Elevating cybersecurity using AI and

deep learning for intrusion detection

reinforcement
DONE BY:
DEEPIKA.S
Department of CSE,
GLOBAL INSTITUTION OF TECHNOLOGY AND ENGINEERING.
UNDER SUPERVISION OF:
MANJUNATHAN.M Assistant Professor,
Department of IT,
GLOBAL INSTITUDE OF TECHNOLOGY AND ENGINEERING
 ABSTRACT
❖ The use of an Intrusion Detection System (IDS) is crucial in the field of cyber security as it allows for the
monitoring and identification of intrusion attacks.
❖ This paper aims to analyze recent advancements in IDS using the Deep Learning (DL) approach,
specifically focusing on the dataset, DL algorithms, and metrics used.
❖ Traditional methods such as firewalls, which primarily focus on data filtering, may not be sufficient in
identifying all types of attacks in a timely manner.
❖ In order to effectively handle and promptly identify these attacks, IDS systems based on Deep Learning
algorithms prove to be highly effective in efficiently processing large volumes of data to detect any
malicious activity.
❖ Deep learning-based IDS systems are capable of analyzing all network activities to identify any suspicious
behavior.
❖ The main focus of the system is to improve the detection rate of the IDS by minimizing false negatives
and false positives.
❖ Through the conducted experiments, it was observed that the DL model ANN achieved the lowest
accuracy value, whereas the CNN 1D classifier achieved the highest average accuracy rate.
 INTRODUCTION:
❖ The development of fifth-generation (5G) mobile communication technology has resulted in a wider
range of access environments and the establishment of distributed networks.
❖ The increased diversity of access points has also expanded the potential vulnerabilities, making
network systems more susceptible to threats. In addition, cyber-attack techniques have become more
complex and frequent, highlighting the critical importance of cybersecurity.
❖ One of the key challenges in cybersecurity is identifying these threats, and recent research in the field
of network intrusion detection systems (NIDSs) has focused on integrating artificial intelligence (AI)
technology. This integration has led to significant advancements in performance, with initial efforts
concentrating on traditional machine learning models such as decision trees (DTs) and support vector
machines (SVMs).
❖ However, the current emphasis is on deep learning methodologies like convolution neural networks
(CNNs), long short-term memory (LSTM), and auto encoders.
 LITERATURE SURVEY
TITLE: Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey
AUTHOR: honguy lue and bea loan
ABSTRACT:
❖ Networks play important roles in modern life, and cyber security has become a vital research area.
An intrusion detection system (IDS) which is an important cyber security technique, monitors the
state of software and hardware running in the network.
❖ Machine learning methods can automatically discover the essential differences between normal data
and abnormal data with high accuracy. In addition, machine learning methods have strong
generalizability, so they are also able to detect unknown attacks.
❖ Deep learning is a branch of machine learning, whose performance is remarkable and has become a
research hotspot. This survey proposes a taxonomy of IDS that takes data objects as the main
dimension to classify and summarize machine learning-based and deep learning-based IDS literature.
❖ We believe that this type of taxonomy framework is fit for cyber security researchers. The survey
first clarifies the concept and taxonomy of IDSs. Then, the machine learning algorithms frequently
used in IDSs, metrics, and benchmark datasets are introduced.
❖ Next, combined with the representative literature, we take the proposed taxonomic system as a
baseline and explain how to solve key IDS issues with machine learning and deep learning
techniques.
TITLE: Evaluation of Machine Learning Algorithms for Intrusion Detection System
AUTHORS: Mohammad Almseidin, MaenAlzubi, Szilveszter Kovacs and
MouhammdAlkasassbeh

❖ Intrusion detection system (IDS) is one of the implemented solutions against harmful attacks.
Furthermore, attackers always keep changing their tools and techniques.
❖ However, implementing an accepted IDS system is also a challenging task.
❖ In this paper, several experiments have been performed and evaluated to assess various machine
learning classifiers based on KDD intrusion dataset.
❖ It succeeded to compute several performance metrics in order to evaluate the selected classifiers. The
focus was on false negative and false positive performance metrics in order to enhance the detection
rate of the intrusion detection system.
❖ The implemented experiments demonstrated that the decision table classifier achieved the lowest
value of false negative while the random forest classifier has achieved the highest average accuracy
rate.
 TITLE: Enhancing Network Intrusion Detection Model Using Machine Learning
Algorithms
AUTHORS: Youngsoo Kim; Jong-Geun Park
❖ After the digital revolution, large quantities of data have been generated with time through various
networks. The networks have made the process of data analysis very difficult by detecting attacks
using suitable techniques.
❖ While Intrusion Detection Systems (IDSs) secure resources against threats, they still face challenges
in improving detection accuracy, reducing false alarm rates, and detecting the unknown ones.
❖ This paper presents a framework to integrate data mining classification algorithms and association
rules to implement network intrusion detection.
❖ Several experiments have been performed and evaluated to assess various machine learning classifiers
based on the KDD99 intrusion dataset. Our study focuses on several data mining algorithms such as;
naïve Bayes, decision trees, support vector machines, decision tables, k-nearest neighbor algorithms,
and artificial neural networks.
❖ Moreover, this paper is concerned with the association process in creating attack rules to identify
those in the network audit data, by utilizing a KDD99 dataset anomaly detection. The focus is on false
negative and false positive performance metrics to enhance the detection rate of the intrusion
detection system. The implemented experiments compare the results of each algorithm and
demonstrate that the decision tree is the most powerful algorithm as it has the highest accuracy
(0.992) and the lowest false positive rate (0.009).
TITLE: Prediction of Denial of Service Attack using Machine Learning Algorithms
AUTHORS: Hyunjin Kim; Dowon Hong
ABSTRACT:
❖ DDoS attack is one of the significant security threats in today’s Internet world. The main intention of
the network thread is to make the resource unavailable such as flooding attacks.
❖ Here, Machine learning algorithms have been used for detecting DDoS attacks. Generally, the
success of any algorithm has depended on the selection of appropriate data sets and the identification
of attack parameters.
❖ The KDD-CUP dataset has been taken for a detail investigation of the DDoS attack. The K-nearest
neighbor, ID3, Naive Bayes and C4.5 algorithms are compared in a single platform concluding with
the positives with Naive Bayes.
❖ The main objective of the paper is to compare and predict the error rate, computation time, Accuracy
of the algorithms using the Tanagra tool.
❖ Finally, these correlative algorithms have been compared and verified through experimental
verification and graphical representation.
Prediction of DDoSAttacksusing Machine Learning and Deep Learning Algorithms
AUTHOR: Cheolhee Park

ABSTRACT:
❖ With the emergence of network-based computing technologies like Cloud Computing, Fog
Computing and IoT (Internet of Things), the context of digitizing the confidential data over the
network is being adopted by various organizations where the security of that sensitive data is
considered as a major concern.
❖ Over a decade there is a massive growth in the usage of internet along with the technological
advancements that demand the need for the development of efficient security algorithms that could
withstand various patterns of the security breaches.
❖ The DDoS attack is the most significant network-based attack in the domain of computer security
that disrupts the internet traffic of the target server.
❖ This study mainly focuses to identify the advancements and research gaps in the development of
efficient security algorithms addressing DDoS attacks in various ubiquitous network environments
 EXISTING SYSTEM
The existing system uses different approaches to counter Intrusion detection like CAPTCHA puzzle
which offers a simple approach for attack mitigation but its ineffective shown by recent studies. Other
models are as follows:
❖ A digital signature for network flow investigation using meta-heuristic methods was created to
investigate the abnormal traffic which showed the improved accuracy in the DDoS detection but the
model failed to detect normal DoS attacks.
❖ Another technique called SeVen based on the Adaptive Selective Verification which is used to counter
network layer Intrusion detection. The technique works on the concept of the notion of a state but the
application layer Intrusion detection do not possess a notion of state. This mechanism automatically
fails against HTTP Post Flooding attack because the enormous amount of reflectors are used to send
payloads.
 PROPOSED SYSTEM
❖ The proposed system pioneers an Deep learning-based network intrusion detection framework,
amalgamating diverse machine learning models lik ANN, CNN, and LSTM to enhance threat
identification.
❖ This system aims to aggregate the strengths of multiple algorithms, mitigating individual model
weaknesses.
❖ By leveraging Deep learning techniques, it seeks to bolster detection accuracy, adaptability to
evolving threats, and resilience against adversarial attacks.
❖ Emphasizing ensemble diversity and consensus decision-making, it aims to minimize false positives
and effectively handle intricate network behaviors.
❖ The goal is to create a robust, versatile, and collaborative system capable of preemptively identifying
and countering emerging cyber threats in complex network environments.
ARCHITECTURE FOR PROPOSED SYSTEM:
 SOFTWARE SPECIFICATION
HARDWARE REQUIREMENTS

❖ PROCESSOR : Intel I5
❖ RAM : 4GB
❖ HARD DISK : 500 GB
SOFTWARE REQUIREMENTS

❖ PYTHON IDE : Anaconda, Jupyter Notebook

❖ PROGRAMMING LANGUAGE : Python
 MODULE DESCRIPTION
DATA LOADING
❖ Data loading involves moving data from different sources to a specific destination for storage,
analysis, or additional processing.
❖ This step is crucial in managing data and analytics pipelines. Data loading includes copying and
transferring data from a source file, folder, or application to a database or similar platform.
❖ The process usually consists of copying digital data from a source and pasting or loading it into a data
storage or processing tool.
❖ Data loading is commonly utilized in database extraction and loading methods, where the data is
often transformed into a different format upon reaching the destination application
DATA PREPROCESSING
❖ In order to ensure that all algorithms could effectively process the data, missing values were filled in.
However, certain algorithms like XGBoost could handle missing values without the need for
imputation.
❖ To simplify the comparison process, missing values were imputed according to their data type.
❖ Numerical missing entries were substituted with the median value of complete entries, while
categorical missing entries were replaced with the mode value of complete entries.
Data cleaning
❖ The data is subjected to cleaning in this module. Following the cleaning process, the data is organized
based on specific criteria, which is referred to as data clustering.
❖ Subsequently, an examination is conducted to determine if there are any missing values within the
dataset. If any missing values are identified, they are replaced with a default value.
❖ Furthermore, if any data requires a format change, it is carried out. This entire procedure, prior to
making predictions, is known as data pre-processing. Once completed, the data is utilized for
prediction and forecasting purposes.
DATA SPLITTING
❖ In every trial, the dataset was divided into a 70% training set and a 30% test set.
❖ The training set was utilized for resampling, hyperparameter tuning, and model training, whereas the
test set was employed to evaluate the model's performance.
❖ To maintain consistency in data splitting, a random seed (any random number) was specified during
the process.
❖ This ensured that the data split remained the same each time the program ran.
DATA TRAINING
❖ Training data for data intrusion detection involves using historical data to educate machine learning or
statistical models on identifying patterns related to normal system behavior and potential intrusions.
❖ Algorithms gain knowledge from data, establishing connections, forming insights, making judgments,
and assessing their certainty based on the training data provided.
❖ The effectiveness of the model greatly depends on the quality and quantity of the training data,
playing a crucial role in the success of any data project alongside the algorithms utilized.
SYSTEM DESIGN
USECASE DIAGRAM
CLASS DIAGRAM
SEQUENCE DIAGRAM
ACTIVITY DIAGRAM
DATA FLOW DIAGRAM
 ALGORITHMS
LONG SHORT TERM MEMORY
❖ LSTM, also known as Long Short-Term Memory, is a deep learning network specifically designed for
handling time series or sequential data.
❖ It is an advanced form of Recurrent Neural Network that excels at retaining information over long
periods, enabling it to capture long-term dependencies.
❖ While RNN can also retain information, they are limited to shorter time periods and struggle to
remember long-term dependencies.
❖ LSTM was developed to overcome this limitation in RNN. It consists of three gates: the forget gate,
which determines whether to retain or discard information from the previous time step; the input gate,
which learns relevant information from the input; and the output gate,which transfers updated
information to the next time step.
ARTIFICIAL NEURAL NETWORK (ANN)
❖ An artificial neural network (ANN) is a computational model inspired by the functioning of nerve
cells in the human brain. ANNs employ learning algorithms that autonomously adjust their behavior
as they receive new input, making them effective for non-linear statistical data modeling. Deep
learning ANNs are crucial in machine learning (ML) and support broader artificial intelligence (AI)
technologies.
❖ An artificial neural network typically comprises three or more interconnected layers. The initial layer
contains input neurons, which transmit data to deeper layers, culminating in the final output layer. The
intermediate layers, termed hidden layers, process information adaptively through transformations.
❖ Each layer acts as both input and output, enabling the ANN to comprehend complex objects. Units
within the hidden layers learn by weighting information based on internal guidelines, producing
transformed outputs for subsequent layers. Backpropagation, a learning process, enables the ANN to
adjust its outputs by considering errors. During supervised training, errors are propagated backward,
and weights are updated accordingly to minimize discrepancies between desired and actual outcomes.
❖ Training ANNs involves selecting appropriate models and associated algorithms. One of the main
advantages of ANNs is their ability to learn from data observations, serving as effective tools for
function approximation and cost-effective solution estimation. ANNs analyze data samples rather than
entire sets, saving time and resources. They find applications in various domains, including predictive
analytics, spam detection, natural language processing, and more.
MODEL ACCURACY
 CONCLUSION
❖ This paper presented the as number of devices used to access internet increases day by day the danger
of Intrusion detection also increases at an alarming rate.
❖ Most of the current systems such as IPS and IDS, which are used to detect and prevent Intrusion
detection, are not able to detect and prevent attacks that have new signatures or attacks which haven’t
been identified.
❖ Thus, therefore, the use of machine learning and pattern recognition comes into place to give the
systems like IDS or IPS to analyze new forms of Intrusion detection and prevent it without being
intervened by a user.
❖ Algorithms such as, ANN and LSTM helps to classify and cluster the packets inbound to the
network.
❖ This paper in depth focuses on identifying Intrusion detection based on UDP Flooding, but classifying
other types of Intrusion detection such as TCP Flood, ICMP Flood, Smurf attack and HTTP Flood can
be researched later as future works.