Article Preview
TopIntroduction
The advancement in Internet technology has led to an increase in the number of internet connections. According to the InternetWorldStats, the world internet user statistics has reached 4,574,150,134 connections. The global infrastructure security reported by Netscout’s 14th annual worldwide infrastructure security report says that the attack rates are now at terabits level. In recent years, the enterprises are facing challenges such as DDoS attacks, ransomware and insider threats. These intrusions produce substantial economic loss to the organizations by disrupting the infrastructure and the network availability as well as in public sectors due to the ongoing political instability around the world. Moreover, the attackers target more on the essential elements of digital transformation, such as SaaS and services using the cloud. It’s high time for both the enterprises as well as service providers to mitigate these attacks to safeguard the digital services which are connecting us to the world.
The Network intrusion detection systems (NIDS) are one among the techniques used for mitigating from these attacks. The NIDS employed in the identification of malicious activities that threaten the network resource’s availability, confidentiality and integrity. The NIDS are of two kinds: signature-based detection system and anomaly-based detection system. In the signature-based detection system, the well-known attacks identified easily using user behaviour patterns. In the anomaly-based detection system, the unknown attacks identified, but these systems are prone to high false alarm rates. Most of the existing NIDS solutions are signature-based detection systems. These systems follow strict rules in detecting the attacks and also, these systems suffer from high false alarm rates and high computing cost, which makes NIDS challenging to install in large practical applications.
Some of the existing techniques in literature for detecting these attacks using shallow machine learning techniques, namely: SVM, artificial neural networks, k-nearest neighbour, decision trees and random forest. These techniques provide improved accuracy rate in detecting these attacks, but these techniques need domain expert knowledge, the computational cost is high as well as prone to errors. (Hodo et al., 2017) stated the drawbacks of each conventional technique which are as follows: Bayesian network classifies the dataset with more features very slowly. Support vector machines lacks straight forward selection of is kernel function. Training is also very slow and requires more memory. KNN techniques is computationally complex as testing a small sample requires all the training samples. Decision Tree involves overfitting issue if the trees are not pruned back and also, it requires data type (categorical or numerical) consideration before building a tree. K-means technique works only for numerical data and results of the clustering depend on the selection of the cluster centers while initialisation the K-values. Fuzzy Logic involves high levels of generality in constructing a fuzzy system and also, it requires high consumption of resources.
To address the above shortcomings of conventional techniques, in the recent years, deep learning, a subset of machine learning has received its focus in the field of NIDS (LeCun et al.,2015). The deep learning has shown its superiority with its layer-wise feature learning capabilities can better perform than the conventional shallow learning techniques. Deep learning has also been successfully applied in the wide of applications, such as speech recognition, face recognition, disease classification and prediction, weather forecasting. These systems provide a more in-depth analysis of the network as well as faster detection of attacks. The performances of the deep learning technique are better when compared with the existing shallow machine learning techniques.