Research Proposal

An Intrusion Detection System based on Deep Learning

Algorithm to detect DDoS Attacks

Submitted by:
Jahangir Shaikh
AUIC-21FL-MSCS-6248

Submitted to:
Dr. Yasir Awais Butt
(Assistant Professor)

Department of Computing and Engineering

Abasyn University Islamabad Campus

Page 1 of 17
 Table of Contents
Ser No Topic Page No

1. Table of Contents 2

2. List of Acronyms 3

3. Introduction 4

4. Literature Review 5

5. Gap Analysis 8

6. Problem statement 9

7. Objectives 9

8. Significance 10

9. Research Design & Methods 10

10. Performance Analysis 13

11. Plan and Thesis Requirement 14

12. References 15

Page 2 of 17
 List of Acronyms
AE: AutoEncoder
AI: Artificial Intelligence
ANN: Artificial Neural Network
AIDS: Anomaly Based Intrusion Detection System
BiLSTM: Bidirectional Long Short-Term Memory
CIA: Confidentiality Integrity Availability
CIC: Canadian Institute for Cybersecurity
CNN: Convolutional Neural Network
DBN: Deep Belief Network
DNN: Deep Neural Network
DIDS: Distributed Intrusion Detection System
DL: Deep Learning
DT: Decision Tree
DoS: Denial of Service
DDoS: Distributed Denial of Service
FN: False Negative
FP: False Positive
FS: Feature selection
HIDS: Host-based Intrusion Detection System
IDS: Intrusion Detection System
IPS: Intrusion Prevention System
KDD: Knowledge Discovery and Data mining
KNN: K-Nearest Neighbors
KMC: K-Means Classification
LSTM: Long Short-Term Memory
LDA: Linear Discriminant Analysis
MLP: MultiLayer Perceptron
ML: Machine Learning
NIDS: Intrusion Detection System
NB: Naïve Bayes
NSL-KDD: New Subset Labeled version of KDD'99 data set.
PCA: Principal Component Analysis
PCAP: Packet Capture
R2L: Remote To Local
ReLU: Rectifier Linear Unit
RNN: Reccurent Neural Network
RF: Random Forest
SDN: Software-Defined Networking
SIEM: Security Information and Event Management
SMOTE: Synthetic Minority Over-sampling Technique
TN: True Negative
TP: True Positive
U2R: User To Root

Page 3 of 17
1. Introduction
As the Internet continues to grow, network attacks are becoming more diverse and
common. According to the author [1] there will likely be more IP-connected devices by 2023,
which can generate a massive amount of IP traffic (up to 4.8ZB), posing major security
concerns. Furthermore, security threats such as zero day attacks targeting internet users have
increased. Denial-of-Service (DoS), Distributed denial of service (DDoS), probing, user-to-
root (U2R) and remote-to-local (R2L) are currently the most common types of attacks. DDoS
attacks are designed to bring down networks by preventing them from accessing the
resources they require to function. A DDoS attack occurs when a denial of service (DoS)
attack commences with a large number of source addresses. The volume of incoming
messages caused the target computer to shut down, preventing users from accessing it [2].
Recent DDoS attacks include those on the US Congress website, which was temporarily
disrupted on 12 July 2022, by a pro-Russian DDoS attack, and the Iranian Health Ministry
website, which went down on 17 July 2022, due to an Iranian cyberattack. Cisco predicts that
the total number of DDoS attacks will double from the 7.9 million seen in 2018 to something
over 15 million by 2023 [3].
Firewalls
and antivirus software are
insufficient to protect
networks from DDoS
attacks, while they
can be mitigated
by employing an intrusion detection system (IDS). An IDS is software or hardware that
detects malicious network activity that a regular firewall could miss [4] and protects the
system. It is a tool that safeguards the network from potential intrusions by monitoring
network traffic to ensure its confidentiality, integrity, and availability [23].
Artificial intelligence (AI) has enabled computers to learn from a dataset with
minimal human intervention. IDS has taken advantage of this capability. Machine learning
(ML) and deep learning (DL) are subfields of AI that were used in the construction of an
effective IDS [5]. Deep learning is one of the intriguing techniques that IDS have widely used
to improve their performance in protecting networks and hosts [6]. DL methods usually
involve three major steps: data preprocessing, training, and testing. Researchers are now
focusing on the use of deep learning methodologies in cybersecurity. The Recurrent Neural
Network (RNN), Auto Encoder (AN), Deep Neural Network (DNN), Convolutional Neural

Page 4 of 17
Network (CNN), and Long Short-Term Memory (LSTM) are some of the common
techniques applied to anomaly and malware detection.
Since the launch of the first IDS proposed by Jim Anderson in 1980 [23], it has
struggled with huge false positive rates and unpredictable attacks, which is a serious
challenge [6]. Researchers are continuously working on this challenge because the number of
false alarms imposes a significant burden on cybersecurity experts. IDS, as shown in Figure-1
must be constantly enhanced as networks evolve with the latest attacks including zero-day
attacks, and in lowering false alarm rates (FAR). Therefore, this study primarily aims to
increase the accuracy of an IDS. The goal of this proposal is to examine a dataset and
implement a deep learning approach to accurately predict DDoS attacks and provide more
precise detection results. Dimensionality reduction algorithms will be implemented for
feature selection and reducing dimensions. The CICIDS2017 [28] dataset will be used in this
research because it is newer, contains more sophisticated, prominent and realistic attacks.

Figure. 1 Intrusion Detection System

2. Literature Review
Many research studies on intrusion detection systems employing deep learning have
been published in recent years. This field of study has grown in prominence due to its ability
to learn and improve, making it incredibly effective and efficient in dealing with the alarming
growth in the number of unpredictable attacks. The use of deep learning techniques in the
design of IDS provides it with enhanced performance and accuracy. Denning [8] established
the first intrusion detection system, and studies have used numerous intrusion detection

Page 5 of 17
algorithms. Several researchers have concentrated their efforts on deep learning techniques in
order to develop effective IDS.
Fatima [9] proposed a deep learning solution for detecting attacks based on LSTM by
using the KDD99 dataset. The author uses PCA and MI dimensionality reduction and feature
selection techniques in both binary and multiclass classification. They noticed that
architectures based on PCA with two components had the best outcomes for both binary and
multiclass classification, with 99.44% and 99.39%, respectively, but they used an old dataset
with 2 features. DDoSNet, an intrusion detection system for DDoS attacks in SDN
environments, was proposed by Mahmoud et al. [10]. Their approach is fully based on the DL
methodology, which combines an RNN with an autoencoder. They examine the version that
uses the dataset CICDDoS2019, which contains a comprehensive set of DDoS attacks and
covers gaps in existing datasets. In comparison to previous benchmarking methodologies,
99% accuracy result obtained for specific algorithms are also a progress. Alazab et al. [11]
used the UNSW-NB15 dataset in a convolutional neural network architecture to undertake a
malicious network traffic classification experiment. They started by analysing the experiment
with a fully connected neural network (3 layers of 256, 1024, and 7 nodes) as a baseline for
comparison to CNN techniques. Despite the fact that the fully connected neural network got
the highest accuracy on the test data, the CNN performance accuracy was near as well,
despite having five to ten times fewer trainable parameters. Kim et al. [12] proposed an IDS
based on a RNN and Long Short-Term Memory (LSTM) architecture. They trained the model
using a KDD Cup 99 dataset (with 41 features) and trained the network with a time step size
of 100, batch size of 50, and epoch 500, achieving the greatest result of 98.93% accuracy on
test data. Naseer et al. [13] constructed an IDS using three different DNNs (CNN,
autoencoder, and RNN) on the NSL-KDD dataset. The same trial was conducted using three
traditional machine learning algorithms, i.e., decision tree, support vector machine, and k-
nearest neighbor. Their training performances were evaluated on two different test datasets,
NSLKDDTest+ and NSLKDDTest21, and the overall result showed that LSTM had the best
performance at 89% and DCNN was at 85%. The decision tree, support vector machine, and
k-nearest neighbor had a tie at 82%. Scientists who proposed the CICIDS2017 dataset [24]
with modern-day attacks have also applied KNN, RF, ID3, Adaboost, MLP, NB, and
Quadratic Discriminant Analysis (QDA) algorithms for evaluating their dataset.
Another example of such research was given by Datti and Verma [14]. They applied
Linear Discriminant Analysis algorithm. The primary goal of this study is to reduce the
dimensions of the traffic feature set using LDA. Ahmim et al. [15] proposed and tested a

Page 6 of 17
hierarchical model for intrusion detection on the CICIDS2017 dataset, where two classifiers
were trained, the first making a binary Attack or Benign prediction and the second a multi-
class classification between "Benign" and the types of attacks present in the dataset. Finally,
these outputs, along with all of the dataset attributes, were utilized to train a third classifier,
which similarly decided between "Benign" and an attack type. The authors investigated
numerous classifier combinations and found that using REP Tree, Jrip, and Forest PA as the
first, second, and third classifiers, respectively, yielded the best overall detection rate of
94.475%, accuracy of 96.665%, and false alarm rate of 1.145%. Zhang et al. [16] used a
hierarchical deep learning model, with a CNN extracting features from the first 160 bytes of
packets from packet captures, which were then fed into an LSTM. The performance of the
hybrid model was compared to that of a CNN or an LSTM alone. On the CICIDS2017
dataset, the hierarchical model had a higher F1 score of 99.88% than the others for binary
classification, however, for multi-class classification, the plain CNN had a higher F1 score of
99.94% versus 99.91% for the hybrid model. The models were also trained on the CTU
dataset, with the hierarchical model achieving the highest F1 score metric scores of 99.87%
for binary classification and 99.82% for multiclass classification, respectively. Abdulhammed
et al. [17] used two dimensionality reduction techniques, SAEs and Principal Component
Analysis (PCA), on the CICIDS2017 flow dataset, reducing the original 81 features to as few
as 59 and 10, respectively, with satisfactory results. Random Forests (RFs) generated the
greatest results for binary classification with an f-measure of 0.997 when applied to the
findings of PCA or SAE, despite the fact that PCA produced considerably fewer features for
those results (10 vs. 70). The best f-measure for multi-class classification, 99.7%, was
similarly attained by RFs applied to PCA results, however this time utilizing 30 PCA features.
Based on their findings, the study concludes that PCA outperforms SAE.

Yin et al. [18] suggest RNN-based IDS in the context of binary and multiclass
classification of the NSL-KDD dataset. The model was evaluated with a variety of hidden
nodes and learning rates. The results revealed that varied learning rates and the amount of
hidden nodes alter the model's accuracy. For binary and multi class cases, the best accuracy
was found with 80 hidden nodes and learning rates of 0.1 and 0.5. When compared to ML
methods and a reduced-size RNN model, the proposed model performed well. The key
weakness of this study is the increased computational processing, which results in a long
model training time and a reduced detection rate for the R2L and U2R classes. Author does
not compare performance of model with other DL methodologies. Xu et al. [19] proposed an
RNN based IDS with GRU as the main memory with multilayer perceptron and a softmax

Page 7 of 17
classifier. The methodology is evaluated using the KDD Cup'99 and NSL-KDD datasets.
When compared to other techniques, the experimental findings demonstrated good detection
rates. The main disadvantage of their model is that it has poorer detection rates for minority
attack classes like U2R and R2L. The DDoS attack detection method proposed in [20] use
deep learning to extract the most useful features from low-level features and achieves
reasonable results. DDoS attack detection is structured as a sequence classification. The deep
defense in this study is made up of RNN, CNN, and fully connected layers. To further
validate the findings of this RRN-based technique, it should be evaluated on datasets
containing a variety of DoS and DDoS attacks and compared with other shallowmodels. Jiang
et al. [21] used an LSTM RNN to detect a multi-channel attacks. It preprocesses data and
implements feature abstraction, training, and detection steps to improve detection rate. Data
preprocessing produces high-quality data, which can then be used to create a variety of
features. They trained neural networks with a variety of features and classified the attacks.
Kasongo et al. [22] proposed DLSTM, an IDS method that uses a deep LSTM-based
classifier and benefits from several LSTM layers coupled to a DFFL to detect intrusions.
They compared their approach against Nave Bayes, SVM, random forests, KNN, and deep
feed-forward neural networks using the NSL-KDD dataset. Nevertheless, as they specified,
additional evaluations on various datasets and attacks are required to validate the attained
results and improvements. A more recent review of the field was conducted by Ahmad et al.
[23]. This study demonstrates that the problem with data is persists. In reference [24], they
proposed a new dataset named as the CICIDS2017. Their IDS experiments were performed
over seven well-known machine learning classifiers, namely AdaBoost, Random Forest,
Naive Bayes, ID3, MLP, KNN, and QDA. They claim that the highest accuracy was achieved
by KNN, RF, and ID3 algorithms, but this work was lack of accuracy rate results. In the
relevant works, it is witnessed that too many studies make use of old datasets. A useful
dataset should include both old and new attacks, with a fair proportion of both. Otherwise,
there will be a performance gap between often occurring attack classes and less frequently
occurring attack classes.
3. Gap Analysis
IDS are prone to false positives and unpredictable attacks. A deep learning algorithm
used to evaluate the dataset to forecast future intrusions and get more realistic detection
results. The research on employing DL approaches for IDS is still in its early stages, and there
is still a lot to learn about using IDS to detect intrusions in the network. In this synopsis, a
deep learning approach based on LSTM to develop an IDS that detects DDoS attacks using

Page 8 of 17
an updated intrusion detection CICIDS2017 dataset. LSTM was chosen since Recurrent
Neural Networks (RNN) extends the capabilities of the traditional feed-forward neural
network and is designed to model the sequence data. Moreover, when the features are more
discriminative, the performance of an IDS improves dramatically. PCA is used as
dimensionality reduction.
4. Problem Statement
The number of devices and services has grown in parallel with the advancement of
technology. DDoS is the most common type of attack. The bulk of DDoS attacks are the
result of malicious software installed without the user's consent. There will never be a
completely foolproof system, but we can make it more difficult for attackers. Intrusion
detection has been an important defence against malicious network attacks. When working
with diverse labelled public datasets, scholars have encountered problems that have proven
challenging to solve using DL techniques.
Furthermore, High dimensional features in DL cause a lengthy classification
procedure. Data with an imbalanced class distribution has hampered the performance of most
well known classifiers. Therefore, in this study the efficacy of a deep learning approach to
construct an IDS based on Long Short-Term Memory (LSTM) using an updated and efficient
intrusion detection dataset CICIDS2017 to detect DDoS attacks, which is a crucial facet of a
cyber defence strategy and a fascinating area of research.

5. Objectives
The primary goal of this research is to create a deep learning based intrusion detection
system for detecting DDoS attacks. The proposed anomaly-based IDS is based on the LSTM
approach, with Principal Component Analysis (PCA) employed to reduce the curse of
dimensionality and boost computational efficiency. To analyse the model's efficiency, a
number of significant performance evaluation measures, such as accuracy, recall, precision,
FAR, F1score, and confusion matrix, are considered. The following are the specific sub-
objectives:
a. To detect attacks in the context of an intrusion detection system, with the aim
of obtaining high precision and a low false positive rate .
b. To monitor the network in order to detect DDoS attacks.
c. To develop and implement an IDS to detect DDoS attacks using deep learning
methods such as LSTM, and achieve effective dimensionality reduction of
features using PCA.

Page 9 of 17
 d. To evaluate the effectiveness of a deep learning strategy using the most recent
and realistic intrusion detection dataset, CICIDS2017.
6. Significance
In today’s cyber environment network intrusions have become quite frequent. IDS are
used to identify suspicious and harmful activity through network traffic. IDS based on deep
learning techniques have proven useful in detecting network attacks. Moreover, even for a
small network, the number of features collected from raw network data that an IDS must
check is usually large and majority of the retrieved data is useless and noisy, resulting in the
inclusion of irrelevant features that will degrade the classifier's performance. Therefore,
dimensionality reduction algorithms, such as PCA is crucial to select informative data.
7. Research Design & Methods
Deep learning algorithm used to evaluate the dataset to forecast future intrusions and
get more realistic detection results. In this synopsis, a deep learning approach based on
LSTM to develop an IDS that detects DDoS attacks using an updated intrusion detection
CICIDS2017 dataset is proposed. The methodology is consists of three major steps:
Preprocessing of dataset, training of model and testing of model, Figure 2 describes all the
necessary steps required to carry out the study.

7.1 Data Preprocessing

Correctly preparing the data can have a significant impact on the results in
deep learning. CICIDS2017 dataset files are in pcap format as well as a CSV file
including some of the traffic. It has a total of 79 features. This dataset is incomplete
since it contained many Nan and whitespace characters that need to be removed. The
redundant feature in the CICIDS2017 dataset is removed from every trafic sample.

Page 10 of 17
Furthermore, the 6 features that introduce unwanted bias are also removed to increase
the effectiveness of the intrusion detection system. Steps involved in Data
Preprocessing are as follows:
 Import Libraries
 Import Dataset
 Check any missing values
 Encoding Categorical Data
 Split the dataset into Training and Test
 Feature Scaling
7.2 Feature Selection
Feature selection is also referred to as feature reduction and is responsible for
selecting a set of features based on criteria. This process enables rapid model
construction and training based on specific features, which reduces training and
testing time and improves performance. In our study we use Principal Component
Analysis (PCA) dimensionality reduction techniques. Most commonly used methods
for dimensionality reduction finds a transformation that reduces the dimensionality of
the data while accounting for as much variance as possible. PCA is the oldest
technique in multivariate analysis. The fundamental concept of the PCA is the
projection-based mechanism. Here, the original dataset X € R n with n columns
(features) is projected into a subspace with k or lower dimensions representation X €
RK (fewer columns), while retaining the essence of the original data [17].

7.3 Proposed Model

Hochreiter suggested LSTM as an innovative gradient-based technique to
overcome the issues introduced in [25]. RNNs are ineffective at learning long-term
dependencies, according to previous studies. LSTMs, on the other hand, are designed
to address this issue and have shown the ability to learn long-term dependencies while
maintaining short-time lag capabilities. The Long Short-Term Memory model is
proposed in this study. As the name implies, this technique (Long Short-Term
Memory) is capable of remembering information for extended periods of time. RNN
design's hidden layers are straightforward, consisting of a single tanh layer, on the
other hand, LSTM architecture is more robust, with four hidden layers, as shown in
Figure 3. It proceeds by executing three important step operations known as "gates":
the forget gate, the input gate, and the output gate. The most significant aspect of

Page 11 of 17
LSTM is the cell state. To safeguard information added or deleted from the cell state,
gates with sigmoid functions are used (1 allows modification and 0 denies) [9].

 Input Gate : The input gate allows for the entry of optional information from
the current cell state. It determines which information is relevant to the current
input and allows it to enter.
 Output Gate: This gate is responsible for updating and completing the next
hidden state. Because the hidden state contains critical data regarding previous
cell inputs, it selects which information it should carry for producing the
output for the final time.
 Forget Gate: The forget gate is particularly clever in deleting unnecessary
information; it multiplies 0 to tokens that are not important or relevant and
allows them to be forgotten permanently.
Following the data preprocessing stage, the data is fed into the LSTM model.
The ratio of 20% for testing and validation and 80% for training is typical in machine
learning algorithms. The parameters used to build the LSTM model follow a standard
Page 12 of 17
 LSTM method. The input size represents the number of features in the CICIDS2017
dataset. The number of units/neurons in each of the model's four layers is the hidden
size [27]. As the dataset is massive and complex, increasing the number of layers
might be useful. As seen in [28], as the number of layers grows, LSTM performs
better, depending on the size of the dataset. Number of output feature reflects the
number of classes in the CICIDS2017 dataset.

7.4 Tools
The implementation of the approach will be in Python using the Numpy,
Pandas, Matpltlib and SKlearn libraries.
 NumPy is a Python library that provides a multidimensional array object, and
tools used to implement these arrays.
 Pandas is a Python library used for data manipulation and analysis. More
specifically, it provides the ability to manipulate numerical tables and time
series.
 Matplotlib is a Python library used for visualization. It is used to create static,
interactive, and animated visualizations.
 Scikit-learn or so-called sklearn is a python library that is built on NumPy,
SciPy and Matplotlib, and used for predictive data analysis.
8. Performance Analysis
The confusion matrix will be use for monitoring model performance. It gives a
formula for calculating true positives (properly recognized attacks), true negatives
(correctly identified benign traffic), false positives (benign traffic labelled as attack),
and false negatives (attacks labelled as benign traffic). Accuracy, recall, precision,
FAR, and F1score metrics can be calculated using these values. The equations are as
follows:

where TP is true positive, FP is false positive, TN is true negative, and FN is false

negative.

Page 13 of 17
  Accuracy: It is a metric that calculates the number of right predictions out of
all predictions generated by the model. Accuracy works best with a balanced
dataset and is biassed with an imbalanced dataset.
 Precision: It is a metric that calculates the number of correct optimistic
predictions divided by the total number of positive predicted values. A
significant number of False Positives is indicated by a poor precision value.
 Recall: This metric is calculated by dividing the True Positives by the sum of
True Positive and False Negative predictions. A low recall value suggests a
large number of False Negatives in this situation.
 F1 score: It is the harmonic mean of the recall and precision measurements. It
works best with an unevenly distributed dataset.
9. Plan and Thesis Requirement
Research work has been divided into five phases as per following details:-
a. Phase 1 - Problem Identification/ Do-ability Analysis
b. Phase-2 - Literature Review
c. Phase-3 - Data acquisition and Preprocessing
d. Phase-4 - Create and train model
e. Phase-5 - Predict and Evaluate

Research Plan 2022/23 Oct Nov Dec Jan Feb Mar Apr May
Selection of Base Paper
Problem Identification/
Do-ability Analysis
Literature Review
Reviewing the
techniques used in base
paper
Proposal writing
Thesis I Presentation
Implementation
Thesis writing
Thesis Defense

Page 14 of 17
10. References

1. Macas, M. and Wu, C., 2020, November. Deep Learning Methods for
Cybersecurity and Intrusion Detection Systems. In 2020 IEEE Latin-American
Conference on Communications (LATINCOM) (pp. 1-6). IEEE.
2. Rajakumaran, G., Venkataraman, N. and Mukkamala, R.R., 2020. Denial of
Service Attack Prediction Using Gradient Descent Algorithm. SN Computer
Science, 1(1), pp.1-8.
3. https://www.a10networks.com/blog/5-most-famous-ddos-attacks
4. Khraisat, A., Gondal, I., Vamplew, P. and Kamruzzaman, J., 2019. Survey of
intrusion detection systems: techniques, datasets and challenges. Cybersecurity,
2(1), pp.1-22.
5. Halbouni, A., Gunawan, T.S., Habaebi, M.H., Halbouni, M., Kartiwi, M. and
Ahmad, R., 2022. CNN-LSTM: Hybrid Deep Neural Network for Network
Intrusion Detection System. IEEE Access, 10, pp.99837-99849.
6. Lansky, J., Ali, S., Mohammadi, M., Majeed, M.K., Karim, S.H.T., Rashidi, S.,
Hosseinzadeh, M. and Rahmani, A.M., 2021. Deep learning-based intrusion
detection systems: a systematic review. IEEE Access, 9, pp.101574-101599.
7. Liu, H. and Lang, B., 2019. Machine learning and deep learning methods for
intrusion detection systems: A survey. applied sciences, 9(20), p.4396.
8. Denning, D.E., 1987. An intrusion-detection model. IEEE Transactions on
software engineering, (2), pp.222-232.
9. FatimaEzzahra, L., Samira, D., Khadija, D. and Badr, H., 2021. Intrusion detection
systems using long short-term memory (LSTM). Journal of Big Data, 8(1).
10. Elsayed, M.S., Le-Khac, N.A., Dev, S. and Jurcut, A.D., 2020, August. Ddosnet:
A deep-learning model for detecting network attacks. In 2020 IEEE 21st
International Symposium on" A World of Wireless, Mobile and Multimedia
Networks"(WoWMoM) (pp. 391-396). IEEE.
11. Millar, K., Cheng, A., Chew, H.G. and Lim, C.C., 2019. Using convolutional
neural networks for classifying malicious network traffic. In Deep Learning
Applications for Cyber Security (pp. 103-126). Springer, Cham.
12. Kim, J., Kim, J., Thu, H.L.T. and Kim, H., 2016, February. Long short term
memory recurrent neural network classifier for intrusion detection. In 2016
international conference on platform technology and service (PlatCon) (pp. 1-5).
IEEE.
13. Naseer, S., Saleem, Y., Khalid, S., Bashir, M.K., Han, J., Iqbal, M.M. and Han, K.,
2018. Enhanced network anomaly detection based on deep neural networks. IEEE
access, 6, pp.48231-48246.
14. Datti, R. and Verma, B., 2010. B.: Feature reduction for intrusion detection using
linear discriminant analysis. In International Journal on Engineering Science and
Technology.
15. Ahmim, A., Maglaras, L., Ferrag, M.A., Derdour, M. and Janicke, H., 2019, May.
A novel hierarchical intrusion detection system based on decision tree and rules-
based models. In 2019 15th International Conference on Distributed Computing in

Page 15 of 17
 Sensor Systems (DCOSS) (pp. 228-233). IEEE.
16. Zhang, Y., Chen, X., Jin, L., Wang, X. and Guo, D., 2019. Network intrusion
detection: Based on deep hierarchical network and original flow data. IEEE
Access, 7, pp.37004-37016.
17. Abdulhammed, R., Musafer, H., Alessa, A., Faezipour, M. and Abuzneid, A.,
2019. Features dimensionality reduction approaches for machine learning based
network intrusion detection. Electronics, 8(3), p.322.
18. Yin, C., Zhu, Y., Fei, J. and He, X., 2017. A deep learning approach for intrusion
detection using recurrent neural networks. Ieee Access, 5, pp.21954-21961.
19. Xu, C., Shen, J., Du, X. and Zhang, F., 2018. An intrusion detection system using
a deep neural network with gated recurrent units. IEEE Access, 6, pp.48697-
48707.
20. Yuan, X., Li, C. and Li, X., 2017, May. DeepDefense: identifying DDoS attack via
deep learning. In 2017 IEEE international conference on smart computing
(SMARTCOMP) (pp. 1-8). IEEE.
21. Jiang, F., Fu, Y., Gupta, B.B., Liang, Y., Rho, S., Lou, F., Meng, F. and Tian, Z.,
2018. Deep learning based multi-channel intelligent attack detection for data
security. IEEE transactions on Sustainable Computing, 5(2), pp.204-212.
22. Kasongo, S.M. and Sun, Y., 2020. A deep long short-term memory based classifier
for wireless intrusion detection system. ICT Express, 6(2), pp.98-103.
23. Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J. and Ahmad, F., 2021.
Network intrusion detection system: A systematic study of machine learning and
deep learning approaches. Transactions on Emerging Telecommunications
Technologies, 32(1), p.e4150.
24. Sharafaldin, I., Lashkari, A.H. and Ghorbani, A.A., 2018. Toward generating a
new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1,
pp.108-116.
25. Hochreiter S, Schmidhuber J. Long short-term memory. Neural Comput.
1997;9(8):1735–80.
26. Mujeeb, S., Javaid, N., Ilahi, M., Wadud, Z., Ishmanov, F. and Afzal, M.K., 2019.
Deep long short-term memory: A new price and load forecasting scheme for big
data in smart cities. Sustainability, 11(4), p.987.
27. Sak, H., Senior, A. and Beaufays, F., 2014. Long short-term memory based
recurrent neural network architectures for large vocabulary speech recognition.
arXiv preprint arXiv:1402.1128.
28. CICIDS2017 dataset. URL: https://www.unb.ca/cic/datasets/ids- 2017.html

Page 16 of 17
Recommendations of Evaluation Committee for Proposal:

Considered by ECP and forwarded to GSC

Report of Action Taken on the recommendations of the Graduate Study Committee:

Considered by GSC and forwarded to GSRMC

Page 17 of 17