An Intrusion Detection System for Imbalanced Dataset Based on Deep Learning

Anomaly based Network intrusion detection system(NIDS), which is the methodology used for detecting new attacks, has achieved promising performance with the adoption of deep learning(DL). However, these NIDSs still have shortcomings. Most of the datasets used for NIDS are highly imbalanced, where the number of samples that belong to normal traffic is much larger than the attack traffic. The problem of imbalanced class limits the deep learning classifier's performance for minority classes by misleading the classifier to be biased in favor of the majority class. To improve the detection rate for minority classes while ensuring efficiency, this study proposes a hybrid approach to handle the imbalance problem. This hybrid approach is a combination of Synthetic Minority Over-Sampling (SMOTE) and under-sampling to reduce noise using Tomek link. Additionally, this study uses two deep learning models such as Long Short-Term Memory Network (LSTM) and Convolutional Neural Network (CNN) to provide a better intrusion detection system. The advantage of our proposed model is tested in NSL-KDD and CICIDS2017 datasets. We use 10-fold cross validation in this work to train the learning models and an independent test set for evaluation. The experimental results show that in the multiclass classification with NSLKDD dataset, the proposed model reached an overall accuracy and Fscore of 99.57% and 98.98% respectively on LSTM, an overall accuracy and Fscore of 99.70% and 99.27% respectively for CNN. And with CICICD2017 an overall accuracy and Fscore of 99.82% and 98.65 % respectively on LSTM, an overall accuracy and Fscore of 99.85% and 98.98% respectively for CNN.