Intrusion detection can determine whether a network packet contains an attack and is crucial to information security. Preprocessing is the basis for better intrusion detection performance. Existing intrusion detection preprocessing methods usually require a large number of manual experience extraction features. Manually extracted features do not have the ability to accurately characterize network packets.
Signature-based detection is capable of detecting known attack behavior, and anomaly-based detection is used to discover unknown attack behavior by detecting the features of network packets. It is critical to find a feature set that characterizes network packets as accurately as possible. However, existing feature extraction methods suffer from low accuracy and low detection rate.
In a study published online in IEEE Access, researchers from the Institute of Acoustics of the Chinese Academy of Sciences investigated variant gated recurrent units (GRU) with encoders to preprocess packets for payload-aware intrusion detection, and they achieved higher accuracy and detection rates than three existing methods.
There are two problems remaining in the existing Intrusion Detection System (IDS) algorithm. One is that much manual experience is required to preprocess data packets for network packets. The other is that the complex structure of neural networks leads to the disadvantages of large memory usage and increased power consumption.
For the first problem, the researchers introduced the encoded gated recurrent unit (E-GRU). This algorithm used an encoder to automatically preprocess network packets. The encoder gave a better representation of the input than the original raw input, and the encoder was the compression of the input data which was the important features of the input. After that, the extracted features were used as the input to the GRU for intrusion detection.
For the second problem, the researchers introduced the encoded binarized gated recurrent unit (E-BinGRU). Binary weights and activation of gated recurrent units with encoders were investigated for payload-aware intrusion detection to reduce memory size for the first time.
The proposed models, E-GRU and E-BinGRU, was evaluated based on the ISCX2012 data set. According to the results, the detection rate (DR) of the E-GRU reached 99.9%, and E-GRU achieved the best performance regarding the DR of attack network packet exceeding those of the other methods by 3%. The accuracy of the E-BinGRU was 99.7%, which was higher than that of the Bin-GRU without the encoder. The accuracy of the E-GRU was 99.9%, which was as high as that of the GRU.
The test of the worst cases confirmed the performance stability with respect to accuracy, detection rate, and false alarm rate. In order to reduce memory size, the researchers used E-BinGRU for network intrusion detection. E-BinGRU drastically reduced memory size and replaced most arithmetic operations with bit-wise operations, which was expected to substantially improve power-efficiency. The results showed that memory usage shrunk to 1/21 by using binary weights and activation.
52 Sanlihe Rd., Xicheng District,
Beijing, China (100864)