Intrusion Detection by Deep Learning with TensorFlow

Abstract

© 2019 Global IT Research Institute (GIRI). Nowadays intrusion detection systems (IDS) plays an important role in organizations since there are a ton of cyber attacks which affect to security issues: confidential, integrity, availability. Currently, there are many open source tools for intrusion detection but they have different syntax of rules and signatures which cannot be used across different tools. In this paper, we propose an intrusion detection technique by using deep learning model which can classify different types of attacks without human-generated rules or signature mapping. We apply the supervised deep learning technology which are RNN, Stacked RNN, and CNN to classify five popular types of attacks by using Keras on the top of TensorFlow. Our technique requires only the packet header information and does not need any user payload. To verify the performance, we use MAWI dataset which are pcap files and compare our results with Snort IDS. Due to the lack of user payloads, the results show that Snort could not detect the network scan attack via ICMP and UDP. Meanwhile, we prove that RNN, Stacked RNN, and CNN can be used to classify attack for Port scan, Network scan via ICMP, Network scan via UDP, Network scan via TCP, and DoS attack with high accuracy. RNN delivers the highest accuracy.