Detection and classification of network attacks using the deep neural network cascade

Abstract

This article shows the relevance of developing a cascade of deep neural networks for detecting and classifying network attacks based on an analysis of the practical use of network intrusion detection systems to protect local computer networks. A cascade of deep neural networks consists of two elements. The first network is a hybrid deep neural network that contains convolutional neural network layers and long short-term memory layers to detect attacks. The second network is a CNN convolutional neural network for classifying the most popular classes of network attacks such as Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode, and Worms. At the stage of tuning and training the cascade of deep neural networks, the selection of hyperparameters was carried out, which made it possible to improve the quality of the model. Among the available public datasets, one of the current UNSW-NB15 datasets was selected, taking into account modern traffic. For the data set under consideration, a data preprocessing technology has been developed. The cascade of deep neural networks was trained, tested, and validated on the UNSW-NB15 dataset. The cascade of deep neural networks was tested on real network traffic, which showed its ability to detect and classify attacks in a computer network. The use of a cascade of deep neural networks, consisting of a hybrid neural network CNN + LSTM and a neural network CNN has improved the accuracy of detecting and classifying attacks in computer networks and reduced the frequency of false alarms in detecting network attacks