RUS  ENG
Full version
JOURNALS // Proceedings of the Institute for System Programming of the RAS // Archive

Proceedings of ISP RAS, 2023 Volume 35, Issue 4, Pages 65–92 (Mi tisp801)

Deep learning applications for intrusion detection in network traffic

A. I. Get'manabcd, M. N. Goryunove, A. G. Matskeviche, D. A. Rybolovleve, A. G. Nikolskayae

a Ivannikov Institute for System Programming of the RAS
b Lomonosov Moscow State University
c Moscow Institute of Physics and Technology
d National Research University Higher School of Economics
e Akademy of FGS of Russia

Abstract: The paper discusses the issues of applying deep learning methods for detecting computer attacks in network traffic. The results of the analysis of relevant studies and reviews of deep learning applications for intrusion detection are presented. The most used deep learning methods are discussed and compared. The classification system of deep learning methods for intrusion detection is proposed. Current trends and challenges of applying deep learning methods for detecting computer attacks in network traffic are identified. The CNN-BiLSTM neural network is synthesized to assess the applicability of deep learning methods for intrusion detection. The synthesized neural network is compared to the previously developed model based on the use of the Random Forest classifier. The usage of the deep learning method enabled to simplify the feature engineering stage, and evaluation metrics of Random Forest and CNN-BiLSTM models are close. This confirms the prospects for the application of deep learning methods for intrusion detection.

Keywords: information security, network intrusion detection system, intrusion detection, machine learning, deep learning, neural network, convolutional neural network, random forest, network traffic, computer attack

DOI: 10.15514/ISPRAS-2023-35(4)-3



© Steklov Math. Inst. of RAS, 2024