Research Area:  Machine Learning
In recent years, with the increase of human activities in cyberspace, intrusion events, such as network penetration, detection and attack, tend to be frequent and hidden. The traditional intrusion detection methods which prefer rules are not enough to deal with the increasingly complex network intrusion flow. However, the generalization ability of intrusion detection system based on classical machine learning method is still insufficient, and the false alarm rate is high. Aiming at this problem, we consider that normal network traffic and intrusion network traffic are obviously different in several semantic dimensions, though the intrusion traffic is more and more covert. Then we propose a new intrusion detection method, named SRDLM, based on semantic re-encoding and deep learning. The SRDLM method re-encodes the semantics of network traffic, increases the distinguish ability of traffic, and enhances the generalization ability of the algorithm by using deep learning technology, thus effectively improving the accuracy and robustness of the algorithm. The accuracy of the SRDLC algorithm for Web character injection network attack detection is over 99%. When detecting the NSL-KDD data set, the average performance is improved by more than 8% compared with the traditional machine learning method.
Author(s) Name:  Zhendong Wu, Jingjing Wang, Liqin Hu, Zhang Zhang, Han Wu
Journal name:  Journal of Network and Computer Applications
Publisher name:  Elsevier
Volume Information:  Volume 164, 15 August 2020, 102688
Paper Link:   https://www.sciencedirect.com/science/article/abs/pii/S1084804520301624