupervised feature learning. When there are sev- eral characteristics present, the complexity of the constructed model may increase due to redundancy and noise, which can decrease learner performance. Dimensionality reduction can help to tackle these issues. A feature extraction technique is used to make the necessary adjustments in order to extract the most important features from unlabeled data input. The low- dimensional data generated will then be categorized, allowing the classifier to perform better overall. We utilized an auto- encoder in this phase because it is an unsupervised neural network approach. Its primary purpose is to compress its original input and recreate it as an equivalent reconstructed output.\u003c/p\u003e \u003cp\u003e \u003cb\u003ePhase3\u003c/b\u003e : Supervised classification. The class vector from the initial dataset will be mixed with the newly derived feature space at this stage. As a result, we have a smaller, labeled training set that can be fed into the classifier of our choosing. Several supervised learning algorithms exist, including classi- fication rule neural networks, decision trees, Random Forest, Convolutional Neural Network, and Deep Neural Network. In our work, we chose two supervised classifiers for this task: SVM and CNN.\u003c/p\u003e"},{"header":"IV. EXPERIMENTAL RESULTS","content":"\u003cp\u003eTensorFlow was employed as the backend in experiments on Windows 10, while Python and Keras were used for encoding. On the training platform, we train our model, then change the decision criteria and compute the effectiveness measures on the validation set. The production set, a dataset empty of labels, is then used to detect any abnormalities. The final phase is critical because when utilized in practice, the model will create predictions on real-time data without labels against which to compare them. It is always a good practice to hold out a production set to confirm that the model is not performing erratically on this unknown, labelless production set. Table\u0026nbsp;1 displays the testing results of our model for the UNSW-NB15 dataset [8].\u003c/p\u003e \u003cp\u003eTABLE I\u003c/p\u003e \u003cp\u003e \u003cspan type=\"SmallCaps\" class=\"SmallCaps\" name=\"Emphasis\"\u003eOverall performance (UNSW-NB15 dataset )\u003c/span\u003e \u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Taba\" border=\"1\"\u003e \u003ccolgroup cols=\"5\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c4\" colnum=\"4\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c5\" colnum=\"5\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eModel\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eAccuracy\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003eF1 score\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c4\"\u003e \u003cp\u003eRecall\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c5\"\u003e \u003cp\u003ePrecision\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eSVM\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e0.9958\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e0.9956\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e0.9962\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e0.9979\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eCNN\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e0.9966\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e0.9982\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e0.9978\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e0.9986\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003eSeveral studies have evaluated network intruder detection techniques, particularly those based on machine learning and deep learning techniques, using the UNSW-NB15 dataset. We will compare our method to those of four other researchers in this section: Breiman [9], Singh et al. [10], Kabir et al. [11], and Du et al. [12]. Table\u0026nbsp;2 compares our top UNSW-NB15 dataset results to those of other writers.\u003c/p\u003e \u003cp\u003eTABLE II\u003c/p\u003e \u003cp\u003e \u003cspan type=\"SmallCaps\" class=\"SmallCaps\" name=\"Emphasis\"\u003eComparison with other works available in the literature.\u003c/span\u003e \u003c/p\u003e\u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabb\" border=\"1\"\u003e \u003ccolgroup cols=\"2\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eType\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eACC(%)\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eOUR MODEL ( SVM)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e99.58\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eOUR MODEL ( CNN)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e99.66\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eRF [9]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e74.35\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eFGRNN [10]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e99.50\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eKabir [11]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e96.24\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eUMAP-RF [12]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e92.60\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003eIt can be shown that the accuracy of IDS-AI is higher than that of other models. In some instances, the results are global and do not specify which assaults were detected, and some of the models being compared do not include cross validation. Although some additional trials are required to compare our results to those given in the literature, the general results obtained demonstrate the suitability of using IDS-AI to detect intrusions in the dataset. The usage of these methods, while somewhat lowering the produced performance, keeps the findings benchmarked with other related study results.\u003c/p\u003e"},{"header":"V. CONCLUSION AND FUTURE WORKS","content":"\u003cp\u003eCyberattacks have become more frequent and sophisticated as a result of the expansion of Internet access. In order to improve the security of systems and data, a collection of contemporary techniques known as intrusion detection are used to monitor them. In this study, we show a dependable network intrusion detection method based on artificial intelli- gence. Preprocessing is being used to improve the discovery rate and precision of IDS based on data heterogeneity. For good data quality, a feature selection procedure based on the entropy choice method is handled before building the model. A revolutionary method is validated by the offered solutions, which guarantee accurate efficiency. The following datasets are used to compare the results: UNSW-NB15. As a consequence, when compared to current models, the new recommended network intrusion detection approach offers various benefits and high accuracy. Future studies will employ additional successful methods to raise our system\u0026rsquo;s detection rate and precision.\u003c/p\u003e"},{"header":"References","content":"\u003col class=\"decimal_type\"\u003e\n\u003cli\u003eCisco Annual Internet Report (2018\u0026ndash;2023). URL https://www.cisco.com/c/en/us/solutions/ collateral/executive- perspectives/annual-internetreport/white-paper-c11-741490.html (2018).\u003c/li\u003e\n\u003cli\u003eG. Fernandes, J. J. P. C. Rodrigues, and L. F. Carvalho, \u0026ldquo;A com- prehensive survey on network anomaly detection,\u0026rdquo; Telecommunication Systems, vol. 70, pp. 447\u0026ndash;489, (2019).\u003c/li\u003e\n\u003cli\u003eA. Guezzaz, A. Asimi, Z. Tbatou, Y. Asimi, and Y. Sadqi, \u0026ldquo;A global intrusion detection system using pcapsocks sniffer and multilayer per- ceptron classifier,\u0026rdquo; International Journal on Network Security, vol. 21, no. 3, pp. 438\u0026ndash;450, (2019).\u003c/li\u003e\n\u003cli\u003eA. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, \u0026ldquo;Survey of intrusion detection systems: techniques, datasets and challenges,\u0026rdquo; Cybersecurity, vol. 2, (2019).\u003c/li\u003e\n\u003cli\u003eA. Guezzaz, Y. Asimi, M. Azrour, and A. Asimi, \u0026ldquo;Mathematical vali- dation of proposed machine learning classifier for heterogeneous traffic and anomaly detection,\u0026rdquo; Big Data Mining and Analytics, vol. 4, no. 1, pp. 18\u0026ndash;24, (2021).\u003c/li\u003e\n\u003cli\u003eM. Rostami, K. Berahmand, E. Nasiri, and S. Forouzandeh, \u0026ldquo;Review of swarm intelli-gence-based feature selection methods,\u0026rdquo; Engineering Applications of Artificial Intelli-gence, vol. 100, Article ID 104210, (2021).\u003c/li\u003e\n\u003cli\u003eH. Alazzam, A. Sharieh, and K. E. Sabri, \u0026ldquo;A feature selection algorithm for intrusion detection system based on Pigeon Inspired Optimizer,\u0026rdquo; Expert Systems with Applications, vol. 148, Article ID 113249, (2020).\u003c/li\u003e\n\u003cli\u003eMoustafa N. and Slay J., \u0026ldquo;The evaluation of network anomaly detection systems: statistical analysis of the unsw-nb15 data set and the compar- ison with the kdd99 data set,\u0026rdquo; Information Security Journal: A Global Perspective, vol. 25, no. 1-3, pp. 18\u0026ndash;31, (2016).\u003c/li\u003e\n\u003cli\u003eBreiman L., Random forests Machine learning 45(1):5\u0026ndash;32. https://doi.org/10.1023/A:1010933404324, (2020).\u003c/li\u003e\n\u003cli\u003eSingh P., Jaykumar P. J., Pankaj A., Mitra R., Edge-Detect: Edge- centric Network Intru-sionDetection using Deep Neural Network, 2021 IEEE 18th Annual Consumer Communications Networking Conference (CCNC), DOI: 10.1109/CCNC49032.2021.9369469, (2021).\u003c/li\u003e\n\u003cli\u003eKabir M.H., Rajib M.S., Rahman A.S.M.T., Rahman M.M., Dey S.K., Network Intrusion Detection Using UNSW-NB15 Dataset: Stacking Machine Learning Based Approach, 2022 International Conference on Advancement in Electrical and Electronic Engineering (ICAEEE), (2022).\u003c/li\u003e\n\u003cli\u003eDu, X.; Cheng, C.; Wang, Y.; Han, Z. Research on Network Attack Traffic Detection HybridAlgorithm Based on UMAP-RF. Algorithms 2022, 15, 238. https://doi.org/10.3390/ a15070238, (2022).\u003c/li\u003e\n\u003c/ol\u003e"}],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":true,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"FSEG SFAX","isAcceptedByJournal":false,"isAuthorSuppliedPdf":false,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":false,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Intrusion Detection System, SVM, CNN, UNSW-NB15","lastPublishedDoi":"10.21203/rs.3.rs-4393621/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-4393621/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eTechnology and network industries have advanced quickly in recent decades.The expansion of piracy and the compromise of many existing systems has made it essential to develop information security solutions that can identify new threats. In order to address these issues, this work proposes a system called IDS-AI that is based on artificial intelligence techniques. It is capable of detecting recent and dispersed invasions. We employed an auto-encoder for features reduction and two models to assess CNN and SVM in order to evaluate our strategy. The experimental analysis of the dataset demonstrates the suggested model\u0026rsquo;s capability to produce reliable results. On the UNSW-NB15 dataset, our model actually achieves 99.58% and 99.66% accuracy for SVM and CNN, respectively.\u003c/p\u003e","manuscriptTitle":"Intrusion Detection System Using Hybrid model","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-05-10 05:34:08","doi":"10.21203/rs.3.rs-4393621/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"875f9353-1ccc-471e-98bf-d540dc2bfbc7","owner":[],"postedDate":"May 10th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[{"id":31708161,"name":"Artificial Intelligence and Machine Learning"}],"tags":[],"updatedAt":"2024-05-10T05:34:08+00:00","versionOfRecord":[],"versionCreatedAt":"2024-05-10 05:34:08","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-4393621","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-4393621","identity":"rs-4393621","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}

Text is read by the "Ask this paper" AI Q&A widget below. Extraction quality varies by source — PMC NXML preserves structure cleanly, OA-HTML may include some navigation residue, and OA-PDF can have broken hyphenation. The publisher copy (via DOI) is the canonical version.

My notes (saved in your browser only)

Ask this paper AI returns verbatim quotes from the full text · source: preprint-html

Answers must be backed by verbatim quotes from this paper's full text. Hallucinated quotes are dropped automatically; if no verbatim passage answers the question, we say so. How this works

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2024) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00