Publication: Intrusion Detection by Deep Learning with TensorFlow
8
Issued Date
2019-04-29
Resource Type
ISSN
17389445
Other identifier(s)
2-s2.0-85065659520
Rights
Mahidol University
Rights Holder(s)
SCOPUS
Bibliographic Citation
International Conference on Advanced Communication Technology, ICACT. Vol.2019-February, (2019), 654-659
Suggested Citation
Navaporn Chockwanich, Vasaka Visoottiviseth Intrusion Detection by Deep Learning with TensorFlow. International Conference on Advanced Communication Technology, ICACT. Vol.2019-February, (2019), 654-659. doi:10.23919/ICACT.2019.8701969 Retrieved from: https://repository.li.mahidol.ac.th/handle/123456789/50851
Research Projects
Organizational Units
Authors
Journal Issue
Thesis
Title
Intrusion Detection by Deep Learning with TensorFlow
Author(s)
Other Contributor(s)
Abstract
© 2019 Global IT Research Institute (GIRI). Nowadays intrusion detection systems (IDS) plays an important role in organizations since there are a ton of cyber attacks which affect to security issues: confidential, integrity, availability. Currently, there are many open source tools for intrusion detection but they have different syntax of rules and signatures which cannot be used across different tools. In this paper, we propose an intrusion detection technique by using deep learning model which can classify different types of attacks without human-generated rules or signature mapping. We apply the supervised deep learning technology which are RNN, Stacked RNN, and CNN to classify five popular types of attacks by using Keras on the top of TensorFlow. Our technique requires only the packet header information and does not need any user payload. To verify the performance, we use MAWI dataset which are pcap files and compare our results with Snort IDS. Due to the lack of user payloads, the results show that Snort could not detect the network scan attack via ICMP and UDP. Meanwhile, we prove that RNN, Stacked RNN, and CNN can be used to classify attack for Port scan, Network scan via ICMP, Network scan via UDP, Network scan via TCP, and DoS attack with high accuracy. RNN delivers the highest accuracy.