doiSerbia

RESNETCNN: An abnormal network traffic flows detection model

Li Yimin (College of Information Engineering, Shanghai Maritime University, Shanghai, China), 202130310117@stu.shmtu.edu.cn
Han Dezhi (College of Information Engineering, Shanghai Maritime University, Shanghai, China), dzhan@shmtu.edu.cn
Cui Mingming (College of Information Engineering, Shanghai Maritime University, Shanghai, China), mmcui @stu.shmtu.edu.cn
Yuan Fan (Hangzhou Anheng Information Technology Co., LTD, Hangzhou, China), frank.fan@dbappsecurity.com.cn
Zhou Yachao (Hangzhou Anheng Information Technology Co., LTD, Hangzhou, China), anna.zhou@dbappsecurity.com.cn

Intrusion detection is an important means to protect system security by detecting intrusions or intrusion attempts on the system through operational behaviors, security logs, and data audit. However, existing intrusion detection systems suffer from incomplete data feature extraction and low classification accuracy, which affects the intrusion detection effect. To this end, this paper proposes an intrusion detection model that fuses residual network (RESNET) and parallel crossconvolutional neural network, called RESNETCCN. RESNETCNN can efficiently learn various data stream features through the fusion of deep learning and convolutional neural network (CNN), which improves the detection accuracy of abnormal data streams in unbalanced data streams, moreover, the oversampling method into the data preprocessing, to extract multiple types of unbalanced data stream features at the same time, effectively solving the problems of incomplete data feature extraction and low classification accuracy of unbalanced data streams. Finally, three improved versions of RESNETCNN networks are designed to meet the requirements of different traffic data processing, and the highest detection accuracy reaches 99.98% on the CICIDS 2017 dataset and 99.90% on the ISCXIDS 2012 dataset.

Keywords: Intrusion detection, RESNETCNN, Deep learning