CONVOLUTIONAL NEURAL NETWORK BASED NETWORK INTRUSION DETECTION SYSTEM FOR CYBER-ATTACKS

Abstract

Cyber–attacks account for one-third of all service downtime incidents in networks. These attacks are not only limited to shutting down the network services, but also introduce other malicious attacks such as data theft, Denial of Service (DoS), or even malware that can comprise the network. An effective cyber security plan can no longer rely solely on antiviruses and firewalls to counter these attacks; it must include a model of defense for detection. The purpose of Intrusion Detection System (IDS) is to monitor traffic (packets) going through the network and analyse them for any signs of intrusion to defend and protect the network from cyber-attacks that intend to compromise the network. In this research, modeling of Convolutional Neural Network based IDS is of great value to be able to identify and classify attacks. The Knowledge discovery in databases (KDD) Cup ’99 dataset containing approximately 4,900,000 single connection vectors was splitted into two; 75% of the total dataset was used during the learning process of the machine learning technique, while 25% was used on a fully trained model to validate and evaluate its performance. The model training performed on the KDD Cup ’99 dataset containing 41 features which include 21 types of attacks was classified into 4 different groups namely; DoS attack, U2R(User to Root), R2L(Remote to Local), Network Probe (Probing), or as a normal. The recorded performance of the model using Recall, Precision, and F1-measure was 98.7%, 98.4%, and 98.5% respectively, all on a scale of (0.00 - 1.00). The performance of the model indicated that it can detect and classify different classes of attacks with an accuracy of 98% with 20 epochs at a 0.001 learning rate using machine learning. The model loss for the training and validation was 7.48% and 7.98% respectively over 20 epochs which implies that the model has better performance on the training dataset that was used.