Intrusion detection method based on entity embedding and long short-term memory networks

doi:10.7523/j.issn.2095-6134.2020.04.016

Abstract

Abstract: Due to the inability to effectively deal with the representation of categorical variables in intrusion data, the network intrusion detection has low accuracy and high false negative rate. A method combining entity embedding and long short-term memory network (LSTM) is proposed. First, when the data is preprocessed, the numerical variable data and categorical variable data are separated, and the categorical variable data are mapped into an Euclidean space by using the entity embedding method to obtain a vector representation and then this vector is embedded into the numeric data to get the input data. Then, by inputting the data into the long short-term memory network, the parameters are updated by time back propagation. Thus the optimal embedded vector is obtained as the input feature, and a relatively optimal detection model of the LSTM network is also obtained through training. Experiments are carried out on the data set NSL-KDD, and the results show that entity embedding is an effective method to deal with categorical variables in network intrusion data. The model composed of LSTM network effectively improves the detection rate. In the processing of categorical variables, the accuracy of detection using entity embedding method increases by 1.44 percentage points and the false negative rate decreases by 2.99 percentage points, compared with those using the traditional One-Hot coding method.

Key words: entity embedding, LSTM, intrusion detection, categorical variables

CLC Number:

TP393.08

LAI Xunfei, LIANG Xuwen, XIE Zhuochen, LI Zongwang. Intrusion detection method based on entity embedding and long short-term memory networks[J]. , 2020, 37(4): 553-561.

References

[1] Yu D. Research on anomaly intrusion detection technology in wireless network[C]//2018 International Conference on Virtual Reality and Intelligent Systems. IEEE, 2018:540-543.
[2] Akoglu L, Tong H, Vreeken J, et al. Fast and reliable anomaly detection in categorical data[C]//Proceedings of the 21st ACM International Conference on Information and Knowledge Management. ACM, 2012:415-424.
[3] 和湘, 刘晟, 姜吉国. 基于机器学习的入侵检测方法对比研究[J]. 信息网络安全, 2018, 18(5):1-11.
[4] 魏书宁, 陈幸如, 唐勇, 等. AR-HELM算法在网络流量分类中的应用研究[J]. 信息网络安全, 2018, 18(1):9-14.
[5] Tang T A, Mhamdi L, McLernon D, et al. Deep recurrent neural network for intrusion detection in sdn-based networks[C]//20184th IEEE Conference on Network Softwarization and Workshops. IEEE, 2018:202-206.
[6] Yin C, Zhu Y, Fei J, et al. A deep learning approach for intrusion detection using recurrent neural networks[J]. IEEE Access, 2017, 5:21954-21961.
[7] Staudemeyer R C. Applying long short-term memory recurrent neural networks to intrusion detection[J].South African Computer Journal, 2015, 56(1):136-154.
[8] Tang T A, Mhamdi L, McLernon D, et al. Deep learning approach for network intrusion detection in software defined networking[C]//Wireless Networks and Mobile Communications, 2016 International Conference on. IEEE, 2016:258-263.
[9] Vinayakumar R, Soman K P, Poornachandran P. Applying convolutional neural network for network intrusion detection[C]//Advances in Computing, Communications and Informatics, 2017 International Conference on. IEEE, 2017:1222-1228.
[10] Potdar K, Pardawala T S, Pai C D. A comparative study of categorical variable encoding techniques for neural network classifiers[J]. International Journal of Computer Applications, 2017, 175(4):7-9.
[11] Guo C, Berkhahn F. Entity embeddings of categorical variables[J]. arXiv preprint arXiv:1604.06737, 2016.
[12] 於帮兵, 王华忠, 颜秉勇. 基于长短时记忆网络的工业控制系统入侵检测[J]. 信息与控制, 2018, 47(1):54-59.
[13] Dhanabal L, Shantharajah S P. A study on NSL-KDD dataset for intrusion detection system based on classification algorithms[J]. International Journal of Advanced Research in Computer and Communication Engineering, 2015, 4(6):446-452.
[14] Shijia E, Xiang Y. Entity search based on the representation learning model with different embedding strategies[J]. IEEE Access, 2017,5:15174-15183.
[15] Wu F, Song J, Yang Y, et al. Structured embedding via pairwise relations and long-range interactions in knowledge base[C]//AAAI. 2015:1663-1670.
[16] Yuan M, Wu Y, Lin L. Fault diagnosis and remaining useful life estimation of aero engine using LSTM neural network[C]//Aircraft Utility Systems, IEEE International Conference on. IEEE, 2016:135-140.
[17] De Brébisson A, Simon É, Auvolat A, et al. Artificial neural networks applied to taxi destination prediction[J]. arXiv preprint arXiv:1508.00021, 2015.
[18] Dai H, Dai B, Song L. Discriminative embeddings of latent variable models for structured data[C]//International Conference on Machine Learning, 2016:2702-2711.
[19] Amihai I, Chioua M, Gitzel R, et al. Modeling machine health using gated recurrent units with entity embeddings and K-means clustering[C]//2018 IEEE 16th International Conference on Industrial Informatics. IEEE, 2018:212-217.
[20] Vinayakumar R, Soman K P, Poornachandran P. Long short-term memory based operation log anomaly detection[C]//Advances in Computing, Communications and Informatics, 2017 International Conference on. IEEE, 2017:236-242.
[21] Duan L, Xiao Y. An Intrusion Detection model based on fuzzy C-means algorithm[C]//20188th International Conference on Electronics Information and Emergency Communication. IEEE, 2018:120-123.